Anti-Synchronization And Robust Authentication For Noisy Puf-Based Smart Card

Smart card is indispensable part in our daily life, which brings us many conveniences including e-commerce and m-commerce service. However, because of the limited computation resource, the remote authentication between smart card and server is vulnerable to be attacked over insecure communication channel. Until now, many authentication schemes are proposed with their own pros and cons. Note that most of them are based on Elliptic curve cryptography, which are vulnerable to the card lose attack and desynchronization attack, where some schemes add a random number in verifier-value to resist the card lose attack and store both the old and new pseudo-identities between authenticator and the corresponding authenticated party to withstand desynchronization attack. However, the random number stored in card memory can be extracted and the new conversation may be blindly blocked by adversary. Hence, in this paper, we propose a novel authentication protocol that can utilize physical unclonable function (PUF) and elliptic curve cryptography (ECC) to protect the random number and support offline updating if online updating is blocked, which can be proven safe in formal security analysis. Meanwhile, we also introduce the robust PUF to prevent the modification of help data. Finally, our scheme is efficient by comparing with other related schemes in computation and communication overhead.