Automatic Verification of Password-Based Authentication Protocols Using Smart Card

Password-based authentication protocols attempt to establish mutual authentication in remote access control and other applications in computer networks. However, up to now, most of their security properties are not rigidly proved, but informally discussed or declared. And this has been the main problem during protocol design and application. In this paper, we study the automatic way for the verification of password-based authentication protocols based on a horn clause based model of the protocol. The applied pi calculus is a formalism for modeling such protocols, allows us to verify properties with automatic tools, and to rely on manual proof techniques for cases where automatic tools are unable to handle. We model Song´s advanced smart based password authentication protocol, a known protocol for password-based authentication, in the applied pi calculus, formalize the mutual authentication property as correspondence between events. We use the Prove if tool to prove that the property is satisfied. Other security properties can also be verified in the same way.