|
|
 |
| |
|
|
|
A biometric-based Password Authentication with key Exchange Scheme using Mobile Device for Multi-Server Environment |
|
|
|
PP: 1123-1137 |
|
|
|
Author(s) |
|
|
|
Xuelei Li,
Qiaoyan Wen,
Wenmin Li,
Hua Zhang,
Zhengping Jin,
|
|
|
|
Abstract |
|
|
| Remote authentication for multi-server environment can help users register only once and access arbitrary services
conveniently in the same registry realm. However, most of the solutions are plagued by security problems. In this paper, we point
out that ‘a novel smart card and dynamic ID based remote user authentication scheme for multi-server environment’ is vulnerable
to user impersonation attack, server masquerade attack and cannot achieve forward secrecy. Therefore, by introducing biometrics as
the third authentication factor, we devise an enhanced three-factor based remote authentication with key agreement scheme for multiserver
environment. In our designation, we combine the technologies of Client Puzzle, Fuzzy Extractor, message authentication code
(MAC) and Diffie-Hellman key exchange. Moreover, our proposal not only maintains the advantages of the original, but also preserves
user privacy with optional access mode. Meanwhile, it can be also reduced to two-factor based scheme with less security properties
for specific applications. Finally, the proposed scheme is proved to work correctly through BAN-Logic, and the security analysis and
performance cost are discussed to show that our proposal is more secure, robust and practical. |
|
|
|
|
|
|
|
