An efficient generic framework for three-factor authentication with provably secure instantiation

IEEE Transactions on Information Forensics and Security

Volumn 9, Issue 12, 2014, Pages 2302-2313

  Yu, Jiangshan ^a   Wang, Guilin ^b   Mu, Yi ^c   Gao, Wei ^d  

^a UNIVERSITY OF BIRMINGHAM   (United Kingdom)

^b Huawei International Pte Ltd   (Singapore)

^c UNIVERSITY OF WOLLONGONG   (Australia)

^d LUDONG UNIVERSITY   (China)

Author keywords

Authentication; biometrics; password; privacy; security; smart card

Indexed keywords

AUTHENTICATION; BIOMETRICS; DATA PRIVACY; NETWORK SECURITY; SMART CARDS;

AUTHENTICATION SCHEME; DISTRIBUTED SYSTEMS; GENERIC FRAMEWORKS; IMPLEMENTATION ANALYSIS; PASSWORD; REMOTE AUTHENTICATION; SECURITY; TWO FACTOR AUTHENTICATION;

CRYPTOGRAPHY;

EID: 84911059606     PISSN: 15566013     EISSN: None     Source Type: Journal    
DOI: 10.1109/TIFS.2014.2362979     Document Type: Article

References (47)

1. A. K. Jain, A. Ross, and S. Pankanti, "Biometrics: A tool for information security," IEEE Trans. Inf. Forensics Security, vol. 1, no. 2, pp. 125-143, Jun. 2006.
2. J. Yu, G. Wang, and Y. Mu, "Provably secure single sign-on scheme in distributed systems and networks," in Proc. IEEE 11th TrustCom, Jun. 2012, pp. 271-278.
3. G. Wang, J. Yu, and Q. Xie, "Security analysis of a single sign-on mechanism for distributed computer networks," IEEE Trans. Ind. Informat., vol. 9, no. 1, pp. 294-302, Feb. 2013.
4. L. Lamport, "Password authentication with insecure communication," Commun. ACM, vol. 24, no. 11, pp. 770-772, Nov. 1981.
5. C.-C. Chang and T.-C. Wu, "Remote password authentication with smart cards," IEE Proc.-E Comput. Digital Techn., vol. 138, no. 3, pp. 165-168, May 1991.
6. A. Juels and M. Wattenberg, "A fuzzy commitment scheme," in Proc. 6th ACM CCS, 1999, pp. 28-36.
7. V. Matyas, Jr., and Z. Ríha, "Toward reliable user authentication through biometrics," IEEE Security Privacy, vol. 1, no. 3, pp. 45-49, May/Jun. 2003.
8. Z. Siddiqui, A.-H. Abdullah, M. K. Khan, and A. S. Alghamdi, "Smart environment as a service: Three factor cloud based user authentication for telecare medical information system," J. Med. Syst., vol. 38, no. 1, pp. 1-14, 2014.
9. W.-H. Yang and S.-P. Shieh, "Password authentication schemes with smart cards," Comput. Security, vol. 18, no. 8, pp. 727-733, 1999.
10. L. Fan, J.-H. Li, and H.-W. Zhu, "An enhancement of timestamp-based password authentication scheme," Comput. Security, vol. 21, no. 7, pp. 665-667, 2002.
11. J.-J. Shena, C.-W. Linb, and M.-S. Hwang, "Security enhancement for the timestamp-based password authentication scheme using smart cards," Comput. Security, vol. 22, no. 7, pp. 591-595, 2003.
12. C.-C. Yanga, R.-C. Wang, and T.-Y. Chang, "An improvement of the Yang-Shieh password authentication schemes," Appl. Math. Comput., vol. 162, no. 3, pp. 1391-1396, 2005.
13. E.-J. Yoon, W.-H. Kim, and K.-Y. Yoo, "Security enhancement for password authentication schemes with smart cards," in Proc. TrustBus, 2005, pp. 311-320.
14. C.-K. Chan and L.-M. Cheng, "Cryptanalysis of timestamp-based password authentication scheme," Comput. Security, vol. 21, no. 1, pp. 74-76, 2002.
15. G. Wang and F. Bao, "Cryptanalysis of timestamp-based password authentication schemes using smart cards," in Proc. ICICS, 2006, pp. 399-409.
16. H.-S. Kim, S.-W. Lee, and K.-Y. Yoo, "ID-based password authentication scheme using smart cards and fingerprints," SIGOPS Oper. Syst. Rev., vol. 37, no. 4, pp. 32-41, Oct. 2003.
17. M. Scott, "Cryptanalysis of an ID-based password authentication scheme using smart cards and fingerprints," SIGOPS Oper. Syst. Rev., vol. 38, no. 2, pp. 73-75, Apr. 2004.
18. U. Uludag, S. Pankanti, A. K. Jain, and S. Prabhakar, "Biometric cryptosystems: Issues and challenges," Proc. IEEE, vol. 92, no. 6, pp. 948-960, Jun. 2004.
19. A. K. Jain and D. Maltoni, Handbook of Fingerprint Recognition. Secaucus, NJ, USA: Springer-Verlag, 2003.
20. A. Bhargav-Spantzel, A. C. Squicciarini, and E. Bertino, "Privacy preserving multi-factor authentication with biometrics," in Proc. Digital Identity Manage., 2006, pp. 63-72.
21. A. Bhargav-Spantzel, A. C. Squicciarini, S. K. Modi, M. Young, E. Bertino, and S. J. Elliott, "Privacy preserving multi-factor authentication with biometrics," J. Comput. Security, vol. 15, no. 5, pp. 529-560, 2007.
22. T. P. Pedersen, "Non-interactive and information-theoretic secure verifiable secret sharing," in Advances in Cryptology. Berlin, Germany: Springer-Verlag, 1991, pp. 129-140.
23. C.-I. Fan and Y.-H. Lin, "Provably secure remote truly three-factor authentication scheme with privacy protection on biometrics," IEEE Trans. Inf. Forensics Security, vol. 4, no. 4, pp. 933-945, Dec. 2009.
24. X. Sun, H. Wang, J. Li, and Y. Zhang, "Satisfying privacy requirements before data anonymization," Comput. J., vol. 55, no. 4, pp. 422-437, 2012.
25. L. A. Dunning and R. Kresman, "Privacy preserving data sharing with anonymous ID assignment," IEEE Trans. Inf. Forensics Security, vol. 8, no. 2, pp. 402-413, Feb. 2013.
26. C.-T. Li and M.-S. Hwang, "An efficient biometrics-based remote user authentication scheme using smart cards," J. Netw. Comput. Appl., vol. 33, no. 1, pp. 1-5, Jan. 2010.
27. X. Li, J.-W. Niu, J. Ma, W.-D. Wang, and C.-L. Liu, "Cryptanalysis and improvement of a biometrics-based remote user authentication scheme using smart cards," J. Netw. Comput. Appl., vol. 34, no. 1, pp. 73-79, 2011.
28. A. K. Das, "Cryptanalysis and further improvement of a biometric-based remote user authentication scheme using smart cards," Int. J. Netw. Security Appl., vol. 3, no. 2, pp. 13-28, 2011.
29. X. Huang, Y. Xiang, A. Chonka, J. Zhou, and R. H. Deng, "A generic framework for three-factor authentication: Preserving security and privacy in distributed systems," IEEE Trans. Parallel Distrib. Syst., vol. 22, no. 8, pp. 1390-1397, Aug. 2011.
30. Y. Dodis, L. Reyzin, and A. Smith, "Fuzzy extractors: How to generate strong keys from biometrics and other noisy data," in Advances in Cryptology. Berlin, Germany: Springer-Verlag, 2004, pp. 523-540.
31. Y. Wu and B. Qiu, "Transforming a pattern identifier into biometric key generators," in Proc. IEEE ICME, Jul. 2010, pp. 78-82.
32. D. He, M. Ma, Y. Zhang, C. Chen, and J. Bu, "A strong user authentication scheme with smart cards for wireless communications," Comput. Commun., vol. 34, no. 3, pp. 367-374, 2011.
33. A. Nagar, K. Nandakumar, and A. K. Jain, "Securing fingerprint template: Fuzzy vault with minutiae descriptors," in Proc. 19th Int. Conf. Pattern Recognit., Dec. 2008, pp. 1-4.
34. T. C. Clancy, N. Kiyavash, and D. J. Lin, "Secure smartcardbased fingerprint authentication," in Proc. ACM Workshop Biometrics, Methods Appl., 2003, pp. 45-52.
35. K. Nandakumar, A. K. Jain, and S. Pankanti, "Fingerprint-based fuzzy vault: Implementation and performance," IEEE Trans. Inf. Forensics Security, vol. 2, no. 4, pp. 744-757, Dec. 2007.
36. U. Uludag and A. Jain, "Securing fingerprint template: Fuzzy vault with helper data," in Proc. CVPR Workshop, Jun. 2006, p. 163.
37. A. Juels and M. Sudan, "A fuzzy vault scheme," in Proc. IEEE Int. Symp. Inf. Theory (ISIT), Jul. 2002, p. 408.
38. J. Feng, "Combining minutiae descriptors for fingerprint matching," Pattern Recognit., vol. 41, no. 1, pp. 342-352, 2008.
39. A. Teoh and S. O. Thian, "Secure biometric template protection via randomized dynamic quantization transformation," in Proc. IEEE Int. Symp. Biometrics Security Technol., Apr. 2008, pp. 1-6.
40. W. Sheng, G. Howells, M. Fairhurst, and F. Deravi, "Template-free biometric-key generation by means of fuzzy genetic clustering," IEEE Trans. Inf. Forensics Security, vol. 3, no. 2, pp. 183-191, Jun. 2008.
41. G. Yang, D. S. Wong, H. Wang, and X. Deng, "Two-factor mutual authentication based on smart cards and passwords," J. Comput. Syst. Sci., vol. 74, no. 7, pp. 1160-1172, Nov. 2008.
42. M. Bellare and P. Rogaway, "Entity authentication and key distribution," in Advances in Cryptology. Berlin, Germany: Springer-Verlag, 1993, pp. 232-249.
43. R. Canetti and H. Krawczyk, "Analysis of key-exchange protocols and their use for building secure channels," in Advances in Cryptology. Berlin, Germany: Springer-Verlag, 2001, pp. 453-474.
44. M. Bellare, D. Pointcheval, and P. Rogaway, "Authenticated key exchange secure against dictionary attacks," in Advances in Cryptology. Berlin, Germany: Springer-Verlag, 2000, pp. 139-155.
45. J. Xu, W.-T. Zhu, and D.-G. Feng, "An improved smart card based password authentication scheme with provable security," Comput. Standards Inter., vol. 31, no. 4, pp. 723-728, 2009.
46. J. Xu, W.-T. Zhu, and W. Jin, "A generic framework for constructing cross-realm C2C-PAKA protocols based on the smart card," Concurrency Comput., Pract. Exper., vol. 23, no. 12, pp. 1386-1398, 2011.
47. S. Goldwasser, S. Micali, and R. L. Rivest, "A digital signature scheme secure against adaptive chosen-message attacks," SIAM J. Comput., vol. 17, no. 2, pp. 281-308, 1988.