A new three-factor authentication and key agreement protocol for multi-server environment
- PDF / 820,593 Bytes
- 12 Pages / 595.276 x 790.866 pts Page_size
- 37 Downloads / 191 Views
(0123456789().,-volV)(0123456789(). ,- volV)
A new three-factor authentication and key agreement protocol for multi-server environment T. Sudhakar1 • V. Natarajan2
Springer Science+Business Media, LLC, part of Springer Nature 2019
Abstract Several password and smart-card based two-factor security remote user authentication protocols for multi-server environment have been proposed for the last two decades. Due to tamper-resistant nature of smart cards, the security parameters are stored in it and it is also a secure place to perform authentication process. However, if the smart card is lost or stolen, it is possible to extract the information stored in smart card using power analysis attack. Hence, the two factor security protocols are at risk to various attacks such as password guessing attack, impersonation attack, replay attack and so on. Therefore, to enhance the level of security, researchers have focused on three-factor (Password, Smart Card, and Biometric) security authentication scheme for multi-server environment. In existing biometric based authentication protocols, keys are generated using fuzzy extractor in which keys cannot be renewed. This property of fuzzy extractor is undesirable for revocation of smart card and re-registration process when the smart card is lost or stolen. In addition, existing biometric based schemes involve public key cryptosystem for authentication process which leads to increased computation cost and communication cost. In this paper, we propose a new multi-server authentication protocol using smart card, hash function and fuzzy embedder based biometric. We use Burrows–Abadi–Needham logic to prove the correctness of the new scheme. The security features and efficiency of the proposed scheme is compared with recent schemes and comparison results show that this scheme provides strong security with a significant efficiency. Keywords Authentication BAN logic Biometric Multi-server environment Smart card Three-factor security
1 Introduction Authentication is one of the most important security goal for secure communication through insecure channel such as Internet. Particularly in multi-server environment, user credentials are used to access online services from various remote servers. Those user credentials should be preserved from the adversaries. The solution is to run mutually authenticated key agreement protocol between user and server. To achieve this, several remote user authentication & T. Sudhakar [email protected] V. Natarajan [email protected] 1
Department of Computer Technology, MIT Campus, Anna University, Chennai, India
2
Department of Instrumentation Engineering, MIT Campus, Anna University, Chennai, India
protocols have been proposed starting with Lamport’s [1] password authentication protocol. The password authentication was the easiest and most suitable way to authenticate a user from remote servers. However, such schemes were not safe to insider attack and stolen verifier attack once the password file stored in the server is compromised. T
Data Loading...