An Efficient Generic Framework for Three-Factor Authentication With Provably Secure Instantiation

Author

Jiangshan Yu ; Guilin Wang ; Yi Mu ; Wei Gao

Author_Institution

Dept. of Comput. Sci., Univ. of Birmingham, Birmingham, UK

Volume

9

Issue

12

fYear

2014

fDate

Dec. 2014

Firstpage

2302

Lastpage

2313

Abstract

Remote authentication has been widely studied and adapted in distributed systems. The security of remote authentication mechanisms mostly relies on one of or the combination of three factors: 1) something users know-password; 2) something users have-smart card; and 3) something users are-biometric characteristics. This paper introduces an efficient generic framework for three-factor authentication. The proposed generic framework enhances the security of existing two-factor authentication schemes by upgrading them to three-factor authentication schemes, without exposing user privacy. In addition, we present a case study by upgrading a secure two-factor authentication scheme to a secure three-factor authentication scheme. Furthermore, implementation analysis, formal proof, and privacy discussion are provided to show that the derived scheme is practical, secure, and privacy preserving.

Keywords

biometrics (access control); data privacy; message authentication; smart cards; biometric characteristics; distributed system; generic framework; password; provably secure instantiation; remote authentication mechanism; smart card; three-factor authentication; two-factor authentication scheme; user privacy; Authentication; Biometrics (access control); Feature extraction; Privacy; Security; Smart cards; Authentication; biometrics; password; privacy; security; smart card;

fLanguage

English

Journal_Title

Information Forensics and Security, IEEE Transactions on

Publisher

ieee

ISSN

1556-6013

Type

jour

DOI

10.1109/TIFS.2014.2362979

Filename

6923423