Robust elliptic curve cryptography-based three factor user authentication providing privacy of biometric data

Author

Hsiu-Lien Yeh ; Tien-Ho Chen ; Kuei-Jung Hu ; Wei-Kuan Shih

Author_Institution

Inst. of Inf. Syst. & Applic., Nat. Tsing Hua Univ., Hsinchu, Taiwan

Volume

7

Issue

3

fYear

2013

fDate

Sept. 2013

Firstpage

247

Lastpage

252

Abstract

Recently, to achieve privacy protection using biometrics, Fan and Lin proposed a three-factor authentication scheme based on password, smart card and biometrics. However, the authors have found that Fan and Lin´s proposed scheme (i) has flaws in the design of biometrics privacy, (ii) fails to maintain a verification table, making it vulnerable to stolen-verifier attack and modification attack, and (iii) is vulnerable to insider attacks. Thus, the authors propose an elliptic curve cryptography-based authentication scheme that is improved with regard to security requirements. The authors´ proposed scheme overcomes the flaws of Fan and Lin´s scheme and is secured from attacks. Furthermore, the authors have presented a security analysis of their scheme to show that their scheme is suitable for the biometric systems.

Keywords

authorisation; biometrics (access control); data privacy; public key cryptography; Fan-Lin proposed scheme; biometric data privacy; biometrics privacy design; biometrics-based three-factor authentication scheme; modification attack; password-based three-factor authentication scheme; robust elliptic curve cryptography-based three factor user authentication; security requirements; smart card-based three-factor authentication scheme; stolen-verifier attack; verification table;

fLanguage

English

Journal_Title

Information Security, IET

Publisher

iet

ISSN

1751-8709

Type

jour

DOI

10.1049/iet-ifs.2011.0348

Filename

6587881