A Provable Security Biometric Password Multi-server Authentication Scheme with Smart Card

In this paper, a new biometric password multi-server authentication scheme with smart card is proposed. To the best knowledge of us, this is the first biometric password authentication scheme which can be used in the multi-server environment and the distributed network. This scheme combines the advantages of password and biometrics, which can strengthen the protocol’s securities and has properties as mutual authentication, key agreement. Henceforth, it is more secure than the schemes in existence. This scheme can be proven secure in the random oracle model.

[1]  Yevgeniy Dodis,et al.  Fuzzy Extractors: How to Generate Strong Keys from Biometrics and Other Noisy Data , 2004, EUROCRYPT.

[2]  Leslie Lamport,et al.  Password authentication with insecure communication , 1981, CACM.

[3]  Jia-Lun Tsai,et al.  Efficient multi-server authentication scheme based on one-way hash function without verification table , 2008, Comput. Secur..

[4]  Eun-Jun Yoon,et al.  Biometrics Authenticated Key Agreement Scheme , 2006, NGITS.

[5]  Wen-Shenq Juang,et al.  Efficient multi-server password authenticated key agreement using smart cards , 2004, IEEE Transactions on Consumer Electronics.

[6]  Wen-Yuan Liao,et al.  A remote password authentication scheme based upon ElGamal's signature scheme , 1994, Comput. Secur..

[7]  I. C. Lin,et al.  (IEEE Transactions on Neural Networks,12(6):1498-1504)A Remote Password Authentication Scheme for Multi-Server Architecture Using Neural Network , 2001 .

[8]  Jonathan Katz,et al.  Robust Fuzzy Extractors and Authenticated Key Agreement from Close Secrets , 2006, CRYPTO.

[9]  Xavier Boyen,et al.  Reusable cryptographic fuzzy extractors , 2004, CCS '04.

[10]  Hung-Yu Chien,et al.  A modified remote login authentication scheme based on geometric approach , 2001, J. Syst. Softw..

[11]  Rafail Ostrovsky,et al.  Secure Remote Authentication Using Biometric Data , 2005, EUROCRYPT.

[12]  Wei-Bin Lee,et al.  An enhanced user authentication scheme for multi-server Internet services , 2005, Appl. Math. Comput..

[13]  Jing Xu,et al.  Improvement of a Fingerprint-Based Remote User Authentication Scheme , 2008, 2008 International Conference on Information Security and Assurance (isa 2008).

[14]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[15]  Gwoboa Horng,et al.  Secure SAS-like password authentication schemes , 2004, Comput. Stand. Interfaces.

[16]  Hung-Yu Chien,et al.  An Efficient and Practical Solution to Remote Authentication: Smart Card , 2002, Comput. Secur..

[17]  C.-C.,et al.  Remote password authentication with smart cards , 2004 .

[18]  Xiaoping Wu,et al.  Cryptanalysis of a Remote User Authentication Scheme Using Smart Cards , 2009, 2009 5th International Conference on Wireless Communications, Networking and Mobile Computing.

[19]  Amit K. Awasthi,et al.  A remote user authentication scheme using smart cards with forward secrecy , 2003, IEEE Trans. Consumer Electron..

[20]  Mihir Bellare,et al.  Authenticated Key Exchange Secure against Dictionary Attacks , 2000, EUROCRYPT.

[21]  Ueli Maurer,et al.  The Diffie–Hellman Protocol , 2000, Des. Codes Cryptogr..

[22]  Yixian Yang,et al.  An Efficient Multi-server Password Authenticated Key Agreement Scheme Using Smart Cards , 2007, 2007 International Conference on Multimedia and Ubiquitous Engineering (MUE'07).

[23]  Shuenn-Shyang Wang,et al.  A secure dynamic ID based remote user authentication scheme for multi-server environment , 2009, Comput. Stand. Interfaces.

[24]  Da-Zhi Sun,et al.  Cryptanalysis and Improvement of User Authentication Scheme using Smart Cards for Multi-Server Environments , 2006, 2006 International Conference on Machine Learning and Cybernetics.

[25]  Muhammad Khurram Khan,et al.  An Efficient and Practical Fingerprint-Based Remote User Authentication Scheme with Smart Cards , 2006, ISPEC.

[26]  Xiang Cao,et al.  Breaking a remote user authentication scheme for multi-server architecture , 2006, IEEE Communications Letters.

[27]  Min-Shiang Hwang,et al.  A new remote user authentication scheme for multi-server architecture , 2003, Future Gener. Comput. Syst..