A Three-Factor Based Remote User Authentication Scheme: Strengthening Systematic Security and Personal Privacy for Wireless Communications

Anonymous remote user authentication plays more and more important role in wireless personal communication networks to guarantee systematic security and personal privacy. However, as promising as it is, security and privacy issues have seriously challenged user experience and system performance in the authentication schemes for a long time. In this paper, we propose a remote user authentication scheme for wireless communication networks. Our proposal employs the personal workstation as a trusted proxy to preserve perfect user privacy, while maintaining system security. It not only provides mutual authentication with key agreement mechanism, but also keeps user’ privacy private in a reliable domain. In addition, the technologies of Bluetooth (or Wifi) improve user experience and improve user friendliness in three-factor based authentication schemes. Moreover, our scheme supports flexible user login and security level. Finally, the security proof and performance analysis show that our scheme is more efficient and practical.

[1]  Xiaolei Dong,et al.  Fuzzy identity based signature with applications to biometric authentication , 2011, Comput. Electr. Eng..

[2]  Xiong Li,et al.  Cryptanalysis and improvement of a biometrics-based remote user authentication scheme using smart cards , 2011, J. Netw. Comput. Appl..

[3]  Robert H. Deng,et al.  A Generic Framework for Three-Factor Authentication: Preserving Security and Privacy in Distributed Systems , 2011, IEEE Transactions on Parallel and Distributed Systems.

[4]  Dan S. Wallach,et al.  Origin-Bound Certificates: A Fresh Approach to Strong Client Authentication for the Web , 2012, USENIX Security Symposium.

[5]  Dan S. Wallach,et al.  Strengthening user authentication through opportunistic cryptographic identity assertions , 2012, CCS.

[6]  Rafail Ostrovsky,et al.  Fuzzy Extractors: How to Generate Strong Keys from Biometrics and Other Noisy Data , 2004, SIAM J. Comput..

[7]  Hung-Yu Chien,et al.  An Efficient and Practical Solution to Remote Authentication: Smart Card , 2002, Comput. Secur..

[8]  Paul C. Kocher,et al.  Differential Power Analysis , 1999, CRYPTO.

[9]  Min-Shiang Hwang,et al.  A new remote user authentication scheme using smart cards , 2000, IEEE Trans. Consumer Electron..

[10]  Qiaoyan Wen,et al.  An improved authentication with key agreement scheme on elliptic curve cryptosystem for global mobility networks , 2013, Int. J. Netw. Manag..

[11]  Jian Ma,et al.  An efficient and security dynamic identity based authentication protocol for multi-server architecture using smart cards , 2012, J. Netw. Comput. Appl..

[12]  Robert H. Sloan,et al.  Examining Smart-Card Security under the Threat of Power Analysis Attacks , 2002, IEEE Trans. Computers.

[13]  Hugo Krawczyk,et al.  Public-key cryptography and password protocols , 1999 .

[14]  Xuelei Li,et al.  An improved dynamic ID-based remote user authentication with key agreement scheme , 2012, Comput. Electr. Eng..

[15]  Yong Wang,et al.  Smartphone Security Challenges , 2012, Computer.

[16]  Frank Stajano,et al.  The Quest to Replace Passwords: A Framework for Comparative Evaluation of Web Authentication Schemes , 2012, 2012 IEEE Symposium on Security and Privacy.

[17]  Anil K. Jain,et al.  Biometric Authentication: System Security and User Privacy , 2012, Computer.

[18]  N. Asokan,et al.  Untraceability in mobile networks , 1995, MobiCom '95.

[19]  R. C. Mittal,et al.  An improved timestamp-based remote user authentication scheme , 2011, Comput. Electr. Eng..

[20]  Martín Abadi,et al.  A logic of authentication , 1990, TOCS.