A Stubborn Security Model Based on Three-factor Authentication and Modified Public Key

Single authentication methods such as password, smart card, or biometric authentication suffer from their own weaknesses. Thus, combined authentication methods have been proposed recently. Unfortunately, even combined authentication methods are exposed to replay attacks, user impersonation attacks, server masquerading attacks, or stolen smart card attacks. To minimize the range of such attacks, we propose a security model that combines smart card authentication and biometric authentication using a modified public key cryptography. The modified public key cryptography transfers a public key only to the opposite entity not to public. The proposed security model can withstand the above-mentioned attacks. In particular, the insider attack can be resisted even in cases where the secret values stored in any two of three parties of a system are compromised. Such tolerance is enabled by modified public keys which are not revealed to the third party.

[1]  Chu-Hsing Lin,et al.  A flexible biometrics remote user authentication scheme , 2004, Comput. Stand. Interfaces.

[2]  Yu-Chung Chiu,et al.  Improved remote authentication scheme with smart card , 2005, Comput. Stand. Interfaces.

[3]  Shyi-Tsong Wu,et al.  A user friendly remote authentication scheme with smart cards , 2003, Comput. Secur..

[4]  Chunguang Ma,et al.  Secure Password-based Remote User Authentication Scheme Against Smart Card Security Breach , 2013, J. Networks.

[5]  Tanmoy Maitra,et al.  An Improvement of Wang. et. al.'s Remote User Authentication Scheme Against Smart Card Security Breach , 2013 .

[6]  Ashok Kumar Das,et al.  Analysis and improvement on an efficient biometric-based remote user authentication scheme using smart cards , 2011, IET Inf. Secur..

[7]  Ruhul Amin,et al.  An Improved RSA Based User Authentication and Session Key Agreement Protocol Usable in TMIS , 2015, Journal of Medical Systems.

[8]  Min-Shiang Hwang,et al.  A new remote user authentication scheme using smart cards , 2000, IEEE Trans. Consumer Electron..

[9]  Ruhul Amin Cryptanalysis and Efficient Dynamic ID Based Remote User Authentication Scheme in Multi-server Environment Using Smart Card , 2016, Int. J. Netw. Secur..

[10]  Min-Shiang Hwang,et al.  Security enhancement for the timestamp-based password authentication scheme using smart cards , 2003, Comput. Secur..

[11]  Younghwa An,et al.  Security Analysis and Enhancements of an Effective Biometric-Based Remote User Authentication Scheme Using Smart Cards , 2012, Journal of biomedicine & biotechnology.

[12]  Lei Fan,et al.  An enhancement of timestamp-based password authentication scheme , 2002, Comput. Secur..

[13]  Hung-Min Sun,et al.  An efficient remote use authentication scheme using smart cards , 2000, IEEE Trans. Consumer Electron..

[14]  Kuldip Singh,et al.  A secure dynamic identity based authentication protocol for multi-server architecture , 2011, J. Netw. Comput. Appl..

[15]  Eun-Jun Yoon,et al.  Further improvement of an efficient password based remote user authentication scheme using smart cards , 2004, IEEE Transactions on Consumer Electronics.

[16]  Ruhul Amin,et al.  A Secure Three-Factor User Authentication and Key Agreement Protocol for TMIS With User Anonymity , 2015, Journal of Medical Systems.

[17]  Jakob Jonsson,et al.  Public-Key Cryptography Standards (PKCS) #1: RSA Cryptography Specifications Version 2.1 , 2003, RFC.