원문정보
초록
영어
Authentication is an important and basic security service for many network based applications, which allows the registered user access remote services after the validity of his/her identity is verified by the remote server. Password, smart card and biometric are three frequently used factors in authentication, and some remote user authentication schemes for different environments had been presented based on these factors by researchers. Recently, Baruah et al. pointed out the weaknesses of Mishra et al.’s three factors user authentication scheme for multi-server environments, and they proposed an enhanced scheme. They claimed that their scheme has many security features and can resist some common attacks. However, based on our analysis, Baruah et al.’s scheme cannot resist stolen smart card attack, cannot protect user’s anonymity, and it is also vulnerable to Denial of Service attack. In this paper, an enhanced three factors user authentication scheme for multi-server environments based on fuzzy extractor technology is proposed, and the analysis show that the proposed scheme is more security and efficient than other related schemes.
목차
1. Introduction
2. Review of Baruah et al.’s Scheme
2.1. Registration Phase
2.2. Login Phase
2.3. Authentication Phase
2.4. Password Change Phase
3. Cryptanalysis of Baruah et al.’s Scheme
3.1. Stolen Smart Card Attack
3.2. No Provision of User Anonymity
3.3. Denial of Service
4. The Proposed Scheme
4.1. Basis of Biometric Authentication-Fuzzy Extractor
4.2. Registration Phase
4.3. Login Phase
4.4. Authentication Phase
4.5. Password Change Phase
5. Security Analysis of the Proposed Scheme
5.1. Resist Impersonation Attack
5.2. Resist Server Spoofing Attack
5.3. User Anonymity
5.4. Resist Replay Attack
5.5. Resist Stolen Smart Card Attack
5.6. Forward Secrecy and Known-key Security
5.7. Avoid of Device of Service Attack
5.8. Functionality and Performance Comparisons
6. Conclusions
References