An efficient generic framework for three-factor authentication with provably secure instantiation

Jiangshan Yu; Guilin Wang; Yi Mu; Wei Gao

doi:10.1109/TIFS.2014.2362979

An efficient generic framework for three-factor authentication with provably secure instantiation

Jiangshan Yu, Guilin Wang, Yi Mu, Wei Gao

Research output: Contribution to journal › Article › Research › peer-review

83 Citations (Scopus)

Abstract

Remote authentication has been widely studied and adapted in distributed systems. The security of remote authentication mechanisms mostly relies on one of or the combination of three factors: 1) something users know - password; 2) something users have - smart card; and 3) something users are - biometric characteristics. This paper introduces an efficient generic framework for three-factor authentication. The proposed generic framework enhances the security of existing two-factor authentication schemes by upgrading them to three-factor authentication schemes, without exposing user privacy. In addition, we present a case study by upgrading a secure two-factor authentication scheme to a secure three-factor authentication scheme. Furthermore, implementation analysis, formal proof, and privacy discussion are provided to show that the derived scheme is practical, secure, and privacy preserving.

Original language	English
Article number	6923423
Pages (from-to)	2302-2313
Number of pages	12
Journal	IEEE Transactions on Information Forensics and Security
Volume	9
Issue number	12
DOIs	https://doi.org/10.1109/TIFS.2014.2362979
Publication status	Published - Dec 2014
Externally published	Yes

Keywords

Authentication
biometrics
password
privacy
security
smart card

Access to Document

10.1109/TIFS.2014.2362979

Cite this

@article{4a841773a4344ea08a221c64dfc5cc36,

title = "An efficient generic framework for three-factor authentication with provably secure instantiation",

abstract = "Remote authentication has been widely studied and adapted in distributed systems. The security of remote authentication mechanisms mostly relies on one of or the combination of three factors: 1) something users know - password; 2) something users have - smart card; and 3) something users are - biometric characteristics. This paper introduces an efficient generic framework for three-factor authentication. The proposed generic framework enhances the security of existing two-factor authentication schemes by upgrading them to three-factor authentication schemes, without exposing user privacy. In addition, we present a case study by upgrading a secure two-factor authentication scheme to a secure three-factor authentication scheme. Furthermore, implementation analysis, formal proof, and privacy discussion are provided to show that the derived scheme is practical, secure, and privacy preserving.",

keywords = "Authentication, biometrics, password, privacy, security, smart card",

author = "Jiangshan Yu and Guilin Wang and Yi Mu and Wei Gao",

year = "2014",

month = dec,

doi = "10.1109/TIFS.2014.2362979",

language = "English",

volume = "9",

pages = "2302--2313",

journal = "IEEE Transactions on Information Forensics and Security",

issn = "1556-6013",

publisher = "IEEE, Institute of Electrical and Electronics Engineers",

number = "12",

}

TY - JOUR

T1 - An efficient generic framework for three-factor authentication with provably secure instantiation

AU - Yu, Jiangshan

AU - Wang, Guilin

AU - Mu, Yi

AU - Gao, Wei

PY - 2014/12

Y1 - 2014/12

N2 - Remote authentication has been widely studied and adapted in distributed systems. The security of remote authentication mechanisms mostly relies on one of or the combination of three factors: 1) something users know - password; 2) something users have - smart card; and 3) something users are - biometric characteristics. This paper introduces an efficient generic framework for three-factor authentication. The proposed generic framework enhances the security of existing two-factor authentication schemes by upgrading them to three-factor authentication schemes, without exposing user privacy. In addition, we present a case study by upgrading a secure two-factor authentication scheme to a secure three-factor authentication scheme. Furthermore, implementation analysis, formal proof, and privacy discussion are provided to show that the derived scheme is practical, secure, and privacy preserving.

AB - Remote authentication has been widely studied and adapted in distributed systems. The security of remote authentication mechanisms mostly relies on one of or the combination of three factors: 1) something users know - password; 2) something users have - smart card; and 3) something users are - biometric characteristics. This paper introduces an efficient generic framework for three-factor authentication. The proposed generic framework enhances the security of existing two-factor authentication schemes by upgrading them to three-factor authentication schemes, without exposing user privacy. In addition, we present a case study by upgrading a secure two-factor authentication scheme to a secure three-factor authentication scheme. Furthermore, implementation analysis, formal proof, and privacy discussion are provided to show that the derived scheme is practical, secure, and privacy preserving.

KW - Authentication

KW - biometrics

KW - password

KW - privacy

KW - security

KW - smart card

UR - https://www.scopus.com/pages/publications/84911059606

U2 - 10.1109/TIFS.2014.2362979

DO - 10.1109/TIFS.2014.2362979

M3 - Article

AN - SCOPUS:84911059606

SN - 1556-6013

VL - 9

SP - 2302

EP - 2313

JO - IEEE Transactions on Information Forensics and Security

JF - IEEE Transactions on Information Forensics and Security

IS - 12

M1 - 6923423

ER -

An efficient generic framework for three-factor authentication with provably secure instantiation

Abstract

Keywords

Access to Document

Other files and links

Cite this