The Community for Technology Leaders
RSS Icon
Issue No.08 - August (2011 vol.22)
pp: 1390-1397
Xinyi Huang , Singapore Management University, Singapore
Yang Xiang , Deakin University, Melbourne
Ashley Chonka , Deakin University, Geelong
Jianying Zhou , Institute for Infocomm Research, Singapore
Robert H. Deng , Singapore Management University, Singapore
As part of the security within distributed systems, various services and resources need protection from unauthorized use. Remote authentication is the most commonly used method to determine the identity of a remote client. This paper investigates a systematic approach for authenticating clients by three factors, namely password, smart card, and biometrics. A generic and secure framework is proposed to upgrade two-factor authentication to three-factor authentication. The conversion not only significantly improves the information assurance at low cost but also protects client privacy in distributed systems. In addition, our framework retains several practice-friendly properties of the underlying two-factor authentication, which we believe is of independent interest.
Authentication, distributed systems, security, privacy, password, smart card, biometrics.
Xinyi Huang, Yang Xiang, Ashley Chonka, Jianying Zhou, Robert H. Deng, "A Generic Framework for Three-Factor Authentication: Preserving Security and Privacy in Distributed Systems", IEEE Transactions on Parallel & Distributed Systems, vol.22, no. 8, pp. 1390-1397, August 2011, doi:10.1109/TPDS.2010.206
[1] D.V. Klein, "Foiling the Cracker: A Survey of, and Improvements to, Password Security," Proc. Second USENIX Workshop Security, 1990.
[2] Biometrics: Personal Identification in Networked Society, A.K. Jain, R. Bolle, and S. Pankanti, eds. Kluwer, 1999.
[3] D. Maltoni, D. Maio, A.K. Jain, and S. Prabhakar, Handbook of Fingerprint Recognition. Springer-Verlag, 2003.
[4] Ed. Dawson, J. Lopez, J.A. Montenegro, and E. Okamoto, "BAAI: Biometric Authentication and Authorization Infrastructure," Proc. IEEE Int'l Conf. Information Technology: Research and Education (ITRE '03), pp. 274-278, 2004.
[5] J.K. Lee, S.R. Ryu, and K.Y. Yoo, "Fingerprint-Based Remote User Authentication Scheme Using Smart Cards," Electronics Letters, vol. 38, no. 12, pp. 554-555, June 2002.
[6] C.C. Chang and I.C. Lin, "Remarks on Fingerprint-Based Remote User Authentication Scheme Using Smart Cards," ACM SIGOPS Operating Systems Rev., vol. 38, no. 4, pp. 91-96, Oct. 2004.
[7] C.H. Lin and Y.Y. Lai, "A Flexible Biometrics Remote User Authentication Scheme," Computer Standards Interfaces, vol. 27, no. 1, pp. 19-23, Nov. 2004.
[8] M.K. Khan and J. Zhang, "Improving the Security of 'A Flexible Biometrics Remote User Authentication Scheme'," Computer Standards Interfaces, vol. 29, no. 1, pp. 82-85, Jan. 2007.
[9] C.J. Mitchell and Q. Tang, "Security of the Lin-Lai Smart Card Based User Authentication Scheme," Technical Report RHULMA20051, 2005RHUL-MA-2005-1.pdf, Jan. 2005.
[10] E.J. Yoon and K.Y. Yoo, "A New Efficient Fingerprint-Based Remote User Authentication Scheme for Multimedia Systems," Proc. Ninth Int'l Conf. Knowledge-Based Intelligent Information and Eng. Systems (KES), 2005.
[11] Y. Lee and T. Kwon, "An improved Fingerprint-Based Remote User Authentication Scheme Using Smart Cards," Proc. Int'l Conf. Computational Science and Its Applications (ICCSA), 2006.
[12] H.S. Kim, J.K. Lee, and K.Y. Yoo, "ID-Based Password Authentication Scheme Using Smart Cards and Fingerprints," ACM SIGOPS Operating Systems Rev., vol. 37, no. 4, pp. 32-41, Oct. 2003.
[13] M. Scott, "Cryptanalysis of an ID-Based Password Authentication Scheme Using Smart Cards and Fingerprints," ACM SIGOPS Operating Systems Rev., vol. 38, no. 2, pp. 73-75, Apr. 2004.
[14] A. Bhargav-Spantzel, A.C. Squicciarini, E. Bertino, S. Modi, M. Young, and S.J. Elliott, "Privacy Preserving Multi-Factor Authentication with Biometrics," J. Computer Security, vol. 15, no. 5, pp. 529-560, 2007.
[15] S. Goldwasser, S. Micali, and C. Rackoff, "The Knowledge Complexity of Interactive Proof-Systems," SIAM J. Computing, vol. 18, no. 1, pp. 186-208, Feb. 1989.
[16] U. Uludag, S. Pankanti, S. Prabhakar, and A.K. Jain, "Biometric Cryptosystems: Issues and Challenges," Proc. IEEE, Special Issue on Multimedia Security for Digital Rights Management, vol. 92, no. 6, pp. 948-960, June 2004.
[17] C.-I. Fan and Y.-H. Lin, "Provably Secure Remote Truly Three-Factor Authentication Scheme with Privacy Protection on Biometrics," IEEE Trans. Information Forensics and Security, vol. 4, no. 4, pp. 933-945, Dec. 2009.
[18] C.T. Li and M.-S. Hwang, "An Efficient Biometrics-Based Remote User Authentication Scheme Using Smart Cards," J. Network and Computer Applications, vol. 33, no. 1, pp. 1-5, 2010.
[19] P.C. Kocher, J. Jaffe, and B. Jun, "Differential Power Analysis," Proc. Int'l Cryptology Conf. (CRYPTO), pp. 388-397, 1999.
[20] T.S. Messerges, E.A. Dabbish, and R.H. Sloan, "Examining Smart-Card Security under the Threat of Power Analysis Attacks," IEEE Trans. Computers, vol. 51, no. 5, pp. 541-552, May 2002.
[21] Y. Dodis, L. Reyzin, and A. Smith, "Fuzzy Extractors: How to Generate Strong Keys from Biometrics and Other Noisy Data," Proc. Int'l Conf. Theory and Applications of Cryptographic Techniques (Eurocrypt), pp. 523-540, 2004.
[22] N.K. Ratha, J.H. Connell, and R.M. Bolle, "Enhancing Security and Privacy in Biometrics-Based Authentication Systems," IBM Systems J., vol. 40, no. 3, pp. 614-634, 2001.
[23] M.-H. Lim and A.B.J. Teoh, "Cancelable Biometrics," Scholarpedia, vol. 5, no. 1, p. 9201, 2010.
[24] H. Tian, X. Chen, and Y. Ding, "Analysis of Two Types Deniable Authentication Protocols," Int'l J. Network Security, vol. 9, no. 3, pp. 242-246, July 2009.
4 ms
(Ver 2.0)

Marketing Automation Platform Marketing Automation Tool