Two-factor authenticated key agreement protocol based on biometric feature and password

Xiao-wei LI; Deng-qi YANG; Ben-hui CHEN; Yu-qing ZHANG

doi:10.11959/j.issn.1000-436x.2017148

您当前的位置：

首页 >

文章列表页 >

Two-factor authenticated key agreement protocol based on biometric feature and password

Papers | 更新时间：2024-06-05

- Two-factor authenticated key agreement protocol based on biometric feature and password
- Journal on Communications Vol. 38, Issue 7, Pages: 89-95(2017)
- 作者机构：
  
  1. 大理大学数学与计算机学院，云南大理 671000
  2. 北京邮电大学网络与交换技术国家重点实验室，北京 100049
  3. 中国科学院大学国家计算机网络入侵防范中心，北京 100049
- 作者简介：
- 基金信息：
  
  The National Natural Science Foundation of China(61462003);The National Natural Science Foundation of China(71462001);The National Natural Science Foundation of China(61272481);The National Natural Science Foundation of China(61572460);The National Key Research and Development Project(2016YFB0800703);Open Project Program of State Key Laborary of Networking and Switching Technology(SLNST-2016-2-25);Education Foundation of Yunnan Province(2016ZZX192)
- DOI：10.11959/j.issn.1000-436x.2017148
  CLC： TP309
- Online First：2017-07，
  
  Published：25 July 2017
- 稿件说明：
移动端阅览
Xiao-wei LI, Deng-qi YANG, Ben-hui CHEN, et al. Two-factor authenticated key agreement protocol based on biometric feature and password[J]. Journal on Communications, 2017, 38(7): 89-95.
DOI：

Xiao-wei LI, Deng-qi YANG, Ben-hui CHEN, et al. Two-factor authenticated key agreement protocol based on biometric feature and password[J]. Journal on Communications, 2017, 38(7): 89-95. DOI： 10.11959/j.issn.1000-436x.2017148.

摘要

提出了一个新型的基于生物特征和口令的双因子认证与密钥协商协议。该双因子协议利用用户的生物特征以及口令信息实现安全通信，用户不需要携带智能卡。利用模糊提取技术，服务器不再保存用户生物信息，避免了服务器被攻陷用户敏感信息丢失的风险。通过服务器的公钥保护用户的认证信息，避免了基于口令的认证协议可能遭受的离线字典攻击。基于椭圆曲线计算性Diffie-Hellman假设，在随机预言模型下证明了协议的安全性。性能分析表明，所提出的协议具有较高的安全属性。

Abstract

A new two-factor authenticated key agreement protocol based on biometric feature and password was proposed.The protocol took advantages of the user’s biological information and password to achieve the secure communication without bringing the smart card.The biometric feature was not stored in the server by using the fuzzy extractor technique

so the sensitive information of the user cannot be leaked when the server was corrupted.The authentication messages of the user were protected by the server’s public key

so the protocol can resist the off-line dictionary attack which often appears in the authentication protocols based on password.The security of the proposed protocol was given in the random oracle model provided the elliptic computational Diffie-Hellman assumption holds.The performance analysis shows the proposed protocol has better security.

关键词

Keywords

references

HALEVI S , KRAWCZYK H . Public-key cryptography and password protocols [C ] // The 5th ACM Conference on Computer and Communications Security . 1998 : 122 - 131 .

BELLOVIN S M , MERRITT M . Encrypted key exchange:password based protocols secure against dictionary attacks [C ] // IEEE Security and Privacy . 1992 : 72 - 84 .

BELLARE M , POINTCHEVAL D , ROGAWAY P . Authenticated key exchange secure against dictionary attacks [J ] . Tecnologia Electronica E Informatica , 2000 : 139 - 155 .

JUANG W S , CHEN S T , LIAW H T . Robust and efficient password authenticated key agreement using smart cards [J ] . IEEE Transaction on Industrial Electronics , 2008 , 55 ( 6 ): 2551 - 2556 .

WANG D , WANG N , WANG P , et al . Preserving privacy for free:Efficient and provably secure two-factor authentication scheme with user anonymity [J ] . Information Sciences , 2015 , 321 ( 10 ): 162 - 178 .

MISHRA D , DAS A K , CHATURVEDI A , et al . A secure password-based authentication and key agreement scheme using smart cards [J ] . Journal of Information Security and Applications , 2015 , 23 ( 8 ): 28 - 43 .

LI X , NIU J , WANG Z , et al . Applying biometrics to design three-factor remote user authentication scheme with key agreement [J ] . Security and Communication Networks , 2014 , 7 ( 10 ): 1488 - 1497 .

GIRI D , SHERRATT R S , MAITRA T . A novel and efficient session spanning biometric and password based three-factor authentication protocol for consumer USB mass storage devices [J ] . IEEE Transactions on Consumer Electronics , 2016 , 62 ( 3 ): 283 - 291 .

DODIS Y , REYZIN L , SMITH A . Fuzzy extractors:how to generate strong keys from biometrics and other noisy data [C ] // Cryptology Eurocrypt 2004 . 2004 : 523 - 540 .

李晓伟 , 张玉清 , 张格非 , 等 . 基于智能卡的强安全认证与密钥协商协议 [J ] . 电子学报 , 2014 , 42 ( 8 ): 1587 - 1593 .

LI X W , ZHANG Y Q , ZHANG G F , et al . Strongly secure authenticated key agreement protocol using smart card [J ] . Acta Electronica Sinica , 2014 , 42 ( 8 ): 1587 - 1593 .

Views

1522

下载量

CSCD

Alert me when the article has been cited

提交

Tools

Publicity Resources

Research on pairing-free certificateless batch anonymous authentication scheme for VANET

Security analysis and improvement of a certificateless signcryption scheme

Fair multi-party concurrent signature scheme

Password authentication scheme for mobile computing environment

ID-based signature without trusted PKG

Related Author

Xi-xi YAN

Zhi-zhong LIU

Zong-pu JIA

Wei-ping PENG

Ming-yue ZHANG

Cheng SONG

Zhen-guo ZHAO

Yun YANG

Related Institution

School of Computer Science and Technology,Henan Polytechnic University

School of Water Conservancy, North China University of Water Resources and Electric Power

College of Computer Science and Technology,Henan Polytechnic University

Information Security Center,Beijing University of Posts and Telecommunications

Information Technology Center,Ministry of Railways

AI问答

⁰