An efficient biometric-based privacy-preserving three-party authentication with key agreement protocol using smart cards

In communication systems, authentication protocols play an important role in protecting sensitive information against a malicious adversary by means of providing a variety of services such as mutual authentication, user credentials' privacy, and user revocation facility when the smart card of the user is lost/stolen or user's authentication parameters are revealed. Recently, several three-party authentication with key agreement (3PAKA) schemes are proposed in the literature, but most of them do not provide the basic security requirements such as user anonymity as well as user revocation and reregistration with the same identity. Thus, we feel that there is a great need to design a secure 3PAKA scheme with these security properties. In this paper, we propose a new secure biometric-based privacy-preserving 3PAKA scheme using the elliptic curve cryptography with efficient mechanism for the user revocation and re-registration with the same identity. The formal security analysis using the widely accepted Burrows-Abadi-Needham logic shows that our scheme provides secure authentication. In addition, we simulate our scheme for the formal security verification using the widely accepted Automated Validation of Internet Security Protocols and Applications tool. The simulation results show that our scheme is secure against passive and active attacks. Furthermore, our scheme is efficient as compared with other related schemes. Our scheme provides high security along with low computation and communication costs, and extra features as compared with other related existing schemes in the literature, and as a result, our scheme is suitable for battery-limited mobile devices. Copyright (C) 2015 John Wiley & Sons, Ltd.