期刊
JOURNAL OF AMBIENT INTELLIGENCE AND HUMANIZED COMPUTING
卷 10, 期 2, 页码 611-627出版社
SPRINGER HEIDELBERG
DOI: 10.1007/s12652-018-0710-x
关键词
Key exchange; Three-factor; Multi-server; ECC; Privileged insider attack
Significant developments in wireless communication technologies have resulted in the increased popularity of mobile devices and mobile services. However, excessive service requests reduce the efficiency of traditional single-server architectures, which consist of one server and many users. To overcome this limitation, a multi-server architecture was proposed. Additionally, password-based or smart-card-based authentication schemes cannot support some important security properties in multi-server environments. Consequently, biometrics are widely used as a third factor, in addition to passwords and smart cards, to make authentication schemes more secure. Reddy et al. recently designed a three-factor (i.e., password, smart card and biometrics) authentication scheme for multi-server environments. However, we found that their scheme lacks untraceability and is vulnerable to privileged insider attacks. To address these deficiencies, we propose a security-enhanced three-factor authentication scheme for multi-server environments based on elliptic curve cryptography (ECC). We prove that the proposed scheme is secure using the random oracle model. Moreover, an informal security analysis shows that the proposed scheme fulfills all the security requirements of the multi-server architecture. Finally, the results from performance analyses indicate that our proposed scheme achieves a significant improvement in security with minimal impact on performance.
作者
我是这篇论文的作者
点击您的名字以认领此论文并将其添加到您的个人资料中。
推荐
暂无数据