A Secure Biometrics and PUFs-Based Authentication Scheme With Key Agreement For Multi-Server Environments

The emergence of multi-server authentication key protocol schemes provides a viable environment for users to easily access the services of multiple legitimate servers through a single registration. Biometric identification technology has the characteristics of forgery difficulty, duplication difficu...

Ausführliche Beschreibung

Gespeichert in:

Bibliographische Detailangaben
Veröffentlicht in:	IEEE access 2020, Vol.8, p.45292-45303
Hauptverfasser:	Zhao, Jun, Bian, Weixin, Xu, Deqin, Jie, Biao, Ding, Xintao, Zhou, Wen, Zhang, Hui
Format:	Artikel
Sprache:	eng
Schlagworte:	Authentication Biometric identification biometric security and privacy Biometrics Biometrics (access control) Cryptography fuzzy extractor Fuzzy logic Multi-server authentication mutual authentication Password physical unclonable function Protocols Servers Smart cards Theft
Online-Zugang:	Volltext
Tags:	Tag hinzufügen Keine Tags, Fügen Sie den ersten Tag hinzu!

container_end_page	45303
container_issue
container_start_page	45292
container_title	IEEE access
container_volume	8
creator	Zhao, Jun Bian, Weixin Xu, Deqin Jie, Biao Ding, Xintao Zhou, Wen Zhang, Hui
description	The emergence of multi-server authentication key protocol schemes provides a viable environment for users to easily access the services of multiple legitimate servers through a single registration. Biometric identification technology has the characteristics of forgery difficulty, duplication difficulty and guess difficulty, etc. Therefore, it is an indispensable authentication technology in smart card-based user authentication protocol. There are many shortcomings in the existing schemes based on biometrics, including leakages of biometrics information, smart card theft attack, lack of user anonymity, user impersonation attack, server impersonation, and so on. To overcome these shortcomings, we propose a new user authentication and key agreement scheme in the multi-server environment. To some extent, we not only are able to guarantee the communication security between the user and the servers, but also ensure the physical security of the smart card and biometrics information. In this respect, we use lightweight cryptographic primitives, such as Physically Unclonable Functions (PUFs), Fuzzy extractor and One-way hash functions, and so on. The proposed scheme can effectively protect user's anonymity without the use of password and provide mutual authentication and key agreement in the multi-server environment. Subsequently, we used informal analysis, Burrows-Abadi-Needham Logic (BAN-Logic) proof, and a widely accepted Real-Or-Random model to prove the security and robustness of proposed scheme. Finally, our authentication protocol can protect the security of communication.
doi_str_mv	10.1109/ACCESS.2020.2975615
format	Article
fullrecord	<record><control><sourceid>proquest_cross</sourceid><recordid>TN_cdi_crossref_primary_10_1109_ACCESS_2020_2975615</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><ieee_id>9006882</ieee_id><doaj_id>oai_doaj_org_article_ba317c504bcc46f1ac6c608fbb51bd8c</doaj_id><sourcerecordid>2454765731</sourcerecordid><originalsourceid>FETCH-LOGICAL-c408t-a8e71881f82032604e1d2a577c1b3c7300448885b8cacafc63695e8d2c5672373</originalsourceid><addsrcrecordid>eNpNUU1r3DAQNaWFhjS_IBdBz97qw_rYo7PsNqEpLbihRyGPx1ktu1YqyYH8-2rrEDqXGd7MezPDq6prRleM0fWXdrPZdt2KU05XfK2lYvJddcGZWtdCCvX-v_pjdZXSgZYwBZL6ovIt6RDmiOTGhxPm6CERNw3k58Mu1Tcu4UDaOe9xyh5c9mEiHezxhOS3z3vyDV9I-xixAFMmuxDJ9_mYfd1hfMZIttOzj2E6N9On6sPojgmvXvNl9bDb_trc1vc_vt5t2vsaGmpy7QxqZgwbDaeCK9ogG7iTWgPrBWhBadMYY2RvwIEbQYnyCJqBg1SaCy0uq7tFdwjuYJ-iP7n4YoPz9h8Q4qN1sTxzRNs7wTRI2vQAjRqZAwWKmrHvJesHA0Xr86L1FMOfGVO2hzDHqZxveSMbraQWrEyJZQpiSCni-LaVUXu2yC4W2bNF9tWiwrpeWB4R3xhrSpUxXPwFKCyMBw</addsrcrecordid><sourcetype>Open Website</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>2454765731</pqid></control><display><type>article</type><title>A Secure Biometrics and PUFs-Based Authentication Scheme With Key Agreement For Multi-Server Environments</title><source>IEEE Open Access Journals</source><source>DOAJ Directory of Open Access Journals</source><source>Elektronische Zeitschriftenbibliothek - Frei zugängliche E-Journals</source><creator>Zhao, Jun ; Bian, Weixin ; Xu, Deqin ; Jie, Biao ; Ding, Xintao ; Zhou, Wen ; Zhang, Hui</creator><creatorcontrib>Zhao, Jun ; Bian, Weixin ; Xu, Deqin ; Jie, Biao ; Ding, Xintao ; Zhou, Wen ; Zhang, Hui</creatorcontrib><description>The emergence of multi-server authentication key protocol schemes provides a viable environment for users to easily access the services of multiple legitimate servers through a single registration. Biometric identification technology has the characteristics of forgery difficulty, duplication difficulty and guess difficulty, etc. Therefore, it is an indispensable authentication technology in smart card-based user authentication protocol. There are many shortcomings in the existing schemes based on biometrics, including leakages of biometrics information, smart card theft attack, lack of user anonymity, user impersonation attack, server impersonation, and so on. To overcome these shortcomings, we propose a new user authentication and key agreement scheme in the multi-server environment. To some extent, we not only are able to guarantee the communication security between the user and the servers, but also ensure the physical security of the smart card and biometrics information. In this respect, we use lightweight cryptographic primitives, such as Physically Unclonable Functions (PUFs), Fuzzy extractor and One-way hash functions, and so on. The proposed scheme can effectively protect user's anonymity without the use of password and provide mutual authentication and key agreement in the multi-server environment. Subsequently, we used informal analysis, Burrows-Abadi-Needham Logic (BAN-Logic) proof, and a widely accepted Real-Or-Random model to prove the security and robustness of proposed scheme. Finally, our authentication protocol can protect the security of communication.</description><identifier>ISSN: 2169-3536</identifier><identifier>EISSN: 2169-3536</identifier><identifier>DOI: 10.1109/ACCESS.2020.2975615</identifier><identifier>CODEN: IAECCG</identifier><language>eng</language><publisher>Piscataway: IEEE</publisher><subject>Authentication ; Biometric identification ; biometric security and privacy ; Biometrics ; Biometrics (access control) ; Cryptography ; fuzzy extractor ; Fuzzy logic ; Multi-server authentication ; mutual authentication ; Password ; physical unclonable function ; Protocols ; Servers ; Smart cards ; Theft</subject><ispartof>IEEE access, 2020, Vol.8, p.45292-45303</ispartof><rights>Copyright The Institute of Electrical and Electronics Engineers, Inc. (IEEE) 2020</rights><lds50>peer_reviewed</lds50><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed><citedby>FETCH-LOGICAL-c408t-a8e71881f82032604e1d2a577c1b3c7300448885b8cacafc63695e8d2c5672373</citedby><cites>FETCH-LOGICAL-c408t-a8e71881f82032604e1d2a577c1b3c7300448885b8cacafc63695e8d2c5672373</cites><orcidid>0000-0003-2341-5359 ; 0000-0003-2556-9423 ; 0000-0003-3325-3306 ; 0000-0002-1266-1864 ; 0000-0003-1679-5680 ; 0000-0003-0725-6204 ; 0000-0002-3722-4935</orcidid></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://ieeexplore.ieee.org/document/9006882$$EHTML$$P50$$Gieee$$Hfree_for_read</linktohtml><link.rule.ids>314,780,784,864,2102,4024,27633,27923,27924,27925,54933</link.rule.ids></links><search><creatorcontrib>Zhao, Jun</creatorcontrib><creatorcontrib>Bian, Weixin</creatorcontrib><creatorcontrib>Xu, Deqin</creatorcontrib><creatorcontrib>Jie, Biao</creatorcontrib><creatorcontrib>Ding, Xintao</creatorcontrib><creatorcontrib>Zhou, Wen</creatorcontrib><creatorcontrib>Zhang, Hui</creatorcontrib><title>A Secure Biometrics and PUFs-Based Authentication Scheme With Key Agreement For Multi-Server Environments</title><title>IEEE access</title><addtitle>Access</addtitle><description>The emergence of multi-server authentication key protocol schemes provides a viable environment for users to easily access the services of multiple legitimate servers through a single registration. Biometric identification technology has the characteristics of forgery difficulty, duplication difficulty and guess difficulty, etc. Therefore, it is an indispensable authentication technology in smart card-based user authentication protocol. There are many shortcomings in the existing schemes based on biometrics, including leakages of biometrics information, smart card theft attack, lack of user anonymity, user impersonation attack, server impersonation, and so on. To overcome these shortcomings, we propose a new user authentication and key agreement scheme in the multi-server environment. To some extent, we not only are able to guarantee the communication security between the user and the servers, but also ensure the physical security of the smart card and biometrics information. In this respect, we use lightweight cryptographic primitives, such as Physically Unclonable Functions (PUFs), Fuzzy extractor and One-way hash functions, and so on. The proposed scheme can effectively protect user's anonymity without the use of password and provide mutual authentication and key agreement in the multi-server environment. Subsequently, we used informal analysis, Burrows-Abadi-Needham Logic (BAN-Logic) proof, and a widely accepted Real-Or-Random model to prove the security and robustness of proposed scheme. Finally, our authentication protocol can protect the security of communication.</description><subject>Authentication</subject><subject>Biometric identification</subject><subject>biometric security and privacy</subject><subject>Biometrics</subject><subject>Biometrics (access control)</subject><subject>Cryptography</subject><subject>fuzzy extractor</subject><subject>Fuzzy logic</subject><subject>Multi-server authentication</subject><subject>mutual authentication</subject><subject>Password</subject><subject>physical unclonable function</subject><subject>Protocols</subject><subject>Servers</subject><subject>Smart cards</subject><subject>Theft</subject><issn>2169-3536</issn><issn>2169-3536</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2020</creationdate><recordtype>article</recordtype><sourceid>ESBDL</sourceid><sourceid>RIE</sourceid><sourceid>DOA</sourceid><recordid>eNpNUU1r3DAQNaWFhjS_IBdBz97qw_rYo7PsNqEpLbihRyGPx1ktu1YqyYH8-2rrEDqXGd7MezPDq6prRleM0fWXdrPZdt2KU05XfK2lYvJddcGZWtdCCvX-v_pjdZXSgZYwBZL6ovIt6RDmiOTGhxPm6CERNw3k58Mu1Tcu4UDaOe9xyh5c9mEiHezxhOS3z3vyDV9I-xixAFMmuxDJ9_mYfd1hfMZIttOzj2E6N9On6sPojgmvXvNl9bDb_trc1vc_vt5t2vsaGmpy7QxqZgwbDaeCK9ogG7iTWgPrBWhBadMYY2RvwIEbQYnyCJqBg1SaCy0uq7tFdwjuYJ-iP7n4YoPz9h8Q4qN1sTxzRNs7wTRI2vQAjRqZAwWKmrHvJesHA0Xr86L1FMOfGVO2hzDHqZxveSMbraQWrEyJZQpiSCni-LaVUXu2yC4W2bNF9tWiwrpeWB4R3xhrSpUxXPwFKCyMBw</recordid><startdate>2020</startdate><enddate>2020</enddate><creator>Zhao, Jun</creator><creator>Bian, Weixin</creator><creator>Xu, Deqin</creator><creator>Jie, Biao</creator><creator>Ding, Xintao</creator><creator>Zhou, Wen</creator><creator>Zhang, Hui</creator><general>IEEE</general><general>The Institute of Electrical and Electronics Engineers, Inc. (IEEE)</general><scope>97E</scope><scope>ESBDL</scope><scope>RIA</scope><scope>RIE</scope><scope>AAYXX</scope><scope>CITATION</scope><scope>7SC</scope><scope>7SP</scope><scope>7SR</scope><scope>8BQ</scope><scope>8FD</scope><scope>JG9</scope><scope>JQ2</scope><scope>L7M</scope><scope>L~C</scope><scope>L~D</scope><scope>DOA</scope><orcidid>https://orcid.org/0000-0003-2341-5359</orcidid><orcidid>https://orcid.org/0000-0003-2556-9423</orcidid><orcidid>https://orcid.org/0000-0003-3325-3306</orcidid><orcidid>https://orcid.org/0000-0002-1266-1864</orcidid><orcidid>https://orcid.org/0000-0003-1679-5680</orcidid><orcidid>https://orcid.org/0000-0003-0725-6204</orcidid><orcidid>https://orcid.org/0000-0002-3722-4935</orcidid></search><sort><creationdate>2020</creationdate><title>A Secure Biometrics and PUFs-Based Authentication Scheme With Key Agreement For Multi-Server Environments</title><author>Zhao, Jun ; Bian, Weixin ; Xu, Deqin ; Jie, Biao ; Ding, Xintao ; Zhou, Wen ; Zhang, Hui</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c408t-a8e71881f82032604e1d2a577c1b3c7300448885b8cacafc63695e8d2c5672373</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2020</creationdate><topic>Authentication</topic><topic>Biometric identification</topic><topic>biometric security and privacy</topic><topic>Biometrics</topic><topic>Biometrics (access control)</topic><topic>Cryptography</topic><topic>fuzzy extractor</topic><topic>Fuzzy logic</topic><topic>Multi-server authentication</topic><topic>mutual authentication</topic><topic>Password</topic><topic>physical unclonable function</topic><topic>Protocols</topic><topic>Servers</topic><topic>Smart cards</topic><topic>Theft</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Zhao, Jun</creatorcontrib><creatorcontrib>Bian, Weixin</creatorcontrib><creatorcontrib>Xu, Deqin</creatorcontrib><creatorcontrib>Jie, Biao</creatorcontrib><creatorcontrib>Ding, Xintao</creatorcontrib><creatorcontrib>Zhou, Wen</creatorcontrib><creatorcontrib>Zhang, Hui</creatorcontrib><collection>IEEE All-Society Periodicals Package (ASPP) 2005-present</collection><collection>IEEE Open Access Journals</collection><collection>IEEE All-Society Periodicals Package (ASPP) 1998-Present</collection><collection>IEEE Electronic Library (IEL)</collection><collection>CrossRef</collection><collection>Computer and Information Systems Abstracts</collection><collection>Electronics & Communications Abstracts</collection><collection>Engineered Materials Abstracts</collection><collection>METADEX</collection><collection>Technology Research Database</collection><collection>Materials Research Database</collection><collection>ProQuest Computer Science Collection</collection><collection>Advanced Technologies Database with Aerospace</collection><collection>Computer and Information Systems Abstracts Academic</collection><collection>Computer and Information Systems Abstracts Professional</collection><collection>DOAJ Directory of Open Access Journals</collection><jtitle>IEEE access</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Zhao, Jun</au><au>Bian, Weixin</au><au>Xu, Deqin</au><au>Jie, Biao</au><au>Ding, Xintao</au><au>Zhou, Wen</au><au>Zhang, Hui</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>A Secure Biometrics and PUFs-Based Authentication Scheme With Key Agreement For Multi-Server Environments</atitle><jtitle>IEEE access</jtitle><stitle>Access</stitle><date>2020</date><risdate>2020</risdate><volume>8</volume><spage>45292</spage><epage>45303</epage><pages>45292-45303</pages><issn>2169-3536</issn><eissn>2169-3536</eissn><coden>IAECCG</coden><abstract>The emergence of multi-server authentication key protocol schemes provides a viable environment for users to easily access the services of multiple legitimate servers through a single registration. Biometric identification technology has the characteristics of forgery difficulty, duplication difficulty and guess difficulty, etc. Therefore, it is an indispensable authentication technology in smart card-based user authentication protocol. There are many shortcomings in the existing schemes based on biometrics, including leakages of biometrics information, smart card theft attack, lack of user anonymity, user impersonation attack, server impersonation, and so on. To overcome these shortcomings, we propose a new user authentication and key agreement scheme in the multi-server environment. To some extent, we not only are able to guarantee the communication security between the user and the servers, but also ensure the physical security of the smart card and biometrics information. In this respect, we use lightweight cryptographic primitives, such as Physically Unclonable Functions (PUFs), Fuzzy extractor and One-way hash functions, and so on. The proposed scheme can effectively protect user's anonymity without the use of password and provide mutual authentication and key agreement in the multi-server environment. Subsequently, we used informal analysis, Burrows-Abadi-Needham Logic (BAN-Logic) proof, and a widely accepted Real-Or-Random model to prove the security and robustness of proposed scheme. Finally, our authentication protocol can protect the security of communication.</abstract><cop>Piscataway</cop><pub>IEEE</pub><doi>10.1109/ACCESS.2020.2975615</doi><tpages>12</tpages><orcidid>https://orcid.org/0000-0003-2341-5359</orcidid><orcidid>https://orcid.org/0000-0003-2556-9423</orcidid><orcidid>https://orcid.org/0000-0003-3325-3306</orcidid><orcidid>https://orcid.org/0000-0002-1266-1864</orcidid><orcidid>https://orcid.org/0000-0003-1679-5680</orcidid><orcidid>https://orcid.org/0000-0003-0725-6204</orcidid><orcidid>https://orcid.org/0000-0002-3722-4935</orcidid><oa>free_for_read</oa></addata></record>
fulltext	fulltext
identifier	ISSN: 2169-3536
ispartof	IEEE access, 2020, Vol.8, p.45292-45303
issn	2169-3536 2169-3536
language	eng
recordid	cdi_crossref_primary_10_1109_ACCESS_2020_2975615
source	IEEE Open Access Journals; DOAJ Directory of Open Access Journals; Elektronische Zeitschriftenbibliothek - Frei zugängliche E-Journals
subjects	Authentication Biometric identification biometric security and privacy Biometrics Biometrics (access control) Cryptography fuzzy extractor Fuzzy logic Multi-server authentication mutual authentication Password physical unclonable function Protocols Servers Smart cards Theft
title	A Secure Biometrics and PUFs-Based Authentication Scheme With Key Agreement For Multi-Server Environments
url	https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2024-12-19T09%3A42%3A38IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_cross&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=A%20Secure%20Biometrics%20and%20PUFs-Based%20Authentication%20Scheme%20With%20Key%20Agreement%20For%20Multi-Server%20Environments&rft.jtitle=IEEE%20access&rft.au=Zhao,%20Jun&rft.date=2020&rft.volume=8&rft.spage=45292&rft.epage=45303&rft.pages=45292-45303&rft.issn=2169-3536&rft.eissn=2169-3536&rft.coden=IAECCG&rft_id=info:doi/10.1109/ACCESS.2020.2975615&rft_dat=%3Cproquest_cross%3E2454765731%3C/proquest_cross%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_pqid=2454765731&rft_id=info:pmid/&rft_ieee_id=9006882&rft_doaj_id=oai_doaj_org_article_ba317c504bcc46f1ac6c608fbb51bd8c&rfr_iscdi=true