Abstract
The traditional account and password verification method has not only been inconducive to user experience but also security threats. Although biometrics improves the user experience, biometric data can be stolen. FIDO is a rapid authentication mechanism however it does neither pass user biometrics through the server nor performs biometric identification on the user devices. This study develops a robust two factors authentication scheme with fine-grained biometrics verification for preserving privacy that seamlessly processes users’ authentication identities. Results of the simulation showed the proposed protocol had more properties in user authentication than the existing authentication schemes.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Fido alliance (2018). https://fidoalliance.org/. Accessed 12 Aug 2022
Why the password isn’t dead quite yet (2021). https://arstechnica.com/information-technology/2021/07/why-the-password-isnt-dead-quite-yet/. Accessed 7 Aug 2022
Bellovin, S.M., Merritt, M.: Encrypted key exchange: Password-based protocols secure against dictionary attacks (1992)
Chertoff, M., Grant, J.: 8 ways governments can improve their cybersecurity. Harvard Business Review (2017)
Dang, Q.H., et al.: Secure hash standard (2015)
Dillon, T., Wu, C., Chang, E.: Cloud computing: issues and challenges. In: 2010 24th IEEE International Conference on Advanced Information Networking and Applications, pp. 27–33. IEEE (2010)
Dworkin, M.J., et al.: Advanced encryption standard (AES) (2001)
Feldmeier, D.C., Karn, P.R.: UNIX password security - ten years later. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 44–63. Springer, New York (1990). https://doi.org/10.1007/0-387-34805-0_6
Huang, X., Xiang, Y., Chonka, A., Zhou, J., Deng, R.H.: A generic framework for three-factor authentication: preserving security and privacy in distributed systems. IEEE Trans. Parallel Distrib. Syst. 22(8), 1390–1397 (2010)
Hwang, M.S., Li, L.H.: A new remote user authentication scheme using smart cards. IEEE Trans. Consum. Electron. 46(1), 28–30 (2000)
Kim, H.S., Lee, S.W., Yoo, K.Y.: ID-based password authentication scheme using smart cards and fingerprints. ACM SIGOPS Oper. Syst. Rev. 37(4), 32–41 (2003)
Kyaw, A.K., Sioquim, F., Joseph, J.: Dictionary attack on wordpress: security and forensic analysis. In: 2015 Second International Conference on Information Security and Cyber Forensics (InfoSec), pp. 158–164. IEEE (2015)
Lauter, K.: The advantages of elliptic curve cryptography for wireless security. IEEE Wirel. Commun. 11(1), 62–67 (2004)
Lee, S.-W., Kim, W.-H., Kim, H.-S., Yoo, K.-Y.: Efficient password-based authenticated key agreement protocol. In: Laganá, A., Gavrilova, M.L., Kumar, V., Mun, Y., Tan, C.J.K., Gervasi, O. (eds.) ICCSA 2004. LNCS, vol. 3046, pp. 617–626. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-24768-5_66
Li, C.T., Hwang, M.S.: An efficient biometrics-based remote user authentication scheme using smart cards. J. Netw. Comput. Appl. 33(1), 1–5 (2010)
Li, Z., Higgins, J., Clement, M.: Performance of finite field arithmetic in an elliptic curve cryptosystem. In: MASCOTS 2001, Proceedings Ninth International Symposium on Modeling, Analysis and Simulation of Computer and Telecommunication Systems, pp. 249–256. IEEE (2001)
Lucks, S.: Open key exchange: how to defeat dictionary attacks without encrypting public keys. In: Christianson, B., Crispo, B., Lomas, M., Roe, M. (eds.) Security Protocols 1997. LNCS, vol. 1361, pp. 79–90. Springer, Heidelberg (1998). https://doi.org/10.1007/BFb0028161
Rivest, R.L.: The RC5 encryption algorithm. In: Preneel, B. (ed.) FSE 1994. LNCS, vol. 1008, pp. 86–96. Springer, Heidelberg (1995). https://doi.org/10.1007/3-540-60590-8_7
Rivest, R.L., Shamir, A., Adleman, L.: A method for obtaining digital signatures and public-key cryptosystems. Commun. ACM 21(2), 120–126 (1978)
Wang, D., Wang, P.: Offline dictionary attack on password authentication schemes using smart cards. In: Desmedt, Y. (ed.) ISC 2013. LNCS, vol. 7807, pp. 221–237. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-27659-5_16
Acknowledgements
This work was partially supported by the Ministry of Science and Technology of Taiwan under grant MOST 111-2218-E-011-016- and MOST 111-2813-C-011-021-H.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Wu, FT., Tung, SW., Huang, JJ. (2022). A Robust Two Factor Authentication Scheme with Fine Grained Biometrics Verification. In: Hsieh, SY., Hung, LJ., Klasing, R., Lee, CW., Peng, SL. (eds) New Trends in Computer Technologies and Applications. ICS 2022. Communications in Computer and Information Science, vol 1723. Springer, Singapore. https://doi.org/10.1007/978-981-19-9582-8_36
Download citation
DOI: https://doi.org/10.1007/978-981-19-9582-8_36
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-19-9581-1
Online ISBN: 978-981-19-9582-8
eBook Packages: Computer ScienceComputer Science (R0)