A Secure and Robust Three-Factor Based Authentication Scheme Using RSA Cryptosystem

A Secure and Robust Three-Factor Based Authentication Scheme Using RSA Cryptosystem

Rifaqat Ali (Department of Computer Science and Engineering, Indian Institute of Technology (Indian School of Mines), Dhanbad, India) and Arup Kumar Pal (Department of Computer Science and Engineering, Indian Institute of Technology (Indian School of Mines), Dhanbad, India)
DOI: 10.4018/IJBDCN.2017010107
OnDemand PDF Download:
No Current Special Offers


In remote user authentication, a server confirms the authenticity of a user via unreliable channel. Several authentication protocols are devised in the literature relied on the identity, password and biometric of a user. But, most of the authentication protocols are either computationally expensive or not-secure from several kinds of malicious threats. In this document, the authors have suggested a secure and robust three-factor (such as password, smartcard and biometric) based authentication scheme by using RSA cryptosystem. The proposed protocol is validated through BAN logic. Then, formal security analysis using random oracle model shows that the identity, password, biometric and session key are highly secure from an adversary. Besides, the informal security analysis of our protocol proves that it withstands to several kinds of malicious attacks. In addition, performance comparison of presented scheme with respect to other schemes is comparatively suitable in the context of communication and computation costs.
Article Preview

1. Introduction

By the speedy growth of Internet technology, several Internet based applications such on-line shopping, Internet banking, e-learning, e-health are widely used and popular among computer users. But, Internet inherently is not able to provide any kinds of security to prevent several malicious attacks during accessing these on-line services. In most of these on-line applications, authentication is one of the essential security methods to verify the legality of the remote client to prevent forgery. The traditional authentication scheme (Lamport, 1981) was designed based on password and identity of a user. This kind of authentication scheme is also known as two factor authentication scheme. The deficiency of such kind of authentication scheme is that the authentication information is possible to forge by an attacker. To remedy this weakness, several authors have devised biometric based authentication schemes (Hwang et al., 1990), those are much more efficient and secure than traditional authentication schemes.

Lamport (1981) firstly projected the password based authentication scheme. In this scheme, the verification table is stored at the server end. As a result, the scheme will not work when any kind of alteration will take place on verification table by an attacker. Hwang et al. (1990) also suggested a password based authentication scheme without keeping the verification table at the server end. But, in their scheme, password change is not an easy process. Later, Hwang and Li (2000) proposed two-factor based authentication protocol using ElGamal public key cryptosystem. But, the user was restricted to change the password in their scheme. Some other authors (Fan et al., 2005; Lee et al., 2005; Tsai, 2008) have also devised some smartcard based remote user authentication schemes to obviate the earlier issues at some certain level of extent. Khan et al. (2013) suggested a smart-card based authentication scheme for accessing healthcare services in secure way. Xie et al. (2013) designed a secure anonymous preserving authentication scheme to remove their vulnerability even if an attacker knows all confidential parameters kept in the smart-card. Dictionary attack is possible on these traditional remote user authentication schemes. Another, major issue is to protect the security even if the password and smart card are stolen or misplaced. Chen et al. (2014) presented authentication protocol which is capable to resist the smart card stolen or misplacement attack. However, biometric based authentication schemes are more robust in the context of authentication because only authorized users are allowed to access the system.

Generally, remote user authentication using biometrics is essentially high safe and trustworthy than the traditional authentication scheme because biometric keys such as face, iris and finger print cannot be stolen or forgotten, difficult to copy or share. Several biometric using remote user authentication protocols are designed (Ku et al., 2005; Das, 2011; Li and Hwang, 2010; Khan and Zhang, 2007). These algorithms were developed in various cryptographic environments like RSA cryptosystem (Das and Bruhadeshwar, 2013; Giri et al., 2015), ElGamal cryptosystem and ECC (Zhang et al., 2014). RSA is one of the famous public-key cryptosystem and broadly used in various applications in field of security. So, in this paper, our objective is to design a three key factor based authentication scheme in RSA environment which is maintaining high security along with comparatively less communication and computation overheads.

Complete Article List

Search this Journal:
Open Access Articles: Forthcoming
Volume 18: 2 Issues (2022): Forthcoming, Available for Pre-Order
Volume 17: 2 Issues (2021): 1 Released, 1 Forthcoming
Volume 16: 2 Issues (2020)
Volume 15: 2 Issues (2019)
Volume 14: 2 Issues (2018)
Volume 13: 2 Issues (2017)
Volume 12: 2 Issues (2016)
Volume 11: 2 Issues (2015)
Volume 10: 4 Issues (2014)
Volume 9: 4 Issues (2013)
Volume 8: 4 Issues (2012)
Volume 7: 4 Issues (2011)
Volume 6: 4 Issues (2010)
Volume 5: 4 Issues (2009)
Volume 4: 4 Issues (2008)
Volume 3: 4 Issues (2007)
Volume 2: 4 Issues (2006)
Volume 1: 4 Issues (2005)
View Complete Journal Contents Listing