Remote Password Authentication Scheme with Smart Cards and Biometrics

Lin, Yi-Hui

26 July 2006

More and more researchers combine biometrics with passwords and smart cards to design remote authentication schemes for the purpose of high-degree security. However, in most of these authentication schemes proposed in the literatures so far, biometric characteristics are verified in the smart cards only, not in the remote servers, during the authentication processes. Although this kind of design can prevent the biometric data of the users from being known to the servers, it will result in that they are not real three-factor authentication schemes and therefore some security flaws may occur since the remote servers do not indeed verify the security factor of biometrics. In this thesis we propose a truly three-factor remote authentication scheme where all of the three security factors, passwords, smart cards, and biometric characteristics, are examined in the remote servers. Especially, the proposed scheme fully preserves the privacy of the biometric data of every user, that is, the scheme does not reveal the biometric data to anyone else, including the remote servers. Furthermore, we also demonstrate that the proposed scheme is immune to both the replay attacks and the offline-dictionary attacks and it achieves the requirement of low-computation cost for smart-card users. Finally, we give a formal analysis based on the GNY logic to prove that our goals are achieved.

Smart cards

Biometrics

Three-factor security

Remote authentication

Passwords

GNY logic