Design and analysis of a secure three factor user authentication scheme using biometric and smart card

Abstract

Password security can no longer provide enough security in the area of remote user authentication. Despite taking numerous attempts to enhance the security of password based system, the attackers are still able to steal passwords. This is mostly due to the user’s habit of using password. Most of the users use weak passwords, reuse the same password in several accounts that causes domino effect, store these passwords and reset them frequently. Considering these security drawbacks, researchers are trying to find solution with multifactor remote user authentication system. Some of them have proposed remote user authentication schemes using smart card alongside password. However, some of the schemes have their own drawbacks and are unable to provide proper security to the users. Recently, three factor remote user authentication using biometric and smart card alongside password has drawn a considerable attention of the researchers. Researchers have proposed several remote user authentication schemes. However, most of those schemes have security flaws. They are vulnerable to one or more attacks like user impersonation attack, server masquerading attack, password guessing attack, insider attack, denial of service attack, forgery attack, etc. Moreover, most of them are unable to provide mutual authentication, session key agreement and password, or smart card recovery system. Considering these drawbacks, a secure three factor user authentication scheme using biometric and smart card is proposed in this thesis. Besides registration and authentication, our scheme has mechanisms for password and smart card recovery. Through security analysis, we show that our proposed scheme can overcome drawbacks of existing systems and ensure high security in remote user authentication.