Title: A novel biometric-based password authentication scheme for client-server environment using ECC and fuzzy extractor

Authors: SK Hafizul Islam; Ashok Kumar Das; Muhammad Khurram Khan

Addresses: Department of Computer Science and Information Systems, Birla Institute of Technology and Science, Pilani, Rajasthan 333031, India ' Center for Security, Theory and Algorithmic Research, International Institute of Information Technology, Hyderabad 500 032, India ' Center of Excellence in Information Assurance, King Saud University, Riyadh 11451, Saudi Arabia

Abstract: In this paper, we devise a new and efficient biometric-based password authentication scheme (BIO-PWA) for the client-server environment. Our scheme uses the elliptic curve cryptography (ECC) along with the fuzzy extractor. Through the rigorous security analysis, we show that our scheme is secure against various known attacks. We further show that our scheme is secure in the generic group model through the formal security analysis. In addition, the formal security verification of our scheme using the widely-accepted automated validation of internet security protocols and applications (AVISPA) tool is performed against active and passive adversaries and the simulation results clearly demonstrate that our scheme is secure against active and passive attacks, including the replay and man-in-the-middle attacks. Finally, we show that our scheme is also efficient in computation against the existing related ECC-based authentication schemes for the client-server environment.

Keywords: biometric; fuzzy extractor; password; hash function; smartcard; ECC; elliptic curve cryptography; remote user authentication; security.

DOI: 10.1504/IJAHUC.2018.089583

International Journal of Ad Hoc and Ubiquitous Computing, 2018 Vol.27 No.2, pp.138 - 155

Received: 25 Jun 2015
Accepted: 02 Nov 2015
Published online: 31 Jan 2018 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article