Abstract
As the number of users in remote server environments is more prevalent (i.e., in e-payment, e-healthcare), a secure authentication scheme becomes increasingly important for this paradigm. In general, single-factor authentication in remote-systems suffers from several security issues, whereas multi-factor authentication can be considered as an alternative solution where additional factors increase the security level. However, in existing multi-factor authentication schemes, leakage of randomness and identity-concealment are not well considered; these can cause privacy issues in some application scenarios. In this paper, we propose a two-factor-based identity-concealed authentication scheme refer to as ICAS. ICAS ensures secure authentication between the user and remote server even if some intermediate randomness (e.g., Diffie-Hellman exponent) has been exposed to an adversary, prevents users’ identity against adversaries, can resist perpetual leakage of confidential information, and provide a strong security guarantee against device lost attacks. We define a proper security model in the random oracle and prove the security of ICAS under the model. We provide a comprehensive performance evaluation, which shows that ICAS is efficient. Specifically, the proposed scheme reduces the total computation cost by at least 24% and reduces the user’s communication cost by at least 4%; thereby, ICAS is feasible to deploy in the practical environment.
Original language | English |
---|---|
Article number | 102077 |
Number of pages | 15 |
Journal | Journal of Systems Architecture |
Volume | 117 |
Early online date | 23 Mar 2021 |
DOIs | |
Publication status | Published - Aug 2021 |
Bibliographical note
This work is supported by the National Natural Science Foundation of China under Grant 61872060, the National Key R&D Program of China under Grant2017YFB802000, and the National Natural Science Foundation of China under Grant 61370203.
Keywords
- Two-factor authentication
- Identity-concealment
- Remote server
- Intermediate randomness