Biometric-based two-factor authentication scheme under database leakage
Theoretical Computer Science, ISSN: 0304-3975, Vol: 1000, Page: 114552
2024
- 9Captures
- 1Mentions
Metric Options: Counts1 Year3 YearSelecting the 1-year or 3-year option will change the metrics count to percentiles, illustrating how an article or review compares to other articles or reviews within the selected time period in the same journal. Selecting the 1-year option compares the metrics against other articles/reviews that were also published in the same calendar year. Selecting the 3-year option compares the metrics against other articles/reviews that were also published in the same calendar year plus the two years prior.
Example: if you select the 1-year option for an article published in 2019 and a metric category shows 90%, that means that the article or review is performing better than 90% of the other articles/reviews published in that journal in 2019. If you select the 3-year option for the same article published in 2019 and the metric category shows 90%, that means that the article or review is performing better than 90% of the other articles/reviews published in that journal in 2019, 2018 and 2017.
Citation Benchmarking is provided by Scopus and SciVal and is different from the metrics context provided by PlumX Metrics.
Example: if you select the 1-year option for an article published in 2019 and a metric category shows 90%, that means that the article or review is performing better than 90% of the other articles/reviews published in that journal in 2019. If you select the 3-year option for the same article published in 2019 and the metric category shows 90%, that means that the article or review is performing better than 90% of the other articles/reviews published in that journal in 2019, 2018 and 2017.
Citation Benchmarking is provided by Scopus and SciVal and is different from the metrics context provided by PlumX Metrics.
Metrics Details
- Captures9
- Readers9
- Mentions1
- News Mentions1
- News1
Article Description
A Two-Factor Authentication (2FA) scheme can authenticate a client if the client is able to provide the possession factor (like biometric feature, smart card) and the knowledge factor (like password, secret key) simultaneously. With only one factor, it is hard for an adversary to impersonate the client to pass the authentication, and thus 2FA provides better security than single-factor authentication schemes. However, as far as we know, all existing 2FA schemes do not consider the leakage of server's database, and their authenticity may fail when the database is also compromised (in addition to one factor). Considering numerous reports of database leakage in the real world, it seems imminent to study and design 2FA schemes resilient to database leakage. In this paper, we formalize security models for 2FA schemes by taking database leakage into account. Our security models consider malicious adversaries who can obtain both the client's one authentication factor and the server's database, and have two requirements, authenticity and zero-knowledge. Authenticity ensures that such malicious adversaries cannot impersonate the client to pass the authentication, while zero-knowledge guarantees that such malicious adversaries obtain no information about the client's the other factor. Zero-knowledge is especially important for biometric features (like faces, fingerprints), which are inherent to human beings and can hardly be changed. Then we propose a biometric-based 2FA scheme with biometric feature and secret key serving as the two authentication factors. Our 2FA scheme has three rounds, and we prove its authenticity and zero-knowledge under database leakage in the random oracle model. Notably, our construction makes a novel use of a recent technical advance called robust property-preserving hashing (Boyle et al., ITCS 2019) together with fully homomorphic encryption, to recognize or discern clients by their biometric samplings in a homomorphic and secure way.
Bibliographic Details
http://www.sciencedirect.com/science/article/pii/S0304397524001671; http://dx.doi.org/10.1016/j.tcs.2024.114552; http://www.scopus.com/inward/record.url?partnerID=HzOxMe3b&scp=85190521755&origin=inward; https://linkinghub.elsevier.com/retrieve/pii/S0304397524001671; https://dx.doi.org/10.1016/j.tcs.2024.114552
Elsevier BV
Provide Feedback
Have ideas for a new metric? Would you like to see something else here?Let us know