A Privacy-Preserving RLWE-Based Remote Biometric Authentication Scheme for Single and Multi-Server Environments

Lwamo et al. recently proposed a robust and efficient remote single and multi-server biometric authentication scheme using smart card and RSA . The scheme is vulnerable to the smart card lost attacks; therefore, the scheme cannot resist offline guessing attacks and user impersonation attacks, and ca...

Full description

Saved in:
Bibliographic Details
Published in:IEEE access 2019, Vol.7, p.109597-109611
Main Authors: Yao, Hailong, Wang, Caifen, Fu, Xingbing, Liu, Chao, Wu, Bin, Li, Fagen
Format: Article
Language:English
Subjects:
Algorithms
Authenticated key exchange
Authentication
biometric authentication
Biometrics
Encryption
Password
Privacy
privacy-preserving
Resists
RLWE
Security
Servers
Smart cards
Citations: Items that this one cites
Items that cite this one
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Lwamo et al. recently proposed a robust and efficient remote single and multi-server biometric authentication scheme using smart card and RSA . The scheme is vulnerable to the smart card lost attacks; therefore, the scheme cannot resist offline guessing attacks and user impersonation attacks, and cannot provide forward security and user anonymity. To address these issues, we propose a new privacy-preserving ring learning with errors ( RLWE )-based remote biometric authentication scheme ( RRBAS ) for single and multi-server environments. RRBAS is the first lattice-based remote biometric authentication scheme for multi-server environments. Security analysis show that RRBAS can satisfy the authenticated key exchange ( AKE ) security in the random oracle model, resist known security attacks, and provide post-quantum security. The experimental evaluation and comparative analysis show that RRBAS 's computational efficiency is better than that of Lwamo et al. , while the communication efficiency is slightly lower than traditional schemes because of the large-size ciphertext of the lattice-based cryptosystem, but it is fully capable of session key agreement in single and multi-server environments.
ISSN:2169-3536
2169-3536
DOI:10.1109/ACCESS.2019.2933576