A Generic Framework for Three-Factor Authentication: Preserving Security and Privacy in Distributed Systems

Author

Huang, Xinyi ; Xiang, Yang ; Chonka, Ashley ; Zhou, Jianying ; Deng, Robert H.

Author_Institution

Sch. of Inf. Syst., Singapore Manage. Univ., Singapore, Singapore

Volume

22

Issue

8

fYear

2011

Firstpage

1390

Lastpage

1397

Abstract

As part of the security within distributed systems, various services and resources need protection from unauthorized use. Remote authentication is the most commonly used method to determine the identity of a remote client. This paper investigates a systematic approach for authenticating clients by three factors, namely password, smart card, and biometrics. A generic and secure framework is proposed to upgrade two-factor authentication to three-factor authentication. The conversion not only significantly improves the information assurance at low cost but also protects client privacy in distributed systems. In addition, our framework retains several practice-friendly properties of the underlying two-factor authentication, which we believe is of independent interest.

Keywords

authorisation; biometrics (access control); data privacy; distributed processing; smart cards; biometrics; client privacy; distributed systems privacy; distributed systems security; information assurance; password; remote authentication; remote client; smart card; three factor authentication; Authentication; Iris recognition; Privacy; Protocols; Servers; Authentication; biometrics.; distributed systems; password; privacy; security; smart card;

fLanguage

English

Journal_Title

Parallel and Distributed Systems, IEEE Transactions on

Publisher

ieee

ISSN

1045-9219

Type

jour

DOI

10.1109/TPDS.2010.206

Filename

5639010