http://iet.metastore.ingenta.com
1887

A secure data backup scheme using multi-factor authentication

A secure data backup scheme using multi-factor authentication

For access to this article, please select a purchase option:

Buy article PDF
£12.50
(plus tax if applicable)
Buy Knowledge Pack
10 articles for £75.00
(plus taxes if applicable)

IET members benefit from discounts to all IET publications and free access to E&T Magazine. If you are an IET member, log in to your account and the discounts will automatically be applied.

Learn more about IET membership 

Recommend to library

You must fill out fields marked with: *

Librarian details
Name:*
Email:*
Your details
Name:*
Email:*
Department:*
Why are you recommending this title?
Select reason:
 
 
 
 
 
IET Information Security — Recommend this title to your library

Thank you

Your recommendation has been sent to your librarian.

Sensitive data stored in laptops or other mobile devices can easily be lost, stolen, misplaced or corrupted, the remote backup storage technique is used to address these issues; however, the backup server could not be fully trusted, the data should be encrypted in advance. Although the key is more easily protected due to the smaller size compared with the backup data, it is still impossible for ordinary human to remember. A user-centred design data backup scheme is proposed using multi-factor authentication. The user firstly selects a symmetrical key and divides it into three shares, then destroys the key. The key can easily be reconstructed by combining the shares stored in the user's smart card and the laptop. Even if the smart card or laptop is lost, the key can still be recovered with the password and biometrics. The proposed scheme not only achieves the required security goals but also is more robust and practical.

References

    1. 1)
      • L. Wei , H. Zhu , Z. Cao .
        1. Wei, L., Zhu, H., Cao, Z., et al: ‘Security and privacy for storage and computation in cloud computing’, Inf. Sci., 2014, 258, (3), pp. 371386.
        . Inf. Sci. , 3 , 371 - 386
    2. 2)
      • J. Weinman .
        2. Weinman, J.: ‘The future of cloud computing’, Expert Group Report European Commission, 2010, 3, (1), pp. 4768.
        . Expert Group Report European Commission , 1 , 47 - 68
    3. 3)
      • J. Katz , Y. Lindell . (2007)
        3. Katz, J., Lindell, Y.: ‘Introduction to modern cryptography’ (CRC Press, 2007).
        .
    4. 4)
      • A.K. Das .
        4. Das, A.K.: ‘Analysis and improvement on an efficient biometric-based remote user authentication scheme using smart cards’, Inf. Sec., 2011, 5, (3), pp. 145151.
        . Inf. Sec. , 3 , 145 - 151
    5. 5)
      • C. Chang , Y. Chou , C. Sun .
        5. Chang, C., Chou, Y., Sun, C.: ‘Novel and practical scheme based on secret sharing for laptop data protection’, Inf. Sec., 2015, 9, (2), pp. 100107.
        . Inf. Sec. , 2 , 100 - 107
    6. 6)
      • A. Shamir .
        6. Shamir, A.: ‘How to share a secret’, ACM Commun., 1979, 22, (11), pp. 612613.
        . ACM Commun. , 11 , 612 - 613
    7. 7)
      • Y. Tian , J. Ma , C. Peng .
        7. Tian, Y., Ma, J., Peng, C., et al: ‘Fair (t, n) threshold secret sharing scheme’, Inf. Sec., 2013, 7, (2), pp. 106112.
        . Inf. Sec. , 2 , 106 - 112
    8. 8)
      • L. Harn .
        8. Harn, L.: ‘Comments on ‘fair (t, n) threshold secret sharing scheme’’, Inf. Sec., 2014, 8, (6), pp. 303304.
        . Inf. Sec. , 6 , 303 - 304
    9. 9)
      • X. Huang , Y. Xiang , A. Chonka .
        9. Huang, X., Xiang, Y., Chonka, A., et al: ‘A generic framework for three-factor authentication: preserving security and privacy in distributed systems’, Trans. Parallel Distrib. Syst., 2011, 22, (8), pp. 13901397.
        . Trans. Parallel Distrib. Syst. , 8 , 1390 - 1397
    10. 10)
      • C. Lin , Y. Lai .
        10. Lin, C., Lai, Y.: ‘A flexible biometric remote user authentication scheme’, Comp. Stand. Interf., 2004, 27, (1), pp. 1923.
        . Comp. Stand. Interf. , 1 , 19 - 23
    11. 11)
      • M.K. Khan , J. Zhang , X. Wang .
        11. Khan, M.K., Zhang, J., Wang, X.: ‘Chaotic hash-based fingerprint biometric remote user authentication scheme on mobile devices’, Chaos Soliton Fract., 2008, 35, (3), pp. 519524.
        . Chaos Soliton Fract. , 3 , 519 - 524
    12. 12)
      • C. Li , M. Hwang .
        12. Li, C., Hwang, M.: ‘An efficient biometric-based remote authentication scheme using smart cards’, J. Netw. Comput. Appl., 2010, 33, (1), pp. 15.
        . J. Netw. Comput. Appl. , 1 , 1 - 5
    13. 13)
      • Y. An .
        13. An, Y.: ‘Security analysis and enhancements of an effective biometric-based remote user authentication scheme using smart cards’, Biomed. Res. Int., 2011, 2012, (4), pp. 213219.
        . Biomed. Res. Int. , 4 , 213 - 219
    14. 14)
      • M. Khan , S. Kumari .
        14. Khan, M., Kumari, S.: ‘An improved biometrics-based remote user authentication scheme with user anonymity’, Biomed. Res. Int., 2013, 2013, (10), pp. 10101014.
        . Biomed. Res. Int. , 10 , 1010 - 1014
    15. 15)
      • A. Chaturvedi , D. Mishra , S. Mukhopadhyay .
        15. Chaturvedi, A., Mishra, D., Mukhopadhyay, S.: ‘Improved biometric-based three-factor remote user authentication scheme with key agreement using smart card’. ICISS, 2013, Proc. of the 9th Int. Conf. on Information Systems Security (LNCS, 8303), pp. 6377.
        . ICISS , 63 - 77
    16. 16)
      • X. Li , J. Niu , M.K. Khan .
        16. Li, X., Niu, J., Khan, M.K., et al: ‘Robust biometrics based three-factor remote user authentication scheme with key agreement’. Biometrics and Security Technologies (ISBAST), 2013 Int. Symp. on. IEEE, 2013, pp. 105110.
        . Biometrics and Security Technologies (ISBAST), 2013 Int. Symp. on. IEEE , 105 - 110
    17. 17)
      • H.M. Mathew , S.B.E. Raj , P.S.J. Gundapu .
        17. Mathew, H.M., Raj, S.B.E., Gundapu, P.S.J., et al: ‘An improved three-factor authentication scheme using smart card with biometric privacy protection’. Electronics Computer Technology (ICECT), 2011 3rd Int. Conf. on. IEEE, 2011, pp. 220223.
        . Electronics Computer Technology (ICECT), 2011 3rd Int. Conf. on. IEEE , 220 - 223
    18. 18)
      • M. Sarvabhatla , M. Giri , C.S. Vorugunti .
        18. Sarvabhatla, M., Giri, M., Vorugunti, C.S.: ‘A secure biometrics-based remote user authentication scheme for secure data exchange’. Embedded Systems (ICES), 2014 Int. Conf. on. IEEE, 2014, pp. 110115.
        . Embedded Systems (ICES), 2014 Int. Conf. on. IEEE , 110 - 115
    19. 19)
      • L. Lamport .
        19. Lamport, L.: ‘Password authentication with insecure communication’, ACM Commun., 1981, 24, (11), pp. 770772.
        . ACM Commun. , 11 , 770 - 772
    20. 20)
      • X. Wang , W. Zhang , J. Zhang .
        20. Wang, X., Zhang, W., Zhang, J., et al: ‘Cryptanalysis and improvement on two efficient remote user authentication scheme using smart cards’, Comp. Stand. Interf., 2007, 29, (5), pp. 507512.
        . Comp. Stand. Interf. , 5 , 507 - 512
    21. 21)
      • D. Wang , G. Jian , X. Huang . (2014)
        21. Wang, D., Jian, G., Huang, X., et al: ‘Zipf's law in passwords’, Tech. Rep., Cryptology ePrint Archive, Report 2014/631, 2014.
        .
    22. 22)
      • Q. Jiang , F. Wei , S. Fu .
        22. Jiang, Q., Wei, F., Fu, S., et al: ‘Robust extended chaotic maps-based three-factor authentication scheme preserving biometric template privacy’, Nonlinear Dyn., 2016, 83, (4), pp. 20852104.
        . Nonlinear Dyn. , 4 , 2085 - 2104
    23. 23)
      • D. Wang , C. Ma . (2012)
        23. Wang, D., Ma, C.: ‘Robust smart card based password authentication scheme against smart card security breach’, Cryptology ePrint Archive, Report 2012/439, 2012 (http://eprint.iacr.org/2012/439.pdf)..
        .
    24. 24)
      • F. Aloul , S. Zahidi , W. El-Hajj .
        24. Aloul, F., Zahidi, S., El-Hajj, W.: ‘Two factor authentication using mobile phones’. Computer Systems and Applications, 2009. AICCSA 2009. IEEE/ACS Int. Conf. on. IEEE, 2009, pp. 641644.
        . Computer Systems and Applications, 2009. AICCSA 2009. IEEE/ACS Int. Conf. on. IEEE , 641 - 644
    25. 25)
      • H. Shen , C. Cao , D. He .
        25. Shen, H., Cao, C., He, D., et al: ‘New biometrics-based authentication scheme for multi-server environment in critical systems’, J Ambient Intell Humaniz Comput, 2015, 6, (6), pp. 825834.
        . J Ambient Intell Humaniz Comput , 6 , 825 - 834
    26. 26)
      • D. He , Y. Zhang , J. Chen .
        26. He, D., Zhang, Y., Chen, J.: ‘Robust biometric-based user authentication scheme for wireless sensor networks’, Ad Hoc Sens. Wirel. Netw., 2015, 25, (3–4), pp. 309321.
        . Ad Hoc Sens. Wirel. Netw. , 309 - 321
    27. 27)
      • H. Om , M. Reddy .
        27. Om, H., Reddy, M.: ‘Geometric based remote password authentication using biometrics’, J. Discrete Math. Sci. Cryptogr., 2013, 16, (4), pp. 207220.
        . J. Discrete Math. Sci. Cryptogr. , 4 , 207 - 220
    28. 28)
      • A. Das , A. Goswami .
        28. Das, A., Goswami, A.: ‘A robust anonymous biometric-based remote user authentication scheme using smart cards’, J. King Saud Univ. –Comp. Inf. Sci., 2015, 27, (2), pp. 193210.
        . J. King Saud Univ. –Comp. Inf. Sci. , 2 , 193 - 210
    29. 29)
      • A. Jain , A. Ross , K. Nandakumar . (2011)
        29. Jain, A., Ross, A., Nandakumar, K.: ‘Introduction to biometrics’ (Springer Press, 2011, 1st edn.).
        .
    30. 30)
      • Y. Dodis , L. Reyzin .
        30. Dodis, Y., Reyzin, L.: ‘Fuzzy extractors: how to generate strong keys from biometrics and other noisy data’, SIAM J. Comput., 2008, 38, (1), pp. 97139.
        . SIAM J. Comput. , 1 , 97 - 139
    31. 31)
      • M. Burrows , M. Abadi , R. Needham .
        31. Burrows, M., Abadi, M., Needham, R.: ‘A logic of authentication’, ACM Trans. Comp. Syst., 1990, 8, (1), pp. 16.
        . ACM Trans. Comp. Syst. , 1 , 1 - 6
    32. 32)
      • (2016)
        32. ‘Crypto++ Library 5.6.3’, http://www.cryptopp.com, accessed at 20 May2016.
        .
    33. 33)
      • T. Wu , Y. Tseng .
        33. Wu, T., Tseng, Y.: ‘An efficient user authentication and key exchange protocol for mobile client-server environment’, Comput. Netw., 2010, 54, (9), pp. 15201530.
        . Comput. Netw. , 9 , 1520 - 1530
    34. 34)
      • D. He , S. Zeadally , N. Kumar .
        34. He, D., Zeadally, S., Kumar, N., et al: ‘Efficient and anonymous mobile user authentication protocol using self-certified public key cryptography for multi-server architectures’, IEEE Trans. Inf. Forensics Security, 2016, 11, (9), pp. 20522064.
        . IEEE Trans. Inf. Forensics Security , 9 , 2052 - 2064
http://iet.metastore.ingenta.com/content/journals/10.1049/iet-ifs.2016.0103
Loading

Related content

content/journals/10.1049/iet-ifs.2016.0103
pub_keyword,iet_inspecKeyword,pub_concept
6
6
Loading
This is a required field
Please enter a valid email address