Your browser does not support JavaScript!
http://iet.metastore.ingenta.com
1887

access icon free Enhanced secure data backup scheme using multi-factor authentication

  • Author(s): Huidan Hu 1, 2, 3 ; Changlu Lin 1, 2 ; Chin-Chen Chang 3 ; Lanxiang Chen 1, 2
    • View affiliations
  • Source: Volume 13, Issue 6, November 2019, p. 649 – 658
    DOI:  10.1049/iet-ifs.2018.5380 , Print ISSN 1751-8709, Online ISSN 1751-8717
© The Institution of Engineering and Technology
Received 25/07/2018, Accepted 09/07/2019, Revised 17/04/2019, Published 17/07/2019

Remote data backup technology facilitates data storage for users. However, an attacker may intercept some sensitive data on transfer. To solve this problem, sensitive data should be encrypted before uploading to the remote storage. Thus, protecting the secret encryption key is very important. Liu et al. have designed a scheme to protect the secret key using the secret-sharing method and multi-factor authentication. Unfortunately, the authors find some security weaknesses of Liu et al.’s scheme. Liu et al.’s scheme cannot resist offline password guessing attack, the server impersonation attack, the user impersonation attack and an attacker updating password/biometrics attack. They present an enhanced secure data backup scheme using multi-factor authentication to overcome all above-mentioned security threats. The user first divided a secret used to encrypt sensitive data into three shares using Shamir's secret sharing. Moreover, then the user uses the own password and biometrics to hide the true shares, and stores the pseudo three shares in the smart card, the laptop and the server, separately. Furthermore, the proposed scheme is illustrated in detail, and they give a security comparison of their scheme with Liu et al.’s scheme and computational costs.

Inspec keywords: security of data; message authentication; cryptography; authorisation; telecommunication security; cryptographic protocols; smart cards; biometrics (access control)

Other keywords: attacker updating password/biometrics; shares; remote data backup technology; enhanced secure data backup scheme; secret-sharing method; secret key; secret encryption key; above-mentioned security threats; server impersonation attack; remote storage; offline password guessing attack; multifactor authentication; sensitive data; Liu; Shamir's secret sharing; user impersonation attack; security comparison; data storage; security weaknesses

Subjects: Cryptography; Data security; Protocols

References

    1. 1)
      • 19. Li, C.T., Hwang, M.S.: ‘An efficient biometrics-based remote user authentication scheme using smart card’, J. Netw. Comput. Appl., 2010, 33, (1), pp. 15.
    2. 2)
      • 24. Om, H., Reddy, M.: ‘Geometric based remote password authentication using biometrics’, J. Discrete Math. Sci. Cryptogr., 2013, 16, (4), pp. 207220.
    3. 3)
      • 16. Lee, J.K., Ryu, S.R., Yoo, K.Y.: ‘Fingerprint-based remote user authentication scheme using smart card’, Electron. Lett., 2001, 38, (12), pp. 554555.
    4. 4)
      • 15. Wang, D., Ma, C.G., Wang, P., et al: ‘Robust smart card based password authentication scheme against smart card security breach’, Cryptol. ePrint Arch., 2012, 2012, (439), pp. 135.
    5. 5)
      • 11. Sood, S.K., Sarje, A.K., Singh, K.: ‘An improvement of Xu et al.’s authentication scheme using smart cards’. Proceedings of the Third Annual ACM Bangalore Conference - COMPUTE 2010, Bangalore, India, 2010, pp. 15.
    6. 6)
      • 27. Ali, R., Pal, A.K.: ‘An efficient three factor-based authentication scheme in multiserver environment using ECC’, Int. J. Commun. Syst., 2018, 31, (4), p. e3484.
    7. 7)
      • 18. Chang, C.C., Lin, I.C.: ‘Remarks on fingerprint-based remote user authentication scheme using smart card’, SIGOPS Oper. Syst. Rev., 2004, 3, (4), pp. 9196.
    8. 8)
      • 8. Qiu, S., Xu, G., Ahmad, H., et al: ‘A robust mutual authentication scheme based on elliptic curve cryptography for telecare medical information systems’, IEEE Access, 2018, 6, pp. 74527463.
    9. 9)
      • 7. Liu, Y., Zhong, Q., Chang, L., et al: ‘A secure data backup scheme using multi-factor authentication’, IET Inf. Sec., 2017, 11, (5), pp. 250255.
    10. 10)
      • 1. Wei, L., Zhu, H., Cao, Z., et al: ‘Security and privacy for storage and computation in cloud computing’, Inf. Sci., 2014, 258, (3), pp. 371386.
    11. 11)
      • 6. Shamir, A.: ‘How to share a secret’, ACM Commun., 1979, 22, (11), pp. 612613.
    12. 12)
      • 10. Chang, C.C., Wu, T.C.: ‘Remote password authentication with smart card’, IET Comput. Digit. Tech., 1991, 138, (3), pp. 165168.
    13. 13)
      • 12. Chen, B.L., Kuo, W.C., Wuu, L.C.: ‘Robust smart-card-based remote user password authentication scheme’, Int. J. Commun. Syst., 2014, 17, (2), pp. 377389.
    14. 14)
      • 28. Roy, S., Chatterjee, S., Mahapatra, G., et al: ‘An efficient biometric based remote user authentication scheme for secure Internet of things environment’, J. Intell. Fuzzy. Syst., 2018, 34, (3), pp. 14031410.
    15. 15)
      • 26. Wazid, M., Das, A.K., Kumar, N., et al: ‘Secure three-factor user authentication scheme for renewable-energy-based smart grid environment’, IEEE Trans. Ind. Inf., 2017, 13, (6), pp. 31443153.
    16. 16)
      • 9. Lamport, L.: ‘Password authentication with insecure communication’, ACM Commun., 1981, 24, (11), pp. 770772.
    17. 17)
      • 4. ‘Increase in stolen laptops endangers data security’. Available at http://chronicle.com/article/Inc-rease-in-Stolen-Laptops/31544, accessed March 2014.
    18. 18)
      • 22. Khan, M., Kumari, S.: ‘An improved biometrics-based remote user authentication scheme with user anonymity’, BioMed. Res. Int., 2013, 2013, (10), pp. 10101014.
    19. 19)
      • 2. Zhou, J., Cao, Z., Dong, X., et al: ‘Security and privacy for cloud-based IoT: challenges’, IEEE Commun. Mag., 2017, 55, (1), pp. 2633.
    20. 20)
      • 14. Hsieh, W.B., Leu, J.S: ‘Exploiting hash functions to intensify the remote user authentication scheme’, Comput. Secur., 2012, 31, (6), pp. 791798.
    21. 21)
      • 25. Dodis, Y., Reyzin, L.: ‘Fuzzy extractors: how to generate strong keys from biometrics and other noisy data’, SIAM J. Comput., 2008, 38, (1), pp. 97139.
    22. 22)
      • 21. An, Y.: ‘Security analysis and enhancements of an effective biometric-based remote user authentication scheme using smart cards’, BioMed. Res. Int., 2012, 4, pp. 213219.
    23. 23)
      • 20. Das, A.K.: ‘Analysis and improvement on an efficient biometric-based remote user authentication scheme using smart cards’, Inf. Sec., 2011, 5, (3), pp. 145151.
    24. 24)
      • 13. Yang, G.M., Wong, D.S., Wang, H.X., et al: ‘Two-factor mutual authentication based on smart cards and password’, J. Comput. Syst. Sci., 2008, 74, (7), pp. 11601172.
    25. 25)
      • 17. Lin, C.H., Lai, Y.Y.: ‘A flexible biometrics remote user authentication scheme’, Comput. Stand. Interfaces, 2004, 7, (1), pp. 1923.
    26. 26)
      • 3. Katz, J., Lindell, Y.: ‘Introduction to modern cryptography’ (CRC Press, 2007).
    27. 27)
      • 5. Chang, C., Chou, Y., Sun, C.: ‘Novel and practical scheme based on secret sharing for laptop data protection’, Inf. Sec., 2015, 9, (2), pp. 100107.
    28. 28)
      • 23. Sarvabhatla, M., Giri, M., Vorugunti, C.S.: ‘A secure biometrics based remote user authentication scheme for secure data exchange’. 2014 Int. Conf. Embedded Systems (ICES), Coimbatore, India, 2014, pp. 110115.
http://iet.metastore.ingenta.com/content/journals/10.1049/iet-ifs.2018.5380
Loading

Related content

content/journals/10.1049/iet-ifs.2018.5380
pub_keyword,iet_inspecKeyword,pub_concept
6
6
Loading
Print this page
This is a required field
Please enter a valid email address