Secured and Effective Internet Banking Transactions Using Fingerprint, Otp System, Rfid
1390
IEEE TRANSACTIONS ON PARALLEL AND DISTRIBUTED SYSTEMS,
VOL. 22,
NO. 8,
AUGUST 2011
A Generic Framework for Three-Factor Authentication: Preserving Security and Privacy in Distributed Systems
Xinyi Huang, Yang Xiang, Member, IEEE, Ashley Chonka, Jianying Zhou, and Robert H. Deng, Senior Member, IEEE
Abstract—As part of the security within distributed systems, various services and resources need protection from unauthorized use. Remote authentication is the most commonly used method to determine the identity of a remote client. This paper investigates a systematic approach for authenticating clients by three factors, namely password, smart card, and biometrics. A generic and secure framework is proposed to upgrade two-factor authentication to three-factor authentication. The conversion not only significantly improves the information assurance at low cost but also protects client privacy in distributed systems. In addition, our framework retains several practice-friendly properties of the underlying two-factor authentication, which we believe is of independent interest. Index Terms—Authentication, distributed systems, security, privacy, password, smart card, biometrics.
Ç
1 INTRODUCTION
N
I
a distributed system, various resources are distributed in the form of network services provided and managed by servers. Remote authentication is the most commonly used method to determine the identity of a remote client. In general, there are three authentication factors: Something the client knows: password. Something the client has: smart card. Something the client is: biometric characteristics (e.g., fingerprint, voiceprint, and iris scan). Most early authentication mechanisms are solely based on password. While such protocols are relatively easy to implement, passwords (and human generated passwords in particular) have many vulnerabilities. As an example, human generated and memorable passwords are usually short strings of characters and
IEEE TRANSACTIONS ON PARALLEL AND DISTRIBUTED SYSTEMS,
VOL. 22,
NO. 8,
AUGUST 2011
A Generic Framework for Three-Factor Authentication: Preserving Security and Privacy in Distributed Systems
Xinyi Huang, Yang Xiang, Member, IEEE, Ashley Chonka, Jianying Zhou, and Robert H. Deng, Senior Member, IEEE
Abstract—As part of the security within distributed systems, various services and resources need protection from unauthorized use. Remote authentication is the most commonly used method to determine the identity of a remote client. This paper investigates a systematic approach for authenticating clients by three factors, namely password, smart card, and biometrics. A generic and secure framework is proposed to upgrade two-factor authentication to three-factor authentication. The conversion not only significantly improves the information assurance at low cost but also protects client privacy in distributed systems. In addition, our framework retains several practice-friendly properties of the underlying two-factor authentication, which we believe is of independent interest. Index Terms—Authentication, distributed systems, security, privacy, password, smart card, biometrics.
Ç
1 INTRODUCTION
N
I
a distributed system, various resources are distributed in the form of network services provided and managed by servers. Remote authentication is the most commonly used method to determine the identity of a remote client. In general, there are three authentication factors: Something the client knows: password. Something the client has: smart card. Something the client is: biometric characteristics (e.g., fingerprint, voiceprint, and iris scan). Most early authentication mechanisms are solely based on password. While such protocols are relatively easy to implement, passwords (and human generated passwords in particular) have many vulnerabilities. As an example, human generated and memorable passwords are usually short strings of characters and