Improved Two-Factor Authentication Protocol Based on Biometric Feature and Password for Cloud Service

摘要

Secure and efficient authentication protocols are necessary for cloud service. Multi-factor authentication protocols taking advantage of smart card, user's password and biometric, are more secure than password-based single-factor authentication protocols which are widely used in practice. However, almost all the existed two-factor authentication protocols and multi-factor authentication protocols are based on smart cards, which will inevitably lead to a series of security problems caused by the loss of smart cards. Recently, Li et al. proposed a two-factor authenticated key agreement protocol based on biometric feature and password innovatively without using smart card. But we demonstrate that Li et al.'s protocol can't resist the privileged-insider attack and the stolen verifier attack. Moreover, their protocol failed to provide user anonymity. To overcome the weaknesses of Li et al.'s scheme, we then proposed an improved two-factor authentication protocol based on the extended Chebyshev chaotic mapping. To illustrate the security of our scheme, we give a standard formal proof with the sequence of games (SOG) technique. Furthermore, we also present a comprehensive heuristic security analysis to demonstrate that the proposed protocol is capable of withstanding all the possible various attacks and provides the desired security features. Compared with other schemes, ours is more secure and efficient.