Currently,biometric-based three-factor authentication schemes attract wide attention.In 201 3,Yeh and Chen pointed out that Fan and Lin’s scheme proposed in 2009 may suffer from insider attacks,stolen-verifier attacks and modification attack,etc.when analysing this scheme.After analysing Yeh and Chen’s proposal,we also indicate some defects of it in regard to its drawbacks analyses on Fan-Lin’s scheme,and point out anew the problems in Fan-Lin scheme,the shortcomings include that the key cannot be freely updated at client;the correctness of password cannot be verified at client either;the biometrics is not properly used;the entire efficiency of the scheme is not high enough,etc.Meanwhile,we propose in the paper a new remote authentication scheme which is based on secure sketch.From analysis,it is shown that the proposed scheme can solve the above problems in Fan-Lin’s scheme;moreover,it has higher efficiency and security,and can achieve key agreement as well.%目前基于生物特征的三因素认证方案受到广泛关注。2013年Yeh-Chen在分析2009年Fan-Lin方案后指出该方案可能遭受内部攻击、窃取验证攻击、修改攻击等。在分析Yeh-Chen方案后,指出该方案针对Fan-Lin缺陷分析欠妥的地方,并重新指出了Fan-Lin方案存在的问题:不能在客户端自由更新密钥;客户端不能检验密码正确与否;生物特征使用不当;方案整体效率不够高等缺点。同时提出一种基于安全概略的远程身份认证方案。通过分析可知该方案不但可以解决上述Fan-Lin方案存在的问题,且具有较高效率和安全性,同时也能完成密钥协商。
展开▼
