A novel and efficient session spanning biometric and password based three-factor authentication protocol for consumer USB Mass Storage Devices

摘要

This paper proposes a key agreement scheme after secure authentication to prevent the unauthorized access of the data stored in a Universal Serial Bus (USB) Mass Storage Device (MSD). Due to the system architecture of this proposed scheme, authorized users can store their data in a secure encrypted form after performing authentication. The novelty of this work is that users can retrieve the encrypted data in not only the current session but also across different sessions, thus reducing the required communications overhead. This paper then analyses the security of the proposed protocol through a formal analysis to demonstrate that the information has been stored securely and is also protected offering strong resilience to relevant security attacks. The computational and communication costs of the proposed scheme is analyzed and compared to related works to show that the proposed scheme has an improved tradeoff for computational cost, communication cost and security1.