A Novel Three-Factor Authentication Scheme with High Security for Multi-Server Environments.

In a multi-sever scenario, a two-party remote user authentication scheme is faced with various kinds of security threats. The introduction of biometric technology can effectively improve the security on the user side and the resistance to password guessing attack. Therefore, many biometrics-based user authentication schemes have emerged in the last few years. However, in some recent authentication schemes, a server can easily impersonate a legal user by using the shared secret key and a randomly selected identity. In this study, we first analyze a study of these schemes and indicate the security weakness and vulnerability that might allow attacks. Then, we present an improved biometrics-based three-factor authentication scheme for multi-server environments that inherits most of the advantages of the original scheme and introduces digital signature to address the common security problem. Furthermore, the proposed scheme also has a simplified the authentication procedure and improves execution efficiency. Analysis results, including security analysis and performance comparison, indicate that the new scheme has good efficiency and is robust against various known attacks. [ABSTRACT FROM AUTHOR]