A generic framework for three-factor authentication: preserving security and privacy in distributed systems

Author

Xinyi HUANG
Yang Xiang
Ashley Chonka
Jianying Zhou
Robert H. DENG, Singapore Management UniversityFollow

Publication Type

Journal Article

Version

publishedVersion

Publication Date

8-2011

Abstract

As part of the security within distributed systems, various services and resources need protection from unauthorized use. Remote authentication is the most commonly used method to determine the identity of a remote client. This paper investigates a systematic approach for authenticating clients by three factors, namely password, smart card, and biometrics. A generic and secure framework is proposed to upgrade two-factor authentication to three-factor authentication. The conversion not only significantly improves the information assurance at low cost but also protects client privacy in distributed systems. In addition, our framework retains several practice-friendly properties of the underlying two-factor authentication, which we believe is of independent interest.

Discipline

Information Security

Research Areas

Information Security and Trust

Publication

IEEE Transactions on Parallel and Distributed Systems

Volume

22

Issue

8

First Page

1390

Last Page

1397

ISSN

1045-9219

Identifier

10.1109/TPDS.2010.206

Publisher

IEEE

Citation

HUANG, Xinyi; Xiang, Yang; Chonka, Ashley; Zhou, Jianying; and DENG, Robert H.. A generic framework for three-factor authentication: preserving security and privacy in distributed systems. (2011). IEEE Transactions on Parallel and Distributed Systems. 22, (8), 1390-1397.
Available at: https://ink.library.smu.edu.sg/sis_research/1421

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-No Derivative Works 4.0 International License.

Additional URL

https://doi.org/10.1109/TPDS.2010.206