An efficient two-factor authentication scheme based on negative databases: Experiments and extensions

Abstract

With the rapid development of network communication technology, identity authentication based on smart cards is one of the most common two-factor authentication schemes. In some real-world applications, timeliness is another challenge besides security and privacy because of the frequent logon and logoff or data updating. Presently, two-factor authentication schemes based on elliptic curve cryptography (ECC) are efficient. They are based on asymmetric encryption algorithms. But the time efficiency can be improved by hash-based methods, such as Negative databases (NDB) inspired by the artificial immune system. A one-time password authentication scheme based on NDBs is efficient, but it does not achieve the functions of mutual authentication and password changing, nor resists stolen-verifier attacks.In this paper, we propose an efficient two-factor authentication scheme based on NDBs. With this scheme, the password changing function is achieved, and the properties of uncertain form of negative databases can reduce the frequency of data updating. As the proposed scheme is a hash function based one, it has fewer calculation steps and higher time efficiency, compared with the authentication schemes based on asymmetric encryption algorithms such as ECC. This scheme also resists the majority of attacking behaviours, such as password-guessing attacks and man-in-the-middle attacks. Experimental results verify the time efficiency of this proposed scheme, and its security is analysed as well.