Dual factor third‐party biometric‐based authentication scheme using quantum one time passwords†

Abstract

AbstractOne Time Passwords (OTP) are being widely used for authentication of user to access a number of services offered online. The security vulnerabilities in classical execution of OTP schemes are addressed using Quantum OTP (QOTP) scheme with user biometrics. This scheme requires sharing of user biometric data with every service provider. The chances of leakage of user biometrics increase with increase in number of entities holding the data. Further, loss of data by any entity compromises user identity for all other services. The work carried out in this article addresses the above‐mentioned challenges by incorporating a trusted third party which holds user biometric data and carries out authentication on its behalf. The proposed model continues leveraging upon inherent security benefits provided by Quantum Entanglement and Quantum Communication and utilizing user biometrics as authentication data. It modifies the QOTP scheme by carrying out mutual authentication for user and server against a particular transaction. The proposed model brings in the advantages of Single Sign On facility in terms of hardware to reduce infrastructure cost and No Secret Sharing of user biometric data with the servers to protect against rogue servers. The security analysis demonstrates the merit of the inherent procedures of the proposed work which leverage on the no‐cloning and quantum cryptography principles.