ICAS: Two-factor identity-concealed authentication scheme for remote-servers

Abstract

As the number of users in remote server environments is more prevalent (i.e., in e-payment, e-healthcare), a secure authentication scheme becomes increasingly important for this paradigm. In general, single-factor authentication in remote-systems suffers from several security issues, whereas multi-factor authentication can be considered as an alternative solution where additional factors increase the security level. However, in existing multi-factor authentication schemes, leakage of randomness and identity-concealment are not well considered; these can cause privacy issues in some application scenarios. In this paper, we propose a two-factor-based identity-concealed authentication scheme refer to as ICAS. ICAS ensures secure authentication between the user and remote server even if some intermediate randomness (e.g., Diffie-Hellman exponent) has been exposed to an adversary, prevents users’ identity against adversaries, can resist perpetual leakage of confidential information, and provide a strong security guarantee against device lost attacks. We define a proper security model in the random oracle and prove the security of ICAS under the model. We provide a comprehensive performance evaluation, which shows that ICAS is efficient. Specifically, the proposed scheme reduces the total computation cost by at least 24% and reduces the user’s communication cost by at least 4%; thereby, ICAS is feasible to deploy in the practical environment.