Provably secure and biometric-based secure access of e-Governance services using mobile devices

Abstract

All the citizens of a country avail e-Governance services through the Internet, where it inherently does not offer security services. Accessing these services securely and transparently is a significant concern for both the citizen and the government. The multi-server authentication scheme with user biometric and personal mobile devices is an efficient way to reduce security issues related to unauthorized access. It is difficult for a user to remember multiple credentials. If a user performs a login attempt with an incorrect credential, then she is denied access to the service. Therefore, one credential to access every server is a convenient option. Nowadays, most mobile devices are compatible with the biometric scanner; accordingly, it can quickly record the biometric features during the authentication process. This paper devises an elliptic curve-based secure multi-server authentication scheme with the user biometric, password, and mobile device. A user can access various e-Governance services from any location through a dedicated mobile app in our scheme. We perform some formal security analysis of our scheme in the random oracle model, BAN logic, and AVISPA tool. The performance evaluation shows that our scheme accomplishes the known security and functionality features concerning other comparable schemes. Thus, our scheme will be suitable for providing secure access to e-Governance services to every citizen through their mobile devices.