ICAS: Two-factor identity-concealed authentication scheme for remote-servers

Abstract As the number of users in remote server environments is more prevalent (i.e., in e-payment, e-healthcare), a secure authentication scheme becomes increasingly important for this paradigm. In general, single-factor authentication in remote-systems suffers from several security issues, whereas multi-factor authentication can be considered as an alternative solution where additional factors increase the security level. However, in existing multi-factor authentication schemes, leakage of randomness and identity-concealment are not considered; this can cause privacy issues in some application scenarios. In this paper, we propose a two-factor-based identity-concealed authentication scheme (ICAS). ICAS ensures secure authentication between the user and remote server even if some intermediate randomness (e.g., Diffie-Hellman exponent) has been exposed to an adversary, prevents users’ identity against adversaries, can resist perpetual leakage of confidential information, and provide strong security guarantee against device lost attacks. We define a proper security model in the random oracle and prove the security of ICAS under the model. We provide a comprehensive performance evaluation, which shows that ICAS is efficient. Specifically, the proposed scheme reduces the total computation cost by at least 24% and reduces the user’s communication cost by at least 4%; thereby, ICAS is feasible to deploy in the practical environment.