In this paper, we devise a new and efficient biometric-based password authentication scheme (BIO-PWA) for the client-server environment. Our scheme uses the elliptic curve cryptography (ECC) along with the fuzzy extractor. Through the rigorous security analysis, we show that our scheme is secure against various known attacks. We further show that our scheme is secure in the generic group model through the formal security analysis. In addition, the formal security verification of our scheme using the widely-accepted automated validation of internet security protocols and applications (AVISPA) tool is performed against active and passive adversaries and the simulation results clearly demonstrate that our scheme is secure against active and passive attacks, including the replay and man-in-the-middle attacks. Finally, we show that our scheme is also efficient in computation against the existing related ECC-based authentication schemes for the client-server environment.

• 出版日期2018