Lightweight and privacy-preserving multi-server authentication scheme based on PUF and biometrics

With the development of wireless communication technology and the rapid increase of user data, multi-server key agreement authentication scheme has been widely used. In order to protect users' privacy and legitimate rights, a two-factor multi-server authentication scheme based on device PUF and users' biometrics is proposed. The users' biometrics are combined with the physical characteristics of the Physically Unclonable Functions (PUF) as authentication factors, which not only ensures the security of the scheme, but it also is user-friendly without a password. The proposed scheme can be applied to telemedicine, smart home, Internet of Vehicles and other fields to achieve mutual authentication and key agreement between users and servers. In order to prove the security of the proposed scheme, the widely accepted ROR model and BAN logic are used for formal security analysis. The scheme can effectively resist various security attacks, and the comparison with existing schemes shows that it has better performance in terms of communication cost and computational complexity.