Three-factor control protocol based on elliptic curve cryptosystem for universal serial bus mass storage devices

This study proposes a three-factor control protocol for universal serial bus (USB) on an elliptic curve cryptosystem (ECC). USB is a universal interface used in an enormous number of devices. It has become the most popular interface standard for computer connections. However, since USB provides high transmission speed and is very convenient to carry, many workplace and commercial establishments have prohibited their employees from using USB devices. This precaution is an important way to prevent confidential data leaks via USB devices, as USB connections lack security management. Therefore the authors use a three-factor control protocol to ensure the security of USB connections. The proposed authentication protocol combines biometric, password and smart card to provide high security on the USB mutual authentication. To provide secure and efficient transmission between the user and the USB server, the proposed protocol adopts ECC to encrypt data. Compared to other encryption methods, the proposed protocol uses much smaller key sizes. As a further benefit, this protocol reduces the smart card computational cost and provides an efficient transmission for USB devices. This new scheme improves the security, efficiency and usability of the authentication process. More studies on USB are needed.