{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,2]],"date-time":"2026-05-02T07:11:48Z","timestamp":1777705908560,"version":"3.51.4"},"reference-count":52,"publisher":"SAGE Publications","issue":"1","content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IFS"],"published-print":{"date-parts":[[2023,7,2]]},"abstract":"With the development of wireless communication technology and the rapid increase of user data, multi-server key agreement authentication scheme has been widely used. In order to protect users\u2019 privacy and legitimate rights, a two-factor multi-server authentication scheme based on device PUF and users\u2019 biometrics is proposed. The users\u2019 biometrics are combined with the physical characteristics of the Physically Unclonable Functions (PUF) as authentication factors, which not only ensures the security of the scheme, but it also is user-friendly without a password. The proposed scheme can be applied to telemedicine, smart home, Internet of Vehicles and other fields to achieve mutual authentication and key agreement between users and servers. In order to prove the security of the proposed scheme, the widely accepted ROR model and BAN logic are used for formal security analysis. The scheme can effectively resist various security attacks, and the comparison with existing schemes shows that it has better performance in terms of communication cost and computational complexity.<\/jats:p>","DOI":"10.3233\/jifs-221354","type":"journal-article","created":{"date-parts":[[2023,5,16]],"date-time":"2023-05-16T10:59:37Z","timestamp":1684234777000},"page":"911-928","source":"Crossref","is-referenced-by-count":1,"title":["Lightweight and privacy-preserving multi-server authentication scheme based on PUF and biometrics"],"prefix":"10.1177","volume":"45","author":[{"given":"Shuwan","family":"Sun","sequence":"first","affiliation":[{"name":"School of Computer and Information, Anhui Normal University, Wuhu, China"},{"name":"Anhui Province Key Laboratory of Network and Information Security, Wuhu, China"}]},{"given":"Weixin","family":"Bian","sequence":"additional","affiliation":[{"name":"School of Computer and Information, Anhui Normal University, Wuhu, China"},{"name":"Anhui Province Key Laboratory of Network and Information Security, Wuhu, China"}]},{"given":"Dong","family":"Xie","sequence":"additional","affiliation":[{"name":"School of Computer and Information, Anhui Normal University, Wuhu, China"},{"name":"Anhui Province Key Laboratory of Network and Information Security, Wuhu, China"}]},{"given":"Deqin","family":"Xu","sequence":"additional","affiliation":[{"name":"School of Computer and Information, Anhui Normal University, Wuhu, China"},{"name":"Anhui Province Key Laboratory of Network and Information Security, Wuhu, China"}]},{"given":"Yi","family":"Huang","sequence":"additional","affiliation":[{"name":"School of Computer and Information, Anhui Normal University, Wuhu, China"},{"name":"Anhui Province Key Laboratory of Network and Information Security, Wuhu, China"}]}],"member":"179","reference":[{"issue":"11","key":"10.3233\/JIFS-221354_ref1","doi-asserted-by":"crossref","first-page":"770","DOI":"10.1145\/358790.358797","article-title":"Password authentication with insecure communication","volume":"24","author":"Lamport","year":"1981","journal-title":"Communications of the ACM"},{"issue":"4","key":"10.3233\/JIFS-221354_ref2","doi-asserted-by":"crossref","first-page":"469","DOI":"10.1109\/TIT.1985.1057074","article-title":"A public key cryptosystem and a signature scheme based on discrete logarithms","volume":"31","author":"ElGamal","year":"1985","journal-title":"IEEE Transactions on Information Theory"},{"issue":"4","key":"10.3233\/JIFS-221354_ref3","doi-asserted-by":"crossref","first-page":"372","DOI":"10.1016\/S0167-4048(02)00415-7","article-title":"An efficient and practical solution to remote authentication: smart card","volume":"21","author":"Chien","year":"2002","journal-title":"Computers & Security"},{"key":"10.3233\/JIFS-221354_ref4","doi-asserted-by":"crossref","first-page":"45","DOI":"10.1016\/j.future.2020.03.034","article-title":"Bio-AKA: An efficient fingerprint based two factor user authentication and key agreement scheme","volume":"109","author":"Bian","year":"2020","journal-title":"Future Generation Computer Systems"},{"key":"10.3233\/JIFS-221354_ref5","doi-asserted-by":"crossref","first-page":"15","DOI":"10.1016\/j.jisa.2016.11.002","article-title":"A privacy preserving biometric-based three-factor remote user authenticated key agreement scheme","volume":"32","author":"Chaturvedi","year":"2017","journal-title":"Journal of Information Security and Applications"},{"issue":"9","key":"10.3233\/JIFS-221354_ref6","doi-asserted-by":"crossref","first-page":"793","DOI":"10.1007\/s00607-013-0308-2","article-title":"More efficient key-hash based fingerprint remote authentication scheme using mobile device","volume":"96","author":"Khan","year":"2014","journal-title":"Computing"},{"issue":"5","key":"10.3233\/JIFS-221354_ref7","doi-asserted-by":"crossref","first-page":"585","DOI":"10.1002\/dac.1277","article-title":"Mobile device integration of a fingerprint biometric remote authentication scheme","volume":"25","author":"Chen","year":"2012","journal-title":"International Journal of Communication Systems"},{"issue":"2","key":"10.3233\/JIFS-221354_ref8","doi-asserted-by":"crossref","first-page":"163","DOI":"10.1007\/s11265-018-1385-4","article-title":"A new framework for match on card and match on host quality based multimodal biometric authentication","volume":"91","author":"Sabri","year":"2019","journal-title":"Journal of Signal Processing Systems"},{"key":"10.3233\/JIFS-221354_ref9","first-page":"95","article-title":"Decentralized authentication for secure cloud data sharing. IEEE 27th International Conference on Enabling Technologies: Infrastructure for Collaborative Enterprises (WETICE)","author":"Iqbal","year":"2018","journal-title":"IEEE"},{"key":"10.3233\/JIFS-221354_ref10","doi-asserted-by":"crossref","first-page":"30","DOI":"10.1016\/j.future.2019.07.023","article-title":"Privacy preserving remote multi-server biometric authentication using cancelable biometrics and secret sharing","volume":"102","author":"Kaur","year":"2020","journal-title":"Future Generation Computer Systems"},{"key":"10.3233\/JIFS-221354_ref11","first-page":"131","article-title":"Generation and verification of digital signature with two factor authentication. International Workshop on Computational Intelligence (IWCI)","author":"Chakraborty","year":"2016","journal-title":"IEEE"},{"key":"10.3233\/JIFS-221354_ref12","doi-asserted-by":"crossref","first-page":"102639","DOI":"10.1016\/j.jisa.2020.102639","article-title":"A survey of authenticated key agreement protocols for multi-server architecture","volume":"55","author":"ul Haq","year":"2020","journal-title":"Journal of Information Security and Applications"},{"key":"10.3233\/JIFS-221354_ref13","doi-asserted-by":"crossref","first-page":"729","DOI":"10.1007\/s11277-013-1039-6","article-title":"Robust smart card authentication scheme for multi-server architecture","volume":"72","author":"Pippal","year":"2013","journal-title":"Wireless Personal Communications"},{"key":"10.3233\/JIFS-221354_ref14","doi-asserted-by":"crossref","first-page":"288","DOI":"10.1504\/IJESDF.2013.058669","article-title":"On the security of an authentication scheme for multi-server architecture","volume":"5","author":"He","year":"2013","journal-title":"International Journal of Electronic Security and Digital Forensics"},{"key":"10.3233\/JIFS-221354_ref15","doi-asserted-by":"crossref","first-page":"475","DOI":"10.1007\/s11277-014-1762-7","article-title":"Analysis and improvement of a robust smart card based-authentication scheme for multi-server architecture","volume":"78","author":"Guo","year":"2014","journal-title":"Wirel Pers Commun"},{"key":"10.3233\/JIFS-221354_ref16","doi-asserted-by":"crossref","first-page":"2255","DOI":"10.1007\/s11277-014-1636-z","article-title":"Cryptanalysis and improvement of a robust smart card authentication scheme for multi-server architecture","volume":"77","author":"Wei","year":"2014","journal-title":"Wirel Pers Commun"},{"key":"10.3233\/JIFS-221354_ref17","doi-asserted-by":"crossref","first-page":"1621","DOI":"10.1007\/s11277-014-1948-z","article-title":"A provably secure multi-server based authentication scheme","volume":"79","author":"Yeh","year":"2014","journal-title":"Wirel Pers Commun"},{"key":"10.3233\/JIFS-221354_ref18","doi-asserted-by":"crossref","first-page":"64","DOI":"10.1016\/j.jisa.2016.05.006","article-title":"Design of a secure smart card-based multi-server authentication scheme","volume":"30","author":"Chaturvedi","year":"2016","journal-title":"Journal of Information Security and Applications"},{"issue":"1","key":"10.3233\/JIFS-221354_ref19","doi-asserted-by":"crossref","first-page":"39","DOI":"10.1016\/j.csi.2004.03.004","article-title":"A smart card-based remote scheme for password authentication in multi-server internet services","volume":"27","author":"Tsaur","year":"2004","journal-title":"Comput Stand Interf"},{"key":"10.3233\/JIFS-221354_ref20","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1155\/2017\/5989151","article-title":"A two-factor RSA-based robust authentication system for multiserver environments","volume":"2017","author":"Amin","year":"2017","journal-title":"Secur Commun Netw"},{"issue":"1","key":"10.3233\/JIFS-221354_ref21","doi-asserted-by":"crossref","first-page":"195","DOI":"10.1016\/j.jcss.2013.07.004","article-title":"A lightweight dynamic pseudonym identity based authentication and key agreement protocol without verification tables for multi-server architecture","volume":"80","author":"Xue","year":"2014","journal-title":"J Comput Syst Sci"},{"issue":"6","key":"10.3233\/JIFS-221354_ref22","first-page":"1357","article-title":"A novel authentication protocol for multi-server architecture without smart cards","volume":"4","author":"Lee","year":"2008","journal-title":"Int J Innov Comput Inform Control"},{"issue":"23","key":"10.3233\/JIFS-221354_ref23","doi-asserted-by":"crossref","first-page":"17120","DOI":"10.1109\/JIOT.2021.3078175","article-title":"An energy-efficient authentication scheme based on Chebyshev chaotic map for smart grid environments","volume":"8","author":"Zhang","year":"2021","journal-title":"IEEE Internet of Things Journal"},{"issue":"5","key":"10.3233\/JIFS-221354_ref24","first-page":"2542","article-title":"A construction of a conformal Chebyshev chaotic map based authentication protocol for healthcare telemedicine services","volume":"7","author":"Dharminder","year":"2531","journal-title":"Complex & Intelligent Systems"},{"key":"10.3233\/JIFS-221354_ref25","doi-asserted-by":"crossref","first-page":"12137","DOI":"10.1109\/ACCESS.2022.3146393","article-title":"A provably secure three-factor authentication protocol based on chebyshev chaotic mapping for wireless sensor network","volume":"10","author":"Mo","year":"2022","journal-title":"IEEE Access"},{"issue":"13","key":"10.3233\/JIFS-221354_ref26","doi-asserted-by":"crossref","first-page":"5026","DOI":"10.3390\/s22135026","article-title":"Cm-cppa: Chaotic map-based conditional privacy-preserving authentication scheme in 5g-enabled vehicular networks","volume":"22","author":"Al-Shareeda","year":"2022","journal-title":"Sensors"},{"key":"10.3233\/JIFS-221354_ref27","doi-asserted-by":"crossref","first-page":"4938","DOI":"10.1007\/s11227-021-04039-1","article-title":"An efficient authentication with key agreement procedure using Mittag\u2013 Leffler\u2013 Chebyshev summation chaotic map under the multi-server architecture","volume":"78","author":"Meshram","year":"2022","journal-title":"The Journal of Supercomputing"},{"issue":"3","key":"10.3233\/JIFS-221354_ref28","doi-asserted-by":"crossref","first-page":"477","DOI":"10.1007\/s11235-021-00809-7","article-title":"Reddy, MAPMCECCM: a mutual authentication protocol for mobile cloud environment using Chebyshev Chaotic Map","volume":"78","author":"Vivekanandan","year":"2021","journal-title":"Telecommunication Systems"},{"key":"10.3233\/JIFS-221354_ref29","doi-asserted-by":"crossref","first-page":"15633","DOI":"10.1109\/ACCESS.2021.3053043","article-title":"A lightweight authentication with privacy-preserving scheme for vehicular ad hoc networks based on elliptic curve cryptography","volume":"9","author":"Alshudukhi","year":"2021","journal-title":"IEEE Access"},{"key":"10.3233\/JIFS-221354_ref30","doi-asserted-by":"crossref","first-page":"102768","DOI":"10.1016\/j.adhoc.2021.102768","article-title":"A secure three-factor authentication scheme for multi-gateway wireless sensor networks based on elliptic curve cryptography","volume":"127","author":"Dai","year":"2022","journal-title":"Ad Hoc Networks"},{"key":"10.3233\/JIFS-221354_ref31","doi-asserted-by":"crossref","first-page":"102763","DOI":"10.1016\/j.sysarc.2022.102763","article-title":"Lightweight anonymous authentication protocol for resource-constrained smart home devices based on elliptic curve cryptography","volume":"133","author":"Nyangaresi","year":"2022","journal-title":"Journal of Systems Architecture"},{"key":"10.3233\/JIFS-221354_ref32","doi-asserted-by":"crossref","first-page":"1557","DOI":"10.1007\/s11277-020-07935-6","article-title":"ECC-based authentication scheme for cloud-based robots","volume":"117","author":"Jain","year":"2021","journal-title":"Wireless Personal Communications"},{"issue":"16","key":"10.3233\/JIFS-221354_ref33","doi-asserted-by":"crossref","first-page":"22425","DOI":"10.1007\/s11042-022-12227-1","article-title":"A secure and improved two factor authentication scheme using elliptic curve and bilinear pairing for cyber physical systems","volume":"81","author":"Sengupta","year":"2022","journal-title":"Multimedia Tools and Applications"},{"key":"10.3233\/JIFS-221354_ref34","doi-asserted-by":"crossref","first-page":"26","DOI":"10.1016\/j.comcom.2017.05.009","article-title":"A secure and robust anonymous three-factor remote user authentication scheme for multi-server environment using ECC","volume":"110","author":"Chandrakar","year":"2017","journal-title":"Computer Communications"},{"issue":"9","key":"10.3233\/JIFS-221354_ref35","doi-asserted-by":"crossref","first-page":"11041","DOI":"10.1007\/s11042-017-4996-z","article-title":"A robust and efficient bilinear pairing based mutual authentication and session key verification over insecure communication","volume":"77","author":"Amin","year":"2018","journal-title":"Multimedia Tools and Applications"},{"issue":"1","key":"10.3233\/JIFS-221354_ref36","doi-asserted-by":"crossref","first-page":"27","DOI":"10.1016\/j.dcan.2017.09.004","article-title":"An improved and secure multiserver authentication scheme based on biometrics and smartcard","volume":"4","author":"Kumar","year":"2018","journal-title":"Digital Communications and Networks"},{"issue":"1","key":"10.3233\/JIFS-221354_ref37","doi-asserted-by":"crossref","first-page":"140","DOI":"10.1016\/j.dcan.2020.05.001","article-title":"An efficient hash-based authenticated key agreement scheme for multi-server architecture resilient to key compromise impersonation","volume":"7","author":"Haq","year":"2021","journal-title":"Digital Communications and Networks"},{"key":"10.3233\/JIFS-221354_ref38","doi-asserted-by":"crossref","unstructured":"Juels A. and Wattenberg M. , A fuzzy commitment scheme. Proceedings of the 6th ACM conference on Computer and communications security, (1999), 28\u201336.","DOI":"10.1145\/319709.319714"},{"issue":"9","key":"10.3233\/JIFS-221354_ref39","doi-asserted-by":"crossref","first-page":"1479","DOI":"10.3390\/electronics9091479","article-title":"A lightweight authentication scheme for V2G communications: A PUF-based approach ensuring cyber\/physical security and identity\/location privacy","volume":"9","author":"Kaveh","year":"2020","journal-title":"Electronics"},{"issue":"2","key":"10.3233\/JIFS-221354_ref40","doi-asserted-by":"crossref","first-page":"1699","DOI":"10.1007\/s11277-018-5875-2","article-title":"A secure PUF-based unilateral authentication scheme for RFID system","volume":"103","author":"Maurya","year":"2018","journal-title":"Wireless Personal Communications"},{"key":"10.3233\/JIFS-221354_ref41","first-page":"233","article-title":"A logic of authentication. Proceedings of the Royal Society of London A","volume":"426","author":"Burrows","year":"1989","journal-title":"Mathematical and Physical Sciences"},{"key":"10.3233\/JIFS-221354_ref42","doi-asserted-by":"crossref","unstructured":"Abdalla M. , Fouque P.A. and Pointcheval D. , Password-based authenticated key exchange in the three-party setting. International Workshop on Public Key Cryptography. Springer, Berlin, Heidelberg 3386 (2005), 65\u201384.","DOI":"10.1007\/978-3-540-30580-4_6"},{"key":"10.3233\/JIFS-221354_ref43","doi-asserted-by":"crossref","first-page":"144","DOI":"10.1016\/j.comnet.2017.12.007","article-title":"A new two-server authentication and key agreement protocol for accessing secure cloud services","volume":"131","author":"Chattaraj","year":"2018","journal-title":"Computer Networks"},{"issue":"5","key":"10.3233\/JIFS-221354_ref44","doi-asserted-by":"crossref","first-page":"e0126323","DOI":"10.1371\/journal.pone.0126323","article-title":"Robust biometrics based authentication and key agreement scheme for multi-server environments using smart cards","volume":"10","author":"Lu","year":"2015","journal-title":"PLoS One"},{"key":"10.3233\/JIFS-221354_ref45","doi-asserted-by":"crossref","first-page":"369","DOI":"10.1016\/j.ins.2018.10.037","article-title":"SUAA: A secure user authentication scheme with anonymity for the single & multi-server environments","volume":"477","author":"Lwamo","year":"2019","journal-title":"Information Sciences"},{"issue":"1","key":"10.3233\/JIFS-221354_ref46","doi-asserted-by":"crossref","first-page":"225","DOI":"10.1007\/s11277-015-3040-8","article-title":"Hash based multi-server key exchange protocol using smart card","volume":"87","author":"Gupta","year":"2016","journal-title":"Wireless Personal Communications"},{"key":"10.3233\/JIFS-221354_ref47","doi-asserted-by":"crossref","first-page":"153","DOI":"10.1007\/978-981-15-1084-7_16","article-title":"An elliptic curve cryptography-based multi-server authentication scheme using cancelable biometrics","volume":"1034","author":"Barman","year":"2020","journal-title":"Intelligent Computing and Communication: Proceedings of 3rd ICICC 2019"},{"key":"10.3233\/JIFS-221354_ref48","doi-asserted-by":"crossref","first-page":"5903","DOI":"10.1007\/s11227-021-04114-7","article-title":"A group key-based lightweight Mutual Authentication and Key Agreement (MAKA) protocol for multi-server environment","volume":"78","author":"Roy","year":"2022","journal-title":"The Journal of Supercomputing"},{"issue":"4","key":"10.3233\/JIFS-221354_ref49","doi-asserted-by":"crossref","first-page":"1","DOI":"10.3233\/JIFS-212095","article-title":"BioF-TAP: An efficient method of template protection and two-factor authentication protocol combining biometric and PUF","volume":"43","author":"Zhang","year":"2022","journal-title":"Journal of Intelligent & Fuzzy Systems"},{"key":"10.3233\/JIFS-221354_ref50","doi-asserted-by":"crossref","first-page":"45292","DOI":"10.1109\/ACCESS.2020.2975615","article-title":"A secure biometrics and PUFs-based authentication scheme with key agreement for multi-server environments","volume":"8","author":"Zhao","year":"2020","journal-title":"IEEE Access"},{"issue":"11","key":"10.3233\/JIFS-221354_ref51","doi-asserted-by":"crossref","first-page":"16907","DOI":"10.1007\/s11042-020-09078-z","article-title":"A secure and improved multi server authentication protocol using fuzzy commitment","volume":"80","author":"Rehman","year":"2021","journal-title":"Multimedia Tools and Applications"},{"key":"10.3233\/JIFS-221354_ref52","doi-asserted-by":"crossref","first-page":"12557","DOI":"10.1109\/ACCESS.2019.2893185","article-title":"A secure authentication protocol for multi-server-based e-healthcare using a fuzzy commitment scheme","volume":"7","author":"Barman","year":"2019","journal-title":"IEEE Access"}],"container-title":["Journal of Intelligent & Fuzzy Systems"],"original-title":[],"link":[{"URL":"https:\/\/content.iospress.com\/download?id=10.3233\/JIFS-221354","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,4,29]],"date-time":"2026-04-29T09:45:34Z","timestamp":1777455934000},"score":1,"resource":{"primary":{"URL":"https:\/\/journals.sagepub.com\/doi\/full\/10.3233\/JIFS-221354"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,7,2]]},"references-count":52,"journal-issue":{"issue":"1"},"URL":"https:\/\/doi.org\/10.3233\/jifs-221354","relation":{},"ISSN":["1064-1246","1875-8967"],"issn-type":[{"value":"1064-1246","type":"print"},{"value":"1875-8967","type":"electronic"}],"subject":[],"published":{"date-parts":[[2023,7,2]]}}}