Web-based User Authentication and Access Control: An Enhanced Multi-Factor Biometric Cryptographic Scheme Based on Client File and S13 Quantum Key Distribution Protocol

Several remote user authentication schemes have been proposed using external memory and smart cards. Smart card-based schemes have user mobility and deployment problems, and those based on external memory have a tamper resistance problem. Although Cherbal and Benchetioui’s scheme solved remote authentication problems using Elliptical Curve Cryptography and 2-Factor authentication, they still have not addressed key distribution, perfect forward secrecy, and session hijacking issues. This research proposes an enhanced multi-factor authentication and access control scheme based on the S13 quantum key distribution protocol, using a client file in an external memory. The proposed scheme combines the powers of an enhanced quantum key distribution, a lightweight tamper-resistance client file, and biometrics to overcome these limitations. The security of the proposed scheme was verified, validated, and evaluated against the reviewed scheme using various tools. The AVISPA simulation results showed that the proposed scheme is validated, secure against session hijacking, has a secure key distribution policy, and ensures perfect forward secrecy. The security functionalities analysis shows that the proposed scheme has the highest security index of 13 and is the only scheme that used the tamper-resistance client file in an external memory for the first time. The performance evaluation results showed that the proposed scheme is more efficient than the reviewed scheme with a computation cost of 0.83125s and 0.25902s and a percentage improvement of 48.48% and 73.98% for the respective user and server and a more efficient communication costs of 2112 bits than the reviewed scheme with a percentage improvement of 16.46%.