As the number of users in remote server environments is more prevalent (i.e., in e-payment, e-healthcare), a secure authentication scheme becomes increasingly important for this paradigm. In general, single-factor authentication in remote-systems suffers from several security issues, whereas multi-factor authentication can be considered as an alternative solution where additional factors increase the security level. However, in existing multi-factor authentication schemes, leakage of randomness and identity-concealment are not well considered; these can cause privacy issues in some application scenarios. In this paper, we propose a two-factor-based identity-concealed authentication scheme refer to as ICAS. ICAS ensures secure authentication between the user and remote server even if some intermediate randomness (e.g., Diffie-Hellman exponent) has been exposed to an adversary, prevents users’ identity against adversaries, can resist perpetual leakage of confidential information, and provide a strong security guarantee against device lost attacks. We define a proper security model in the random oracle and prove the security of ICAS under the model. We provide a comprehensive performance evaluation, which shows that ICAS is efficient. Specifically, the proposed scheme reduces the total computation cost by at least 24% and reduces the user’s communication cost by at least 4%; thereby, ICAS is feasible to deploy in the practical environment.

随着远程服务器环境中用户数量的增加（例如，在电子支付，电子医疗保健中），对于这种范例，安全的身份验证方案变得越来越重要。通常，远程系统中的单因素身份验证会遇到一些安全性问题，而多因素身份验证可以看作是其他因素会提高安全级别的替代解决方案。但是，在现有的多因素身份验证方案中，没有很好地考虑随机性和身份隐匿性的泄漏。这些可能会在某些应用场景中引起隐私问题。在本文中，我们提出了一种基于两因素的身份隐匿身份验证方案，称为ICAS。即使某些中间随机性（例如，Diffie-Hellman指数）已经暴露给对手，可以防止用户针对对手进行身份识别，可以抵抗机密信息的永久泄露，并提供了针对设备丢失攻击的有力安全保证。我们在随机预言机中定义了一个适当的安全模型，并在该模型下证明了ICAS的安全性。我们提供了全面的性能评估，表明ICAS是有效的。具体地，所提出的方案将总计算成本降低了至少24％，并将用户的通信成本降低了至少4％；因此，ICAS在实际环境中部署是可行的。我们在随机预言机中定义了一个适当的安全模型，并在该模型下证明了ICAS的安全性。我们提供了全面的性能评估，表明ICAS是有效的。具体地，所提出的方案将总计算成本降低了至少24％，并将用户的通信成本降低了至少4％；因此，ICAS在实际环境中部署是可行的。我们在随机预言机中定义了一个合适的安全模型，并在该模型下证明了ICAS的安全性。我们提供了全面的性能评估，表明ICAS是有效的。具体地，所提出的方案将总计算成本降低了至少24％，并将用户的通信成本降低了至少4％；因此，ICAS在实际环境中部署是可行的。