Chaotic Map-Based Anonymous User Authentication Scheme With User Biometrics and Fuzzy Extractor for Crowdsourcing Internet of Things

The recent proliferation of mobile devices, such as smartphones and wearable devices has given rise to crowdsourcing Internet of Things (IoT) applications. E-healthcare service is one of the important services for the crowdsourcing IoT applications that facilitates remote access or storage of medical server data to the authorized users (for example, doctors, patients, and nurses) via wireless communication. As wireless communication is susceptible to various kinds of threats and attacks, remote user authentication is highly essential for a hazard-free use of these services. In this paper, we aim to propose a new secure three-factor user remote user authentication protocol based on the extended chaotic maps. The three factors involved in the proposed scheme are: 1) smart card; 2) password; and 3) personal biometrics. As the proposed scheme avoids computationally expensive elliptic curve point multiplication or modular exponentiation operation, it is lightweight and efficient. The formal security verification using the widely-accepted verification tool, called the ProVerif 1.93, shows that the presented scheme is secure. In addition, we present the formal security analysis using the both widely accepted real-or-random model and Burrows–Abadi–Needham logic. With the combination of high security and appreciably low communication and computational overheads, our scheme is very much practical for battery limited devices for the healthcare applications as compared to other existing related schemes.

[1]  Amit K. Awasthi,et al.  A Biometric Authentication Scheme for Telecare Medicine Information Systems with Nonce , 2013, Journal of Medical Systems.

[2]  Ljupco Kocarev,et al.  Chaos-Based Cryptography - Theory, Algorithms and Applications , 2011, Chaos-Based Cryptography.

[3]  Zheng Yan,et al.  Security protocols in body sensor networks using visible light communications , 2016, Int. J. Commun. Syst..

[4]  Zheng Yan,et al.  SecIoT: a security framework for the Internet of Things , 2016, Secur. Commun. Networks.

[5]  Xiong Li,et al.  A user friendly mutual authentication and key agreement scheme for wireless sensor networks using chaotic maps , 2016, Future Gener. Comput. Syst..

[6]  Vanga Odelu,et al.  An efficient biometric-based privacy-preserving three-party authentication with key agreement protocol using smart cards , 2015, Secur. Commun. Networks.

[7]  Danny Dolev,et al.  On the security of public key protocols , 1981, 22nd Annual Symposium on Foundations of Computer Science (sfcs 1981).

[8]  Douglas Stebila,et al.  Multi-Factor Password-Authenticated Key Exchange , 2010, AISC.

[9]  Ting Wu,et al.  Improvement of a Uniqueness-and-Anonymity-Preserving User Authentication Scheme for Connected Health Care , 2014, Journal of Medical Systems.

[10]  William Stallings,et al.  Cryptography and network security - principles and practice (3. ed.) , 2014 .

[11]  Palash Sarkar,et al.  A Simple and Generic Construction of Authenticated Encryption with Associated Data , 2010, TSEC.

[12]  Ashok Kumar Das,et al.  Analysis and improvement on an efficient biometric-based remote user authentication scheme using smart cards , 2011, IET Inf. Secur..

[13]  Athanasios V. Vasilakos,et al.  A survey on trust management for Internet of Things , 2014, J. Netw. Comput. Appl..

[14]  Tian-Fu Lee,et al.  An Efficient Chaotic Maps-Based Authentication and Key Agreement Scheme Using Smartcards for Telecare Medicine Information Systems , 2013, Journal of Medical Systems.

[15]  Jorge Sá Silva,et al.  Security for the Internet of Things: A Survey of Existing Protocols and Open Research Issues , 2015, IEEE Communications Surveys & Tutorials.

[16]  Julien Bringer,et al.  A Framework for Analyzing Template Security and Privacy in Biometric Authentication Systems , 2012, IEEE Transactions on Information Forensics and Security.

[17]  Eun-Jun Yoon,et al.  Secure Signature-Based Authenticated Key Establishment Scheme for Future IoT Applications , 2017, IEEE Access.

[18]  Debiao He,et al.  Secure pseudonym-based near field communication protocol for the consumer internet of things , 2015, IEEE Transactions on Consumer Electronics.

[19]  Yuefei Zhu,et al.  Robust smart-cards-based user authentication scheme with user anonymity , 2012, Secur. Commun. Networks.

[20]  David Pointcheval,et al.  Password-Based Authenticated Key Exchange in the Three-Party Setting , 2005, Public Key Cryptography.

[21]  Robert H. Sloan,et al.  Examining Smart-Card Security under the Threat of Power Analysis Attacks , 2002, IEEE Trans. Computers.

[22]  Sherali Zeadally,et al.  An Analysis of RFID Authentication Schemes for Internet of Things in Healthcare Environment Using Elliptic Curve Cryptography , 2015, IEEE Internet of Things Journal.

[23]  Xiong Li,et al.  Design of an efficient and provably secure anonymity preserving three-factor user authentication and key agreement scheme for TMIS , 2016, Secur. Commun. Networks.

[24]  Martín Abadi,et al.  Mobile values, new names, and secure communication , 2001, POPL '01.

[25]  Vanga Odelu,et al.  A Secure Biometrics-Based Multi-Server Authentication Protocol Using Smart Cards , 2015, IEEE Transactions on Information Forensics and Security.

[26]  Victor Shoup,et al.  Sequences of games: a tool for taming complexity in security proofs , 2004, IACR Cryptol. ePrint Arch..

[27]  Jianfeng Ma,et al.  An Enhanced Authentication Scheme with Privacy Preservation for Roaming Service in Global Mobility Networks , 2012, Wireless Personal Communications.

[28]  Ping Wang,et al.  Anonymous Two-Factor Authentication in Distributed Systems: Certain Goals Are Beyond Attainment , 2015, IEEE Transactions on Dependable and Secure Computing.

[29]  Suela Kodra Fuzzy extractors : How to generate strong keys from biometrics and other noisy data , 2015 .

[30]  Muhammad Khurram Khan,et al.  Cryptanalysis and security enhancement of a 'more efficient & secure dynamic ID-based remote user authentication scheme' , 2011, Comput. Commun..

[31]  Xiong Li,et al.  A privacy-preserving and provable user authentication scheme for wireless sensor networks based on Internet of Things security , 2017, J. Ambient Intell. Humaniz. Comput..

[32]  Saru Kumari,et al.  An efficient user authentication and key agreement scheme for heterogeneous wireless sensor network tailored for the Internet of Things environment , 2016, Ad Hoc Networks.

[33]  Paul F. Syverson,et al.  The Logic of Authentication Protocols , 2000, FOSAD.

[34]  Qing Zhang,et al.  A Novel Serial Multimodal Biometrics Framework Based on Semisupervised Learning Techniques , 2014, IEEE Transactions on Information Forensics and Security.

[35]  Kirti Kamthe,et al.  Enhanced Three-Factor Security Protocol For Consumer USB Mass Storage Devices , 2017 .

[36]  Mihir Bellare,et al.  Random oracles are practical: a paradigm for designing efficient protocols , 1993, CCS '93.

[37]  Bruno Blanchet,et al.  Models and Proofs of Protocol Security: A Progress Report , 2009, CAV.

[38]  Athanasios V. Vasilakos,et al.  Secure Biometric-Based Authentication Scheme Using Chebyshev Chaotic Map for Multi-Server Environment , 2018, IEEE Transactions on Dependable and Secure Computing.

[39]  William Stallings,et al.  Cryptography and Network Security: Principles and Practice , 1998 .

[40]  Bruce Schneier,et al.  Applied cryptography : protocols, algorithms, and source codein C , 1996 .

[41]  Cheng-Chi Lee,et al.  A Secure Chaotic Maps and Smart Cards Based Password Authentication and Key Agreement Scheme with User Anonymity for Telecare Medicine Information Systems , 2014, Journal of Medical Systems.

[42]  Xin Xu,et al.  A Secure and Efficient Authentication and Key Agreement Scheme Based on ECC for Telecare Medicine Information Systems , 2013, Journal of Medical Systems.

[43]  Alfredo De Santis,et al.  Security of public-key cryptosystems based on Chebyshev polynomials , 2004, IEEE Transactions on Circuits and Systems I: Regular Papers.

[44]  Martín Abadi,et al.  A logic of authentication , 1990, TOCS.