Applying biometrics to design three-factor remote user authentication scheme with key agreement

There are some biometrics-based three-factor remote user authentication schemes proposed by researchers for ensure high security features for network-based application systems. Recently, Das pointed out the security flaws of Li and Hwang's three-factor remote user authentication scheme, and proposed an enhanced biometrics-based three-factor remote user authentication scheme. Das's scheme overcomes the defects of Li and Hwang's scheme, and maintains the advantages of Li and Hwang's scheme at the same time. However, after detailed analysis, we find that Das's scheme remains vulnerable to forgery attack and stolen smart card attack; at the same time, Das's scheme cannot provide the session key agreement after the mutual authentication. To provide more security features, we design a three-factor remote user authentication scheme with key agreement using biometrics. Copyright © 2013 John Wiley & Sons, Ltd.

[1]  Shuenn-Shyang Wang,et al.  A secure dynamic ID based remote user authentication scheme for multi-server environment , 2009, Comput. Stand. Interfaces.

[2]  Shyi-Tsong Wu,et al.  A user friendly remote authentication scheme with smart cards , 2003, Comput. Secur..

[3]  Xiong Li,et al.  Cryptanalysis and improvement of a biometrics-based remote user authentication scheme using smart cards , 2011, J. Netw. Comput. Appl..

[4]  Min-Shiang Hwang,et al.  Security enhancement for the timestamp-based password authentication scheme using smart cards , 2003, Comput. Secur..

[5]  Chun-Ta Li,et al.  An efficient biometrics-based remote user authentication scheme using smart cards , 2010, J. Netw. Comput. Appl..

[6]  Amrita Saha,et al.  Secure Communication Using Reed-Muller Codes and Partially Balanced Design in Wireless Sensor Network , 2011, 2011 IEEE Ninth International Symposium on Parallel and Distributed Processing with Applications Workshops.

[7]  Ashok Kumar Das,et al.  Analysis and improvement on an efficient biometric-based remote user authentication scheme using smart cards , 2011, IET Inf. Secur..

[8]  Hung-Min Sun,et al.  Security of a Remote User Authentication Scheme Using Smart Cards(Internet) , 2004 .

[9]  Taher ElGamal,et al.  A public key cyryptosystem and signature scheme based on discrete logarithms , 1985 .

[10]  Kee-Young Yoo,et al.  ID-based password authentication scheme using smart cards and fingerprints , 2003, OPSR.

[11]  Jian Ma,et al.  A novel smart card and dynamic ID based remote user authentication scheme for multi-server environments , 2013, Math. Comput. Model..

[12]  J. K. Lee,et al.  Fingerprint-based remote user authentication scheme using smart cards , 2002 .

[13]  Li-Der Chou,et al.  A survey of black hole attacks in wireless mobile ad hoc networks , 2011, Human-centric Computing and Information Sciences.

[14]  Jin-Fu Chang,et al.  Smart card based secure password authentication scheme , 1996, Computers & security.

[15]  Xiaoping Wu,et al.  Cryptanalysis of a Remote User Authentication Scheme Using Smart Cards , 2009, 2009 5th International Conference on Wireless Communications, Networking and Mobile Computing.

[16]  Jian Ma,et al.  An efficient and security dynamic identity based authentication protocol for multi-server architecture using smart cards , 2012, J. Netw. Comput. Appl..

[17]  Leslie Lamport,et al.  Password authentication with insecure communication , 1981, CACM.

[18]  Min Gyo Chung,et al.  More secure remote user authentication scheme , 2009, Comput. Commun..

[19]  Jia-Yong Liu,et al.  A new mutual authentication scheme based on nonce and smart cards , 2008, Comput. Commun..

[20]  Michael Scott,et al.  Cryptanalysis of an ID-based password authentication scheme using smart cards and fingerprints , 2004, OPSR.

[21]  Paul C. Kocher,et al.  Differential Power Analysis , 1999, CRYPTO.

[22]  Kee-Young Yoo,et al.  Efficient nonce-based remote user authentication scheme using smart cards , 2005, Appl. Math. Comput..

[23]  Muhammad Khurram Khan,et al.  Improving the security of 'a flexible biometrics remote user authentication scheme' , 2007, Comput. Stand. Interfaces.

[24]  Min-Shiang Hwang,et al.  A new remote user authentication scheme for multi-server architecture , 2003, Future Gener. Comput. Syst..

[25]  Chu-Hsing Lin,et al.  A flexible biometrics remote user authentication scheme , 2004, Comput. Stand. Interfaces.

[26]  C.-C.,et al.  Remote password authentication with smart cards , 2004 .

[27]  Neil Haller,et al.  The S/KEY One-Time Password System , 1995, RFC.

[28]  Chun-I Fan,et al.  Robust remote authentication scheme with smart cards , 2005, Comput. Secur..

[29]  Chin-Chen Chang,et al.  Some Forgery Attacks on a Remote User Authentication Scheme Using Smart Cards , 2003, Informatica.

[30]  Chin-Chen Chang,et al.  Remarks on fingerprint-based remote user authentication scheme using smart cards , 2004, OPSR.

[31]  Wang Shiuh-Jeng,et al.  Refereed paper: Smart card based secure password authentication scheme , 1996 .

[32]  Robert H. Sloan,et al.  Examining Smart-Card Security under the Threat of Power Analysis Attacks , 2002, IEEE Trans. Computers.

[33]  Hung-Min Sun,et al.  An efficient remote use authentication scheme using smart cards , 2000, IEEE Trans. Consumer Electron..

[34]  Hung-Min Sun,et al.  An Efficient Remote User Authentication Scheme Using Smart Cards , 2000 .

[35]  Min-Shiang Hwang,et al.  A new remote user authentication scheme using smart cards , 2000, IEEE Trans. Consumer Electron..

[36]  Suela Kodra Fuzzy extractors : How to generate strong keys from biometrics and other noisy data , 2015 .