Bio-AKA: An efficient fingerprint based two factor user authentication and key agreement scheme

Abstract The fingerprint has long been used as one of the most important biological features in the field of biometrics. It is person-specific and remain identical though out one’s lifetime. Physically uncloneable functions (PUFs) have been used in authentication protocols due to the unique physical feature of it. In this paper, we take full advantage of the inherent security features of user’s fingerprint biometrics and PUFs to design a new user authentication and key agreement scheme, namely Bio-AKA, which meets the desired security characteristics. To protect the privacy and strengthen the security of biometric data and to improve the robustness of the proposed scheme, the fuzzy extractor is employed. The scheme proposed in the paper can protect user’s anonymity without the use of password and allow mutual authentication with key agreement. The experimental results show superior robustness and the simplicity of our proposed scheme has been validated via our performance and security analysis. The scheme can be an ideal candidate for real life applications that requires remote user authentication.

[1]  Kim-Kwang Raymond Choo,et al.  Cloud-Based Biometrics (Biometrics as a Service) for Smart Cities, Nations, and Beyond , 2018, IEEE Cloud Computing.

[2]  Xiong Li,et al.  Applying biometrics to design three-factor remote user authentication scheme with key agreement , 2014, Secur. Commun. Networks.

[3]  Min-Shiang Hwang,et al.  A new remote user authentication scheme using smart cards , 2000, IEEE Trans. Consumer Electron..

[4]  Anas Abou El Kalam,et al.  Analysis and enhancements of an efficient biometric-based remote user authentication scheme using smart cards , 2016, 2016 IEEE/ACS 13th International Conference of Computer Systems and Applications (AICCSA).

[5]  Lee-Ming Cheng,et al.  Cryptanalysis of a remote user authentication scheme using smart cards , 2000, IEEE Trans. Consumer Electron..

[6]  Robert H. Sloan,et al.  Examining Smart-Card Security under the Threat of Power Analysis Attacks , 2002, IEEE Trans. Computers.

[7]  Geong Sen Poh,et al.  PrivHome: Privacy-Preserving Authenticated Communication in Smart Home Environment , 2019, IEEE Transactions on Dependable and Secure Computing.

[8]  Sourav Mukhopadhyay,et al.  A privacy preserving biometric-based three-factor remote user authenticated key agreement scheme , 2017, J. Inf. Secur. Appl..

[9]  Biplab Sikdar,et al.  Privacy-Aware Authenticated Key Agreement Scheme for Secure Smart Grid Communication , 2019, IEEE Transactions on Smart Grid.

[10]  T. Elgamal A public key cryptosystem and a signature scheme based on discrete logarithms , 1984, CRYPTO 1984.

[11]  Yiu-Ming Cheung,et al.  Inference-Based Similarity Search in Randomized Montgomery Domains for Privacy-Preserving Biometric Identification , 2017, IEEE Transactions on Pattern Analysis and Machine Intelligence.

[12]  Xiaomin Wang,et al.  Chaotic hash-based fingerprint biometric remote user authentication scheme on mobile devices , 2008 .

[13]  Cheng-Chi Lee,et al.  Mobile device integration of a fingerprint biometric remote authentication scheme , 2012, Int. J. Commun. Syst..

[14]  Arun Ross,et al.  50 years of biometric research: Accomplishments, challenges, and opportunities , 2016, Pattern Recognit. Lett..

[15]  Muhammad Khurram Khan,et al.  Improving the security of 'a flexible biometrics remote user authentication scheme' , 2007, Comput. Stand. Interfaces.

[16]  Tugrul Yanik,et al.  A Survey of SIP Authentication and Key Agreement Schemes , 2014, IEEE Communications Surveys & Tutorials.

[17]  Jian Ren,et al.  PassBio: Privacy-Preserving User-Centric Biometric Authentication , 2017, IEEE Transactions on Information Forensics and Security.

[18]  Martín Abadi,et al.  A logic of authentication , 1989, Proceedings of the Royal Society of London. A. Mathematical and Physical Sciences.

[19]  Ashok Kumar Das,et al.  Analysis and improvement on an efficient biometric-based remote user authentication scheme using smart cards , 2011, IET Inf. Secur..

[20]  Leslie Lamport,et al.  Password authentication with insecure communication , 1981, CACM.

[21]  Younghwa An,et al.  Security Analysis and Enhancements of an Effective Biometric-Based Remote User Authentication Scheme Using Smart Cards , 2012, Journal of biomedicine & biotechnology.

[22]  Anh Duc Duong,et al.  Robust Mobile Device Integration of a Fingerprint Biometric Remote Authentication Scheme , 2012, 2012 IEEE 26th International Conference on Advanced Information Networking and Applications.

[23]  Muhammad Khurram Khan,et al.  More efficient key-hash based fingerprint remote authentication scheme using mobile device , 2014, Computing.

[24]  Ashok Kumar Das,et al.  Lightweight and Physically Secure Anonymous Mutual Authentication Protocol for Real-Time Data Access in Industrial Wireless Sensor Networks , 2019, IEEE Transactions on Industrial Informatics.

[25]  Biplab Sikdar,et al.  Lightweight and Privacy-Friendly Spatial Data Aggregation for Secure Power Supply and Demand Management in Smart Grids , 2019, IEEE Transactions on Information Forensics and Security.

[26]  Chu-Hsing Lin,et al.  A flexible biometrics remote user authentication scheme , 2004, Comput. Stand. Interfaces.

[27]  Dawu Gu,et al.  Efficient Fuzzy Extraction of PUF-Induced Secrets: Theory and Applications , 2016, CHES.

[28]  Rafail Ostrovsky,et al.  Fuzzy Extractors: How to Generate Strong Keys from Biometrics and Other Noisy Data , 2004, SIAM J. Comput..

[29]  J. K. Lee,et al.  Fingerprint-based remote user authentication scheme using smart cards , 2002 .

[30]  Dong Hoon Lee,et al.  A remote user authentication scheme without using smart cards , 2009, Comput. Stand. Interfaces.

[31]  Muhammad Khurram Khan,et al.  An Improved Biometrics-Based Remote User Authentication Scheme with User Anonymity , 2013, BioMed research international.