Enhanced three-factor security protocol for consumer USB mass storage devices

The Universal Serial Bus (USB) is an extremely popular interface standard for computer peripheral connections and is widely used in consumer Mass Storage Devices (MSDs). While current consumer USB MSDs provide relatively high transmission speed and are convenient to carry, the use of USB MSDs has been prohibited in many commercial and everyday environments primarily due to security concerns. Security protocols have been previously proposed and a recent approach for the USB MSDs is to utilize multi-factor authentication. This paper proposes significant enhancements to the three-factor control protocol that now makes it secure under many types of attacks including the password guessing attack, the denial-of-service attack, and the replay attack. The proposed solution is presented with a rigorous security analysis and practical computational cost analysis to demonstrate the usefulness of this new security protocol for consumer USB MSDs.

[1]  Ashok Kumar Das,et al.  Analysis and improvement on an efficient biometric-based remote user authentication scheme using smart cards , 2011, IET Inf. Secur..

[2]  Eun-Jun Yoon,et al.  Further improvement of an efficient password based remote user authentication scheme using smart cards , 2004, IEEE Transactions on Consumer Electronics.

[3]  Wei-Chi Ku,et al.  Weaknesses and improvements of an efficient password based remote user authentication scheme using smart cards , 2004, IEEE Transactions on Consumer Electronics.

[4]  C. P. Schnorr,et al.  Efficient Identification and Signatures for Smart Cards (Abstract) , 1989, EUROCRYPT.

[5]  Min-Shiang Hwang,et al.  A new remote user authentication scheme using smart cards , 2000, IEEE Trans. Consumer Electron..

[6]  Kwang-Seok Hong,et al.  Multimodal biometric authentication using teeth image and voice in mobile environment , 2008, IEEE Transactions on Consumer Electronics.

[7]  Suela Kodra Fuzzy extractors : How to generate strong keys from biometrics and other noisy data , 2015 .

[8]  Wei-Bin Lee,et al.  A Secure Authentication Scheme with Anonymity for Wireless Communications , 2008, IEEE Commun. Lett..

[9]  Cheng-Chi Lee,et al.  Three-factor control protocol based on elliptic curve cryptosystem for universal serial bus mass storage devices , 2013, IET Comput. Digit. Tech..

[10]  Chun-Ta Li,et al.  An efficient biometrics-based remote user authentication scheme using smart cards , 2010, J. Netw. Comput. Appl..

[11]  Jean-Marie Bonnin,et al.  HOTA: Handover optimized ticket-based authentication in network-based mobility management , 2013, Inf. Sci..

[12]  Marwan Al-Zarouni,et al.  The reality of risks from consented use of USB devices , 2006 .

[13]  Sang-Heon Lee,et al.  Illumination-robust face recognition system based on differential components , 2012, IEEE Transactions on Consumer Electronics.

[14]  Kyung-Ah Shim,et al.  Security Flaws in Three Password-Based Remote User Authentication Schemes with Smart Cards , 2012, Cryptologia.

[15]  Martín Abadi,et al.  A logic of authentication , 1990, TOCS.

[16]  Fuw-Yi Yang,et al.  A secure control protocol for USB mass storage devices , 2010, IEEE Transactions on Consumer Electronics.

[17]  Alfred Menezes,et al.  Guide to Elliptic Curve Cryptography , 2004, Springer Professional Computing.

[18]  Claus-Peter Schnorr,et al.  Efficient signature generation by smart cards , 2004, Journal of Cryptology.

[19]  Kwang-Seok Hong,et al.  Person authentication using face, teeth and voice modalities for mobile device security , 2010, IEEE Transactions on Consumer Electronics.

[20]  Wei-Kuan Shih,et al.  Weaknesses and improvements of the Yoon-Ryu-Yoo remote user authentication scheme using smart cards , 2009, Comput. Commun..