Security analysis and enhancements of an improved multi-factor biometric authentication scheme

Many remote user authentication schemes have been designed and developed to establish secure and authorized communication between a user and server over an insecure channel. By employing a secure remote user authentication scheme, a user and server can authenticate each other and utilize advanced services. In 2015, Cao and Ge demonstrated that An’s scheme is also vulnerable to several attacks and does not provide user anonymity. They also proposed an improved multi-factor biometric authentication scheme. However, we review and cryptanalyze Cao and Ge’s scheme and demonstrate that their scheme fails in correctness and providing user anonymity and is vulnerable to ID guessing attack and server masquerading attack. To overcome these drawbacks, we propose a security-improved authentication scheme that provides a dynamic ID mechanism and better security functionalities. Then, we show that our proposed scheme is secure against various attacks and prove the security of the proposed scheme using BAN Logic.

[1]  Loris Nanni,et al.  An improved BioHashing for human authentication , 2007, Pattern Recognit..

[2]  Chin-Chen Chang,et al.  An Improved Biometrics-based User Authentication Scheme without Concurrency System , 2010, International Journal of Intelligent Information Processing.

[3]  Martín Abadi,et al.  A logic of authentication , 1990, TOCS.

[4]  Wei-Chi Ku,et al.  Further cryptanalysis of fingerprint-based remote user authentication scheme using smartcards , 2005 .

[5]  Sourav Mukhopadhyay,et al.  A secure password-based authentication and key agreement scheme using smart cards , 2015, J. Inf. Secur. Appl..

[6]  Wei Liang,et al.  Cryptanalysis of a dynamic identity‐based remote user authentication scheme with verifiable password update , 2015, Int. J. Commun. Syst..

[7]  R. C. Mittal,et al.  Dynamic ID-based remote user password authentication schemes using smart cards: A review , 2012, J. Netw. Comput. Appl..

[8]  Tianjie Cao,et al.  Improved Dynamic ID-based Authentication Scheme for Telecare Medical Information Systems , 2013, Journal of Medical Systems.

[9]  Andrew Beng Jin Teoh,et al.  Biohashing: two factor authentication featuring fingerprint data and tokenised random number , 2004, Pattern Recognit..

[10]  Min-Shiang Hwang,et al.  A new remote user authentication scheme using smart cards , 2000, IEEE Trans. Consumer Electron..

[11]  Hung-Min Sun,et al.  An efficient remote use authentication scheme using smart cards , 2000, IEEE Trans. Consumer Electron..

[12]  Muhammad Khurram Khan,et al.  An anonymous biometric-based remote user-authenticated key agreement scheme for multimedia systems , 2017, Int. J. Commun. Syst..

[13]  Zuowen Tan,et al.  A User Anonymity Preserving Three-Factor Authentication Scheme for Telecare Medicine Information Systems , 2014, Journal of Medical Systems.

[14]  Younghwa An,et al.  Security Analysis and Enhancements of an Effective Biometric-Based Remote User Authentication Scheme Using Smart Cards , 2012, Journal of biomedicine & biotechnology.

[15]  Cheng-Chi Lee,et al.  A remote user authentication scheme using hash functions , 2002, OPSR.

[16]  Xiong Li,et al.  An improved remote user authentication scheme with key agreement , 2014, Comput. Electr. Eng..

[17]  Hung-Yu Chien,et al.  An Efficient and Practical Solution to Remote Authentication: Smart Card , 2002, Comput. Secur..

[18]  Xiong Li,et al.  Robust three-factor remote user authentication scheme with key agreement for multimedia systems , 2016, Secur. Commun. Networks.

[19]  Ya-Fen Chang,et al.  A Uniqueness-and-Anonymity-Preserving Remote User Authentication Scheme for Connected Health Care , 2013, Journal of Medical Systems.

[20]  Dheerendra Mishra On the Security Flaws in ID-based Password Authentication Schemes for Telecare Medical Information Systems , 2014, Journal of Medical Systems.

[21]  Ashok Kumar Das,et al.  Analysis and improvement on an efficient biometric-based remote user authentication scheme using smart cards , 2011, IET Inf. Secur..

[22]  Ashok Kumar Das,et al.  A Secure and Efficient Uniqueness-and-Anonymity-Preserving Remote User Authentication Scheme for Connected Health Care , 2013, Journal of Medical Systems.

[23]  Christophe Rosenberger,et al.  Biohashing for Securing Minutiae Template , 2010, 2010 20th International Conference on Pattern Recognition.

[24]  Chun-Ta Li,et al.  An efficient biometrics-based remote user authentication scheme using smart cards , 2010, J. Netw. Comput. Appl..

[25]  Liling Cao,et al.  Analysis and improvement of a multi-factor biometric authentication scheme , 2015, Secur. Commun. Networks.