Security analysis and enhancements of a multi-factor biometric authentication scheme

The security of authentication scheme, especially multi-factor biometric authentication scheme based on password, smart card, and biometric in wireless communication is an important and significant issue that researchers have been focusing on lately. Most recently, Liling Cao et al. improved a multi-factor biometric authentication scheme which demonstrated that their scheme can resist masquerading attack, user masquerading attack, replay attack, and provide mutual authentication, and so on. In this paper, it is indicated that their scheme is vulnerable to stolen smart card attack, user impersonation attack, server impersonation attack and man-in-the-middle-attack. Then, in order to avoid these attacks, a revised scheme with slight high computation costs but more security than other related schemes is presented.

[1]  Younghwa An,et al.  Security Analysis and Enhancements of an Effective Biometric-Based Remote User Authentication Scheme Using Smart Cards , 2012, Journal of biomedicine & biotechnology.

[2]  Xiong Li,et al.  A novel user authentication scheme with anonymity for wireless communications , 2014, Secur. Commun. Networks.

[3]  Chun-Ta Li,et al.  An efficient biometrics-based remote user authentication scheme using smart cards , 2010, J. Netw. Comput. Appl..

[4]  J. K. Lee,et al.  Fingerprint-based remote user authentication scheme using smart cards , 2002 .

[5]  Liling Cao,et al.  Analysis and improvement of a multi-factor biometric authentication scheme , 2015, Secur. Commun. Networks.

[6]  Leslie Lamport,et al.  Password authentication with insecure communication , 1981, CACM.

[7]  Chun-I Fan,et al.  Provably Secure Remote Truly Three-Factor Authentication Scheme With Privacy Protection on Biometrics , 2009, IEEE Transactions on Information Forensics and Security.

[8]  Chin-Chen Chang,et al.  Remarks on fingerprint-based remote user authentication scheme using smart cards , 2004, OPSR.

[9]  Michael Scott,et al.  Cryptanalysis of an ID-based password authentication scheme using smart cards and fingerprints , 2004, OPSR.

[10]  Hung-Min Sun,et al.  Cryptanalysis of a fingerprint-based remote user authentication scheme using smart cards , 2003, IEEE 37th Annual 2003 International Carnahan Conference onSecurity Technology, 2003. Proceedings..

[11]  Chu-Hsing Lin,et al.  A flexible biometrics remote user authentication scheme , 2004, Comput. Stand. Interfaces.

[12]  Muhammad Khurram Khan,et al.  Improving the security of 'a flexible biometrics remote user authentication scheme' , 2007, Comput. Stand. Interfaces.

[13]  Siva Sai Yerubandi,et al.  Differential Power Analysis , 2002 .

[14]  Robert H. Sloan,et al.  Examining Smart-Card Security under the Threat of Power Analysis Attacks , 2002, IEEE Trans. Computers.

[15]  Kee-Young Yoo,et al.  ID-based password authentication scheme using smart cards and fingerprints , 2003, OPSR.

[16]  Ashok Kumar Das,et al.  Analysis and improvement on an efficient biometric-based remote user authentication scheme using smart cards , 2011, IET Inf. Secur..

[17]  Hisham Al-Assam,et al.  Multi-factor challenge/response approach for remote biometric authentication , 2011, Defense + Commercial Sensing.