Robust extended chaotic maps-based three-factor authentication scheme preserving biometric template privacy

Due to its high level of security, three-factor authentication combining password, smart card and biometrics has received much interest in the past decades. Recently, Islam proposed a dynamic identity-based three-factor authentication scheme using extended chaotic map which attempts to fulfill three-factor security and resist various known attacks, offering many advantages over existing works. However, in this paper we first show that the process of password verification in the login phase is invalid. Besides this defect, it is also vulnerable to user impersonation attack and off-line password guessing attack, under the condition that the smart card is lost or stolen. Furthermore, it fails to preserve biometric template privacy in the case that the password and the smart card are compromised. To remedy these flaws, we propose a robust three-factor authentication scheme, which not only resists various known attacks, but also provides more desired security features. We demonstrate that our scheme provides mutual authentication using the Burrows–Abadi–Needham logic. Our scheme provides high security strength as well as low computational cost.

[1]  Martín Abadi,et al.  A logic of authentication , 1990, TOCS.

[2]  Robert H. Sloan,et al.  Examining Smart-Card Security under the Threat of Power Analysis Attacks , 2002, IEEE Trans. Computers.

[3]  Siva Sai Yerubandi,et al.  Differential Power Analysis , 2002 .

[4]  L. O'Gorman,et al.  Comparing passwords, tokens, and biometrics for user authentication , 2003, Proceedings of the IEEE.

[5]  Yevgeniy Dodis,et al.  Fuzzy Extractors: How to Generate Strong Keys from Biometrics and Other Noisy Data , 2004, EUROCRYPT.

[6]  Chu-Hsing Lin,et al.  A flexible biometrics remote user authentication scheme , 2004, Comput. Stand. Interfaces.

[7]  Alfredo De Santis,et al.  Security of public-key cryptosystems based on Chebyshev polynomials , 2004, IEEE Transactions on Circuits and Systems I: Regular Papers.

[8]  Pekka Nikander Enhancing Privacy with Shared Pseudo Random Sequences , 2005, Security Protocols Workshop.

[9]  Muhammad Khurram Khan,et al.  Improving the security of 'a flexible biometrics remote user authentication scheme' , 2007, Comput. Stand. Interfaces.

[10]  Anil K. Jain,et al.  Securing fingerprint template: Fuzzy vault with minutiae descriptors , 2008, 2008 19th International Conference on Pattern Recognition.

[11]  Linhua Zhang Cryptanalysis of the public key encryption based on multiple chaotic systems , 2008 .

[12]  Xiaomin Wang,et al.  Chaotic hash-based fingerprint biometric remote user authentication scheme on mobile devices , 2008 .

[13]  Chun-I Fan,et al.  Provably Secure Remote Truly Three-Factor Authentication Scheme With Privacy Protection on Biometrics , 2009, IEEE Transactions on Information Forensics and Security.

[14]  Chun-Ta Li,et al.  An efficient biometrics-based remote user authentication scheme using smart cards , 2010, J. Netw. Comput. Appl..

[15]  Robert H. Deng,et al.  A Generic Framework for Three-Factor Authentication: Preserving Security and Privacy in Distributed Systems , 2011, IEEE Transactions on Parallel and Distributed Systems.

[16]  Xiong Li,et al.  Cryptanalysis and improvement of a biometrics-based remote user authentication scheme using smart cards , 2011, J. Netw. Comput. Appl..

[17]  Xingyuan Wang,et al.  An anonymous key agreement protocol based on chaotic maps , 2011 .

[18]  Ashok Kumar Das,et al.  Analysis and improvement on an efficient biometric-based remote user authentication scheme using smart cards , 2011, IET Inf. Secur..

[19]  Cheng-Chi Lee,et al.  An extended chaotic maps-based key agreement protocol with user anonymity , 2011, Nonlinear Dynamics.

[20]  Debiao He,et al.  Cryptanalysis and improvement of an extended chaotic maps-based key agreement protocol , 2012, Nonlinear Dynamics.

[21]  Chunguang Ma,et al.  Robust Smart Card based Password Authentication Scheme against Smart Card Loss Problem , 2012, IACR Cryptol. ePrint Arch..

[22]  Ping Li,et al.  A secure chaotic maps-based key agreement protocol without using smart cards , 2012 .

[23]  Qinghai Yang,et al.  A Chaotic Map-based Authentication Scheme for Telecare Medicine Information Systems , 2013, Journal of Medical Systems.

[24]  Peilin Hong,et al.  Security improvement on an anonymous key agreement protocol based on chaotic maps , 2012 .

[25]  Cheng-Chi Lee,et al.  A secure biometric-based remote user authentication with key agreement scheme using extended chaotic maps , 2012, Nonlinear Dynamics.

[26]  David C. Yen,et al.  Understanding the Mediating Effects of Relationship Quality on Technology Acceptance: An Empirical Study of E-Appointment System , 2013, Journal of Medical Systems.

[27]  Peng Gong,et al.  Cryptanalysis and improvement of a three-party key agreement protocol using enhanced Chebyshev polynomials , 2013, Nonlinear Dynamics.

[28]  Cheng-Chi Lee,et al.  A three-party password-based authenticated key exchange protocol with user anonymity using extended chaotic maps , 2013, Nonlinear Dynamics.

[29]  Cheng-Chi Lee,et al.  An extended chaotic maps based user authentication and privacy preserving scheme against DoS attacks in pervasive and ubiquitous computing environments , 2013, Nonlinear Dynamics.

[30]  Raphael C.-W. Phan,et al.  Security Analysis of a Chaotic Map-based Authentication Scheme for Telecare Medicine Information Systems , 2013, Journal of Medical Systems.

[31]  Chin-Chen Chang,et al.  Chaotic maps-based password-authenticated key agreement using smart cards , 2013, Commun. Nonlinear Sci. Numer. Simul..

[32]  Zuowen Tan,et al.  A chaotic maps-based authenticated key agreement protocol with strong anonymity , 2013, Nonlinear Dynamics.

[33]  Qi Xie,et al.  Chaotic maps-based three-party password-authenticated key agreement scheme , 2013, Nonlinear Dynamics.

[34]  J. Pieprzyk,et al.  Provably secure three-party key agreement protocol using Chebyshev chaotic maps in the standard model , 2014 .

[35]  Jianfeng Ma,et al.  Robust Chaotic Map-based Authentication and Key Agreement Scheme with Strong Anonymity for Telecare Medicine Information Systems , 2014, Journal of Medical Systems.

[36]  Xiong Li,et al.  Applying biometrics to design three-factor remote user authentication scheme with key agreement , 2014, Secur. Commun. Networks.

[37]  Sk Hafizul Islam,et al.  Provably secure dynamic identity-based three-factor password authentication scheme using extended chaotic maps , 2014 .

[38]  Robert Simon Sherratt,et al.  Enhanced three-factor security protocol for consumer USB mass storage devices , 2014, IEEE Transactions on Consumer Electronics.

[39]  Cheng-Chi Lee,et al.  An extended chaotic-maps-based protocol with key agreement for multiserver environments , 2013, Nonlinear Dynamics.

[40]  Dawei Zhao,et al.  A Secure and Effective Anonymous Authentication Scheme for Roaming Service in Global Mobility Networks , 2013, Wireless Personal Communications.

[41]  Jianfeng Ma,et al.  An Efficient Ticket Based Authentication Protocol with Unlinkability for Wireless Access Networks , 2014, Wireless Personal Communications.

[42]  J. Kurths,et al.  Chaos–order transition in foraging behavior of ants , 2014, Proceedings of the National Academy of Sciences.

[43]  Yi Mu,et al.  An Efficient Generic Framework for Three-Factor Authentication With Provably Secure Instantiation , 2014, IEEE Transactions on Information Forensics and Security.

[44]  Jin Wang,et al.  A Variable Threshold-Value Authentication Architecture for Wireless Mesh Networks , 2014 .

[45]  Mohammad Sabzinejad Farash,et al.  An efficient and provably secure three-party password-based authenticated key exchange protocol based on Chebyshev chaotic maps , 2014, Nonlinear Dynamics.

[46]  Raphael C.-W. Phan,et al.  Cryptanalysis of a chaotic map-based password-authenticated key agreement protocol using smart cards , 2015 .

[47]  Jianfeng Ma,et al.  An efficient two-factor user authentication scheme with unlinkability for wireless sensor networks , 2015, Peer-to-Peer Netw. Appl..

[48]  Jin Wang,et al.  Mutual Verifiable Provable Data Auditing in Public Cloud Storage , 2015 .

[49]  Ping Wang,et al.  Preserving privacy for free: Efficient and provably secure two-factor authentication scheme with user anonymity , 2015, Inf. Sci..

[50]  Tian-Fu Lee,et al.  Enhancing the security of password authenticated key agreement protocols based on chaotic maps , 2015, Inf. Sci..

[51]  Debiao He,et al.  Robust Biometrics-Based Authentication Scheme for Multiserver Environment , 2015, IEEE Systems Journal.

[52]  Ping Wang,et al.  Anonymous Two-Factor Authentication in Distributed Systems: Certain Goals Are Beyond Attainment , 2015, IEEE Transactions on Dependable and Secure Computing.

[53]  Xingming Sun,et al.  Achieving Efficient Cloud Search Services: Multi-Keyword Ranked Search over Encrypted Cloud Data Supporting Parallel Computing , 2015, IEICE Trans. Commun..

[54]  Zhihua Xia,et al.  A Secure and Dynamic Multi-Keyword Ranked Search Scheme over Encrypted Cloud Data , 2016, IEEE Transactions on Parallel and Distributed Systems.