Efficient biometric and password based mutual authentication for consumer USB mass storage devices

A Universal Serial Bus (USB) Mass Storage Device (MSD), often termed a USB flash drive, is ubiquitously used to store important information in unencrypted binary format. This low cost consumer device is incredibly popular due to its size, large storage capacity and relatively high transfer speed. However, if the device is lost or stolen an unauthorized person can easily retrieve all the information. Therefore, it is advantageous in many applications to provide security protection so that only authorized users can access the stored information. In order to provide security protection for a USB MSD, this paper proposes a session key agreement protocol after secure user authentication. The main aim of this protocol is to establish session key negotiation through which all the information retrieved, stored and transferred to the USB MSD is encrypted. This paper not only contributes an efficient protocol, but also does not suffer from the forgery attack and the password guessing attack as compared to other protocols in the literature. This paper analyses the security of the proposed protocol through a formal analysis which proves that the information is stored confidentially and is protected offering strong resilience to relevant security attacks. The computational cost and communication cost of the proposed scheme is analyzed and compared to related work to show that the proposed scheme has an improved tradeoff for computational cost, communication cost and security.

[1]  Fuw-Yi Yang,et al.  A secure control protocol for USB mass storage devices , 2010, IEEE Transactions on Consumer Electronics.

[2]  Ashok Kumar Das,et al.  Analysis and improvement on an efficient biometric-based remote user authentication scheme using smart cards , 2011, IET Inf. Secur..

[3]  Younghwa An,et al.  Security Analysis and Enhancements of an Effective Biometric-Based Remote User Authentication Scheme Using Smart Cards , 2012, Journal of biomedicine & biotechnology.

[4]  Xavier Boyen,et al.  Reusable cryptographic fuzzy extractors , 2004, CCS '04.

[5]  Chun-Ta Li,et al.  An efficient biometrics-based remote user authentication scheme using smart cards , 2010, J. Netw. Comput. Appl..

[6]  Paul C. Kocher,et al.  Differential Power Analysis , 1999, CRYPTO.

[7]  Liu Shouyin,et al.  An Improved Biometric-Based User Authentication Scheme for C/S System , 2014 .

[8]  Kwang-Seok Hong,et al.  Multimodal biometric authentication using teeth image and voice in mobile environment , 2008, IEEE Transactions on Consumer Electronics.

[9]  Xiong Li,et al.  Robust three-factor remote user authentication scheme with key agreement for multimedia systems , 2016, Secur. Commun. Networks.

[10]  D. Harkins,et al.  Simultaneous Authentication of Equals: A Secure, Password-Based Key Exchange for Mesh Networks , 2008, 2008 Second International Conference on Sensor Technologies and Applications (sensorcomm 2008).

[11]  Feng Hao,et al.  The SPEKE Protocol Revisited , 2014, SSR.

[12]  Xiaoping Wu,et al.  Cryptanalysis of a Remote User Authentication Scheme Using Smart Cards , 2009, 2009 5th International Conference on Wireless Communications, Networking and Mobile Computing.

[13]  Robert Simon Sherratt,et al.  Enhanced three-factor security protocol for consumer USB mass storage devices , 2014, IEEE Transactions on Consumer Electronics.

[14]  Yu Xiuyuan A Modified Remote User Authentication Scheme Using Smart Cards , 2008 .

[15]  Min-Shiang Hwang,et al.  A new remote user authentication scheme using smart cards , 2000, IEEE Trans. Consumer Electron..

[16]  Suela Kodra Fuzzy extractors : How to generate strong keys from biometrics and other noisy data , 2015 .

[17]  Wei-Chi Ku,et al.  Weaknesses and improvements of an efficient password based remote user authentication scheme using smart cards , 2004, IEEE Transactions on Consumer Electronics.

[18]  David P. Jablon Strong password-only authenticated key exchange , 1996, CCRV.

[19]  Hung-Min Sun,et al.  An efficient remote use authentication scheme using smart cards , 2000, IEEE Trans. Consumer Electron..

[20]  Palash Sarkar,et al.  A Simple and Generic Construction of Authenticated Encryption with Associated Data , 2010, TSEC.

[21]  Robert H. Sloan,et al.  Examining Smart-Card Security under the Threat of Power Analysis Attacks , 2002, IEEE Trans. Computers.

[22]  Eun-Jun Yoon,et al.  Efficient remote user authentication scheme based on generalized ElGamal signature scheme , 2004, IEEE Transactions on Consumer Electronics.

[23]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[24]  Srivaths Ravi,et al.  A study of the energy consumption characteristics of cryptographic algorithms and security protocols , 2006, IEEE Transactions on Mobile Computing.