A software agent enabled biometric security algorithm for secure file access in consumer storage devices

In order to resist unauthorized access, consumer storage devices are typically protected using a low entropy password. However, storage devices are not fully protected against an adversary because the adversary can utilize an off-line dictionary attack to find the correct password and/or run an existing algorithm for resetting the existing password. In addition, a password protected device may also be stolen or misplaced allowing an adversary to easily retrieve all the stored confidential information from a removable storage device. In order to protect the consumer's confidential information that has been stored, this paper proposes a mutual authentication and key negotiation protocol that can be used to protect the confidential information in the device. The functionality of the protocol enables the storage device to be secure against relevant security attacks. A formal security analysis using Burrows-Abadi- Needham (BAN) logic is presented to verify the presented algorithm. In addition, a performance analysis of the proposed protocol reveals a significantly reduced communication overhead compared to the relevant literature.

[1]  Eun-Jun Yoon,et al.  Further improvement of an efficient password based remote user authentication scheme using smart cards , 2004, IEEE Transactions on Consumer Electronics.

[2]  Victor S. Miller,et al.  Use of Elliptic Curves in Cryptography , 1985, CRYPTO.

[3]  N. Koblitz Elliptic curve cryptosystems , 1987 .

[4]  Ruhul Amin,et al.  Anonymity preserving secure hash function based authentication scheme for consumer USB mass storage device , 2015, Proceedings of the 2015 Third International Conference on Computer, Communication, Control and Information Technology (C3IT).

[5]  E. Mohammed,et al.  Elliptic curve cryptosystems on smart cards , 2002, Proceedings IEEE 35th Annual 2001 International Carnahan Conference on Security Technology (Cat. No.01CH37186).

[6]  Rafail Ostrovsky,et al.  Fuzzy Extractors: How to Generate Strong Keys from Biometrics and Other Noisy Data , 2004, SIAM J. Comput..

[7]  Ruhul Amin,et al.  A secure light weight scheme for user authentication and key agreement in multi-gateway based wireless sensor networks , 2016, Ad Hoc Networks.

[8]  Cheng-Chi Lee,et al.  Three-factor control protocol based on elliptic curve cryptosystem for universal serial bus mass storage devices , 2013, IET Comput. Digit. Tech..

[9]  Martín Abadi,et al.  A logic of authentication , 1989, Proceedings of the Royal Society of London. A. Mathematical and Physical Sciences.

[10]  G. P. Biswas,et al.  A more efficient and secure ID-based remote mutual authentication with key agreement scheme for mobile devices on elliptic curve cryptosystem , 2011, J. Syst. Softw..

[11]  Min-Shiang Hwang,et al.  A new remote user authentication scheme using smart cards , 2000, IEEE Trans. Consumer Electron..

[12]  Robert Simon Sherratt,et al.  Enhanced three-factor security protocol for consumer USB mass storage devices , 2014, IEEE Transactions on Consumer Electronics.

[13]  Lee-Ming Cheng,et al.  Cryptanalysis of a remote user authentication scheme using smart cards , 2000, IEEE Trans. Consumer Electron..

[14]  Wei-Chi Ku,et al.  Weaknesses and improvements of an efficient password based remote user authentication scheme using smart cards , 2004, IEEE Transactions on Consumer Electronics.

[15]  Hung-Min Sun,et al.  An efficient remote use authentication scheme using smart cards , 2000, IEEE Trans. Consumer Electron..

[16]  Palash Sarkar,et al.  A Simple and Generic Construction of Authenticated Encryption with Associated Data , 2010, TSEC.

[17]  Naveen K. Chilamkurti,et al.  A secure temporal-credential-based mutual authentication and key agreement scheme with pseudo identity for wireless sensor networks , 2015, Inf. Sci..

[18]  Xavier Boyen,et al.  Reusable cryptographic fuzzy extractors , 2004, CCS '04.

[19]  Robert Simon Sherratt,et al.  A novel and efficient session spanning biometric and password based three-factor authentication protocol for consumer USB Mass Storage Devices , 2016, IEEE Transactions on Consumer Electronics.

[20]  Robert Simon Sherratt,et al.  Efficient biometric and password based mutual authentication for consumer USB mass storage devices , 2015, IEEE Transactions on Consumer Electronics.

[21]  Xiaoping Wu,et al.  Cryptanalysis of a Remote User Authentication Scheme Using Smart Cards , 2009, 2009 5th International Conference on Wireless Communications, Networking and Mobile Computing.

[22]  Fuw-Yi Yang,et al.  A secure control protocol for USB mass storage devices , 2010, IEEE Transactions on Consumer Electronics.

[23]  Ruhul Amin,et al.  A Novel User Authentication and Key Agreement Protocol for Accessing Multi-Medical Server Usable in TMIS , 2015, Journal of Medical Systems.

[24]  Martín Abadi,et al.  A logic of authentication , 1990, TOCS.

[25]  Leslie Lamport,et al.  Password authentication with insecure communication , 1981, CACM.