A novel and provably secure biometrics-based three-factor remote authentication scheme for mobile client-server networks

Display Omitted We point out that Yeh et al.'s scheme is not secure because it has several disadvantages in security.We point out that Khan et al.'s scheme is not secure with some weaknesses.We present a new three-factor scheme based on ECC.We prove our scheme secure with a formal proof and analysis.By comparing with some latest schemes, our scheme is more practical for application due to the security and efficiency. The biometrics, the password and the storage device are the elements of the three-factor authentication. In 2013, Yeh et al. proposed a three-factor user authentication scheme based on elliptic curve cryptography. However, we find that it has weaknesses including useless user identity, ambiguous process, no session key and no mutual authentication. Also, it cannot resist the user forgery attack and the server spoofing attack. Moreover, Khan et al. propose a fingerprint-based remote authentication scheme with mobile devices. Unfortunately it cannot withstand the user impersonation attack and the De-synchronization attack. Furthermore, the user's identity cannot be anonymous, either. To overcome the disadvantages, we propose a new three-factor remote authentication scheme and give a formal proof with strong forward security. It could provide the user's privacy and is secure. Compared to some recent three-factor authentication schemes, our scheme is secure and practical.

[1]  Zuowen Tan,et al.  A User Anonymity Preserving Three-Factor Authentication Scheme for Telecare Medicine Information Systems , 2014, Journal of Medical Systems.

[2]  Muhammad Khurram Khan,et al.  Further cryptanalysis of ‘A remote authentication scheme using mobile device’ , 2012, 2012 Fourth International Conference on Computational Aspects of Social Networks (CASoN).

[3]  Xiong Li,et al.  Robust Biometrics Based Three-Factor Remote User Authentication Scheme with Key Agreement , 2013, 2013 International Symposium on Biometrics and Security Technologies.

[4]  David Pointcheval,et al.  Multi-factor Authenticated Key Exchange , 2008, ACNS.

[5]  Liling Cao,et al.  Analysis and improvement of a multi-factor biometric authentication scheme , 2015, Secur. Commun. Networks.

[6]  Ashok Kumar Das,et al.  Analysis and improvement on an efficient biometric-based remote user authentication scheme using smart cards , 2011, IET Inf. Secur..

[7]  Wei-Kuan Shih,et al.  Robust elliptic curve cryptography-based three factor user authentication providing privacy of biometric data , 2013, IET Inf. Secur..

[8]  Chun-I Fan,et al.  Provably Secure Remote Truly Three-Factor Authentication Scheme With Privacy Protection on Biometrics , 2009, IEEE Transactions on Information Forensics and Security.

[9]  Paul C. Kocher,et al.  Differential Power Analysis , 1999, CRYPTO.

[10]  Xiaomin Wang,et al.  Chaotic hash-based fingerprint biometric remote user authentication scheme on mobile devices , 2008 .

[11]  Xiaojun Zhang,et al.  A Secure RFID Mutual Authentication Protocol for Healthcare Environments Using Elliptic Curve Cryptography , 2015, Journal of Medical Systems.

[12]  Muhammad Khurram Khan,et al.  An Improved Biometrics-Based Remote User Authentication Scheme with User Anonymity , 2013, BioMed research international.

[13]  Xiong Li,et al.  An improved remote user authentication scheme with key agreement , 2014, Comput. Electr. Eng..

[14]  Cheng-Chi Lee,et al.  Mobile device integration of a fingerprint biometric remote authentication scheme , 2012, Int. J. Commun. Syst..

[15]  Muhammad Khurram Khan,et al.  More efficient key-hash based fingerprint remote authentication scheme using mobile device , 2014, Computing.

[16]  Muhammad Khurram Khan,et al.  Cryptanalysis and Improvement of Yan et al.’s Biometric-Based Authentication Scheme for Telecare Medicine Information Systems , 2013, Journal of Medical Systems.

[17]  Muhammad Khurram Khan,et al.  Security Enhancement of a Biometric based Authentication Scheme for Telecare Medicine Information Systems with Nonce , 2014, Journal of Medical Systems.

[18]  Fan Wu,et al.  An improved and provable remote user authentication scheme based on elliptic curve cryptosystem with user anonymity , 2015, Secur. Commun. Networks.

[19]  Younghwa An,et al.  Security Analysis and Enhancements of an Effective Biometric-Based Remote User Authentication Scheme Using Smart Cards , 2012, Journal of biomedicine & biotechnology.

[20]  Anh Duc Duong,et al.  Robust Mobile Device Integration of a Fingerprint Biometric Remote Authentication Scheme , 2012, 2012 IEEE 26th International Conference on Advanced Information Networking and Applications.

[21]  Fan Wu,et al.  Cryptanalysis and Improvement of a User Authentication Scheme Preserving Uniqueness and Anonymity for Connected Health Care , 2015, Journal of Medical Systems.

[22]  Chun-Ta Li,et al.  An efficient biometrics-based remote user authentication scheme using smart cards , 2010, J. Netw. Comput. Appl..