Abstract
Remote user authentication is a very important mechanism in the network system to verify the correctness of remote user and server over the insecure channel. In remote user authentication, server and user mutually authenticate each other and draw a session key. In 2012, An presented a biometric based remote user authentication scheme and claimed that his scheme is secure. In this article, we analyze An’s scheme and show that his scheme is vulnerable to known session specific temporary information attack, forward secrecy attack. Moreover, we also identify that An’s scheme fails to ensure efficient login phase and user anonymity. Recently, Li et al. also presented a biometric based three-factor remote user authentication scheme with key agreement. They claimed that their scheme provides three-factor remote user authentication. However, we analyze and find that scheme does not achieve three-factor remote user authentication and also fails to satisfy key security attributes. Further, the article presents an improved anonymous authentication scheme which eliminates all the drawbacks of An’s and Li et al.’s scheme. Moreover, proposed scheme presents efficient login and password change mechanism where incorrect password input can be quickly detected and user can freely change his password.
Access provided by Autonomous University of Puebla. Download to read the full chapter text
Chapter PDF
Similar content being viewed by others
References
Li, X., Niu, J., Khurram Khan, M., Liao, J.: An enhanced smart card based remote user password authentication scheme. Journal of Network and Computer Applications (2013)
Jaspher, G., Katherine, W., Kirubakaran, E., Prakash, P.: Smart card based remote user authentication scheme–survey. In: 2012 Third International Conference on Computing Communication & Networking Technologies (ICCCNT), pp. 1–5. IEEE (2012)
Xu, J., Zhu, W.T., Feng, D.G.: An improved smart card based password authentication scheme with provable security. Computer Standards & Interfaces 31(4), 723–728 (2009)
Messerges, T.S., Dabbish, E.A., Sloan, R.H.: Examining smart-card security under the threat of power analysis attacks. IEEE Transactions on Computers 51(5), 541–552 (2002)
Kocher, P., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999)
Das, A.: Analysis and improvement on an efficient biometric-based remote user authentication scheme using smart cards. Information Security, IET 5(3), 145–151 (2011)
Wang, D., Ma, C.G.: Cryptanalysis and security enhancement of a remote user authentication scheme using smart cards. The Journal of China Universities of Posts and Telecommunications 19(5), 104–114 (2012)
Wen, F., Li, X.: An improved dynamic id-based remote user authentication with key agreement scheme. Computers & Electrical Engineering 38(2), 381–387 (2012)
Li, X., Niu, J., Wang, Z., Chen, C.: Applying biometrics to design three-factor remote user authentication scheme with key agreement. Security and Communication Networks (2013)
Lee, C.C., Chang, R.X., Chen, L.A.: Improvement of li-hwang’s biometrics-based remote user authentication scheme using smart cards. WSEAS Transactions on Communications 10(7), 193–200 (2011)
Truong, T.T., Tran, M.T., Duong, A.D.: Robust biometrics-based remote user authentication scheme using smart cards. In: 2012 15th International Conference on Network-Based Information Systems (NBiS), pp. 384–391. IEEE (2012)
An, Y.: Security analysis and enhancements of an effective biometric-based remote user authentication scheme using smart cards. In: BioMed Research International 2012 (2012)
Li, X., Niu, J.W., Ma, J., Wang, W.D., Liu, C.L.: Cryptanalysis and improvement of a biometrics-based remote user authentication scheme using smart cards. Journal of Network and Computer Applications 34(1), 73–79 (2011)
Li, C.T., Hwang, M.S.: An efficient biometrics-based remote user authentication scheme using smart cards. Journal of Network and Computer Applications 33(1), 1–5 (2010)
Chang, Y.F., Yu, S.H., Shiao, D.R.: A uniqueness-and-anonymity-preserving remote user authentication scheme for connected health care. Journal of Medical Systems 37(2), 1–9 (2013)
Lee, T.F., Chang, I.P., Lin, T.H., Wang, C.C.: A secure and efficient password-based user authentication scheme using smart cards for the integrated epr information system. Journal of Medical Systems 37(3), 1–7 (2013)
Go, W., Lee, K., Kwak, J.: Construction of a secure two-factor user authentication system using fingerprint information and password. Journal of Intelligent Manufacturing, 1–14 (2012)
An, Y.: Improved biometrics-based remote user authentication scheme with session key agreement. In: Kim, T.-H., Cho, H.-S., Gervasi, O., Yau, S.S. (eds.) GDC/IESH/CGAG 2012. 351, vol. CCIS, pp. 307–315. Springer, Heidelberg (2012)
Eisenbarth, T., Kasper, T., Moradi, A., Paar, C., Salmasizadeh, M., Shalmani, M.T.M.: On the power of power analysis in the real world: A complete break of the keeloq code hopping scheme. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 203–220. Springer, Heidelberg (2008)
Cheng, Z., Nistazakis, M., Comley, R., Vasiu, L.: On the indistinguishability-based security model of key agreement protocols-simple cases. In: Proc. of ACNS, Citeseer, vol. 4 (2004)
Blake-Wilson, S., Johnson, D., Menezes, A.: Key agreement protocols and their security analysis. Springer (1997)
Blake-Wilson, S., Menezes, A.: Authenticated diffe-hellman key agreement protocols. In: Tavares, S., Meijer, H. (eds.) SAC 1998. LNCS, vol. 1556, pp. 339–361. Springer, Heidelberg (1999)
Menezes, A.J., Van Oorschot, P.C., Vanstone, S.A.: Handbook of applied cryptography. CRC Press (2010)
Aura, T.: Strategies against replay attacks. In: Proceedings of the 10th Computer Security Foundations Workshop 1997, pp. 59–68. IEEE (1997)
Zhen, J., Srinivas, S.: Preventing replay attacks for secure routing in ad hoc networks. In: Pierre, S., Barbeau, M., An, H.-C. (eds.) ADHOC-NOW 2003. LNCS, vol. 2865, pp. 140–150. Springer, Heidelberg (2003)
Malladi, S., Alves-Foss, J., Heckendorn, R.B.: On preventing replay attacks on security protocols. Technical report, DTIC Document (2002)
Juang, W.S., Lei, C.L., Chang, C.Y.: Anonymous channel and authentication in wireless communications. Computer Communications 22(15), 1502–1511 (1999)
Chang, C.C., Lee, C.Y., Chiu, Y.C.: Enhanced authentication scheme with anonymity for roaming service in global mobility networks. Computer Communications 32(4), 611–618 (2009)
Xu, J., Zhu, W.T., Feng, D.G.: An efficient mutual authentication and key agreement protocol preserving user anonymity in mobile networks. Computer Communications 34(3), 319–325 (2011)
Wang, R.C., Juang, W.S., Lei, C.L.: Robust authentication and key agreement scheme preserving the privacy of secret key. Computer Communications 34(3), 274–280 (2011)
Khan, M.K., Kim, S.K., Alghathbar, K.: Cryptanalysis and security enhancement of a more efficient & secure dynamic id-based remote user authentication scheme. Computer Communications 34(3), 305–309 (2011)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Chaturvedi, A., Mishra, D., Mukhopadhyay, S. (2013). Improved Biometric-Based Three-factor Remote User Authentication Scheme with Key Agreement Using Smart Card. In: Bagchi, A., Ray, I. (eds) Information Systems Security. ICISS 2013. Lecture Notes in Computer Science, vol 8303. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-45204-8_5
Download citation
DOI: https://doi.org/10.1007/978-3-642-45204-8_5
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-45203-1
Online ISBN: 978-3-642-45204-8
eBook Packages: Computer ScienceComputer Science (R0)