The Transactions of The Korean Institute of Electrical Engineers (전기학회논문지)

The Korean Institute of Electrical Engineers (대한전기학회)
권호 표지
DOI QR코드

DOI QR Code

Security Improvement on Biometric-based Three Factors User Authentication Scheme for Multi-Server Environments

멀티서버 환경을 위한 생체정보 기반 삼중 요소 사용자 인증 기법의 안전성 개선

  • Moon, Jongho (Dept. of Electrical and Computer Engineering, Sungkyunkwan University) ;
  • Won, Dongho (Dept. of Computer Engineering, Sungkyunkwan University)
  • Received : 2016.10.18
  • Accepted : 2016.11.21
  • Published : 2016.12.01
Download PDF
⟨ Previous Next ⟩

Abstract

In the multi-server environment, remote user authentication has a very critical issue because it provides the authorization that enables users to access their resource or services. For this reason, numerous remote user authentication schemes have been proposed over recent years. Recently, Lin et al. have shown that the weaknesses of Baruah et al.'s three factors user authentication scheme for multi-server environment, and proposed an enhanced biometric-based remote user authentication scheme. They claimed that their scheme has many security features and can resist various well-known attacks; however, we found that Lin et al.'s scheme is still insecure. In this paper, we demonstrate that Lin et al.'s scheme is vulnerable against the outsider attack and user impersonation attack, and propose a new biometric-based scheme for authentication and key agreement that can be used in the multi-server environment. Lastly, we show that the proposed scheme is more secure and can support the security properties.

Keywords

References

  1. L. Lamport, "Password Authentication with Insecure Communication," Communication of the ACM, vol. 24, pp. 770-772, 1981. https://doi.org/10.1145/358790.358797
  2. G. Conklin, G. Dietrich, and D. Walz, "Password-based Authentication:A System Perspective," System Sciences, vol. 50, pp. 629-631, 2004.
  3. M. Abdalla, P. Fouque, and D. Pointcheval, "Passwordbased Authenticated Key Exchange in the Three-Party Setting," On Public Key Gryptography-PKC 2005, vol. 3386, pp. 65-84, 2005.
  4. S. Jiang and G. Gong, "Password based Key Exchange with Mutual Authentication," Selected Areas in Cryptography, vol. 3357, pp. 267-279, 2005.
  5. R. Gennaro and Y. Lindell, "A framework for passwordbased authenticated key exchange," ACM Transactions on Information and System Security (TISSEC), vol. 9, pp. 181-234, 2006. https://doi.org/10.1145/1151414.1151418
  6. J. Moon, Y. Choi, J. Jung, and D. Won, "An Improvement of Robust Biometrics-Based Authentication and Key Agreement Scheme for Multi-Server Environments Using Smart Cards," PLoS ONE, vol. 10, no. 12, pp. 1-15, 2015.
  7. Y.R. Lu, L.X. Li, H.P. Peng, and Y.X. Yang, "An Enhanced Biometric-Based Authentication Scheme for Telecare Medicine Information Systems using Elliptic Curve Cryptosystem," Journal of Medical Systems, vol. 39, no. 32, pp. 1-8, 2015. https://doi.org/10.1007/s10916-014-0182-2
  8. Y. Choi, Y. Lee, and D. Won, "Security Improvement on Biometric Based Authentication Scheme for Wireless Sensor Networks Using Fuzzy Extraction," International Journal of Distributed Sensor Networks, vol. 2016, pp. 1-16, 2016.
  9. C. Li and M. Hwang, "An Efficient Biometrics-based Remote User Authentication Scheme using Smart Card," Journal of Network and Computer Applications, vol. 33, pp. 1-5, 2010. https://doi.org/10.1016/j.jnca.2009.08.001
  10. X. Li, J. Niu, J. Ma, W. Wang, and C. Liu, "Cryptanalysis and Improvement of a Biometrics-based Remote User Authentication Scheme using Smart Cards," Journal of Network and Computer Applications, vol. 34, pp. 73-79, 2011. https://doi.org/10.1016/j.jnca.2010.09.003
  11. M.C. Chuang and M.C. Chen, "An Anonymous Multi-Server Authenticated Key Agreement Scheme based on Trust Computing using Smart Cards and Biometrics," Expert Systems with Applications, vol. 41, no. 4, pp. 1411-1418, 2014. https://doi.org/10.1016/j.eswa.2013.08.040
  12. D. Mishra, A.K. Das, and S. Mukhopadhyay, "A Secure User Anonymity-Preserving Biometric-based Multi- Server Authenticated Key Agreement Scheme using Smart Cards," Expert Systems with Applications, vol. 41, no. 18, pp. 8129-8143, 2014. https://doi.org/10.1016/j.eswa.2014.07.004
  13. K. C. Baruah, S. Banerjee, M. P. Dutta, and C. T. Bhunia, "An Improved Biometric-based Multi-Server Authentication Scheme using Smart Card," On Public Key Gryptography-PKC 2005, vol. 3386, pp. 65-84, 2005.
  14. Y. Lin, K. Wang, B. Zhang, Y. Liu, and X. Li, "An Enhanced Biometric-Based Three Factors User Authentication Scheme for Multi-server Environments," International Journal of Security and Its Applications, vol. 10, no. 1, pp. 315-328, 2016.
  15. Y. Dodis, L. Reyzin, and A. Smith, "Fuzzy Extractors: How to Generate Strong Keys from Biometrics and Other Noisy Data," Advances in Cryptology, vol. 3027, pp. 523-540, 2004.
  16. A.K. Das, "A Secure and Effective Biometric‐based User Authentication Scheme for Wireless Sensor Networks using Smart Card and Fuzzy Extractor," International Journal of Communication Systems, pp. 1-25, 2015.
  17. C. Kaufman, P. Hoffman, Y. Nir, P. Eronen, and T. Kivinen, "Internet key exchange protocol version 2 (IKEv2)" RFC 7236, 2014.
  18. A.K. Das and A. Goswami, "An Enhanced Biometric Authentication Scheme for Telecare Medicine Information Systems with Nonce using Chaotic Hash Function," Journal of Medical Systems, vol. 38, no. 6, pp. 1-19, 2014. https://doi.org/10.1007/s10916-013-0001-1
  19. K. Xue and P. Hong, "Security Improvement on an Anonymous Key Agreement Protocol based on Chaotic Maps," Communication Nonlinear Science Numerical Simulation, vol. 17, no. 7, pp. 2969-2977, 2012. https://doi.org/10.1016/j.cnsns.2011.11.025