research-article

Cryptanalysis and improvement of a biometric and smart card based remote user authentication scheme

Authors:

Dongho WonAuthors Info & Claims

IMCOM '17: Proceedings of the 11th International Conference on Ubiquitous Information Management and Communication

Article No.: 50, Pages 1 - 8

https://doi.org/10.1145/3022227.3022276

Published: 05 January 2017 Publication History

Abstract

In recent years, with the increasing amount of internet-connected devices, people tend to access the internet more frequently. User authentication protocol has become one of the most widely used techniques to construct communication between valid users and remote servers via a public network. In 2015, An proposed an enhanced smart card based remote user password authentication scheme and introduced biometric feature to it, he claimed that his scheme can resist off-line password guessing attack, user impersonation attack, etc. However, in this paper, we demonstrate that his scheme is still vulnerable to several attacks. We then propose a security improved scheme based on cryptanalysis of An's scheme and achieve robust biometric protection and user anonymity. Moreover, the comparison between our proposed scheme and other related schemes shows that the presented scheme has more security properties.

References

[1]

L. Lamport. Password authentication with insecure communication. Communications of the ACM, 24(11):770--772, 1981.

Digital Library

[2]

J. Xu, W.-T. Zhu, and D.-G. Feng. An improved smart card based password authentication scheme with provable security. Computer Standards and Interfaces, 31(4):723--728, 2009.

Digital Library

[3]

R. Song. Advanced smart card based password authentication protocol. Computer Standards and Interfaces, 32(5):321--325, 2010.

Digital Library

[4]

S. K. Sood, A. K. Sarje, and K. Singh. An improvement of Xu et al.'s authentication scheme using smart cards. In Proceedings of the third annual ACM Bangalore conference, page 15. ACM, 2010.

Digital Library

[5]

B.-L. Chen, W.-C. Kuo, and L.-C. Wuu. Robust smart-card-based remote user password authentication scheme. International Journal of Communication Systems, 27(2):377--389, 2014.

Digital Library

[6]

X. Li, J. Niu, M. K. Khan, and J. Liao. An enhanced smart card based remote user password authentication scheme. Journal of Network and Computer Applications, 36(5):1365--1371, 2013.

[7]

Y.-H. An. Security enhancements of smart card-based remote user password authentication scheme with session key agreement. In 2015 17th International Conference on Advanced Communication Technology (ICACT), pages 669--674. IEEE, 2015.

[8]

J. Jung, D. Lee, J. Kim, Y. Lee, D. Kang, and D. Won. Cryptanalysis and improvement of efficient password-based user authentication scheme using hash function. In Proceedings of the 10th International Conference on Ubiquitous Information Management and Communication, page 23. ACM, 2016.

Digital Library

[9]

C.-T. Li and M.-S. Hwang. An efficient biometrics-based remote user authentication scheme using smart cards. Journal of Network and computer applications, 33(1):1--5, 2010.

Digital Library

[10]

X. Li, J.-W. Niu, J. Ma, W.-D. Wang, and C.-L. Liu. Cryptanalysis and improvement of a biometrics-based remote user authentication scheme using smart cards. Journal of Network and Computer Applications, 34(1):73--79, 2011.

Digital Library

[11]

J. Moon, Y. Choi, J. Jung, and D. Won. An improvement of robust biometrics-based authentication and key agreement scheme for multi-server environments using smart cards. PloS one, 10(12):e0145263, 2015.

[12]

Y. Dodis, L. Reyzin, and A. Smith. Fuzzy extractors: How to generate strong keys from biometrics and other noisy data. In International Conference on the Theory and Applications of Cryptographic Techniques, pages 523--540. Springer, 2004.

[13]

J. Kim, D. Lee, W. Jeon, Y. Lee, and D. Won. Security analysis and improvements of two-factor mutual authentication with key agreement in wireless sensor networks. Sensors, 14(4):6443--6462, 2014.

[14]

D. Dolev and A. Yao. On the security of public key protocols. IEEE Transactions on information theory, 29(2):198--208, 1983.

Digital Library

[15]

J. Jung, W. Jeon, and D. Won. An enhanced remote user authentication scheme using smart card. In Proceedings of the 8th International Conference on Ubiquitous Information Management and Communication, page 62. ACM, 2014.

Digital Library

[16]

P. Kocher, J. Jaffe, and B. Jun. Differential power analysis. In Annual International Cryptology Conference, pages 388--397. Springer, 1999.

Digital Library

[17]

J. Jung, J. Kim, Y. Choi and D. Won. An Anonymous User Authentication and Key Agreement Scheme Based on a Symmetric Cryptosystem in Wireless Sensor Networks. Sensors, 16(8):1299, 2016.

Cited By

Tritilanunt S(2019)A Biometric Smart Card Based Remote User Authentication for Telecare Medicine Information SystemProceedings of the 2019 4th International Conference on Cloud Computing and Internet of Things10.1145/3361821.3361822(59-65)Online publication date: 20-Sep-2019
https://dl.acm.org/doi/10.1145/3361821.3361822

Index Terms

Cryptanalysis and improvement of a biometric and smart card based remote user authentication scheme
1. Security and privacy
  1. Network security
    1. Security protocols

Recommendations

Improved Biometric-Based Three-factor Remote User Authentication Scheme with Key Agreement Using Smart Card
ICISS 2013: Proceedings of the 9th International Conference on Information Systems Security - Volume 8303

Remote user authentication is a very important mechanism in the network system to verify the correctness of remote user and server over the insecure channel. In remote user authentication, server and user mutually authenticate each other and draw a ...
Cryptanalysis and improvement of a biometrics-based remote user authentication scheme using smart cards

Recently, Li and Hwang proposed a biometrics-based remote user authentication scheme using smart cards [Journal of Network and Computer Applications 33 (2010) 1-5]. The scheme is based on biometrics verification, smart card and one-way hash function, ...
Cryptanalysis and improvement of 'a robust smart-card-based remote user password authentication scheme'

With the use of smart card in user authentication mechanisms, the concept of two-factor authentication came into existence. This was a forward move towards more secure and reliable user authentication systems. It elevated the security level by requiring ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

IMCOM '17: Proceedings of the 11th International Conference on Ubiquitous Information Management and Communication

January 2017

746 pages

ISBN:9781450348881

DOI:10.1145/3022227

Copyright © 2017 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGAPP: ACM Special Interest Group on Applied Computing

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 05 January 2017

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

National Research Foundation of Korea (NRF)

Conference

IMCOM '17

Sponsor:

SIGAPP

IMCOM '17: The 11th International Conference on Ubiquitous Information Management and Communication

January 5 - 7, 2017

Beppu, Japan

Acceptance Rates

IMCOM '17 Paper Acceptance Rate 113 of 366 submissions, 31%;

Overall Acceptance Rate 213 of 621 submissions, 34%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

1
Total Citations
View Citations
106
Total Downloads

Downloads (Last 12 months)1
Downloads (Last 6 weeks)0

Reflects downloads up to 07 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Tritilanunt S(2019)A Biometric Smart Card Based Remote User Authentication for Telecare Medicine Information SystemProceedings of the 2019 4th International Conference on Cloud Computing and Internet of Things10.1145/3361821.3361822(59-65)Online publication date: 20-Sep-2019
https://dl.acm.org/doi/10.1145/3361821.3361822

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten