research-article

A novel and provably secure biometrics-based three-factor remote authentication scheme for mobile client-server networks

Authors:

Xiong LiAuthors Info & Claims

Computers and Electrical Engineering, Volume 45, Issue C

Pages 274 - 285

https://doi.org/10.1016/j.compeleceng.2015.02.015

Published: 01 July 2015 Publication History

Abstract

Display Omitted We point out that Yeh et al.'s scheme is not secure because it has several disadvantages in security.We point out that Khan et al.'s scheme is not secure with some weaknesses.We present a new three-factor scheme based on ECC.We prove our scheme secure with a formal proof and analysis.By comparing with some latest schemes, our scheme is more practical for application due to the security and efficiency. The biometrics, the password and the storage device are the elements of the three-factor authentication. In 2013, Yeh et al. proposed a three-factor user authentication scheme based on elliptic curve cryptography. However, we find that it has weaknesses including useless user identity, ambiguous process, no session key and no mutual authentication. Also, it cannot resist the user forgery attack and the server spoofing attack. Moreover, Khan et al. propose a fingerprint-based remote authentication scheme with mobile devices. Unfortunately it cannot withstand the user impersonation attack and the De-synchronization attack. Furthermore, the user's identity cannot be anonymous, either. To overcome the disadvantages, we propose a new three-factor remote authentication scheme and give a formal proof with strong forward security. It could provide the user's privacy and is secure. Compared to some recent three-factor authentication schemes, our scheme is secure and practical.

References

[1]

S. Kumari, M.K. Khan, X. Li, An improved remote user authentication scheme with key agreement, Comput Electr Eng, 40 (2014) 1997-2012.

[2]

L. Xu, F. Wu, Cryptanalysis and improvement of a user authentication scheme preserving uniqueness and anonymity for connected health care, J Med Syst, 39 (2015) 1-9.

Digital Library

[3]

L. Xu, F. Wu, An improved and provable remote user authentication scheme based on elliptic curve cryptosystem with user anonymity, Secur Commun Netw, 8 (2015) 245-260.

Digital Library

[4]

C.-I. Fan, Y.-H. Lin, Provably secure remote truly three-factor authentication scheme with privacy protection on biometrics, IEEE Trans Inf Forensics Secur, 4 (2009) 933-945.

[5]

C.-T. Li, M.-S. Hwang, An efficient biometrics-based remote user authentication scheme using smart cards, J Netw Comput Appl, 33 (2010) 1-5.

Digital Library

[6]

A.K. Das, Analysis and improvement on an efficient biometric-based remote user authentication scheme using smart cards, IET Inform Secur, 5 (2011) 145-151.

[7]

Y. An, Security analysis and enhancements of an effective biometric-based remote user authentication scheme using smart cards, J Biomed Biotechnol, 2012 (2012).

[8]

M.K. Khan, S. Kumari, An improved biometrics-based remote user authentication scheme with user anonymity, Biomed Res Int, 2013 (2013).

[9]

H.-L. Yeh, T.-H. Chen, K.-J. Hu, W.-K. Shih, Robust elliptic curve cryptography-based three factor user authentication providing privacy of biometric data, IET Inform Secur, 7 (2013) 247-252.

[10]

M.K. Khan, J. Zhang, X. Wang, Chaotic hash-based fingerprint biometric remote user authentication scheme on mobile devices, Chaos Soliton Fract, 35 (2008) 519-524.

[11]

C. Chen, C. Lee, C. Hsu, Mobile device integration of a fingerprint biometric remote authentication scheme, Int J Commun Syst, 25 (2012) 585-597.

Digital Library

[12]

T.-T. Truong, M.-T. Tran, A.-D. Duong, Robust mobile device integration of a fingerprint biometric remote authentication scheme, in: 2012 IEEE 26th international conference on Advanced Information Networking and Applications (AINA), IEEE, 2012, pp. 678-685.

Digital Library

[13]

M.K. Khan, S. Kumari, M.K. Gupta, More efficient key-hash based fingerprint remote authentication scheme using mobile device, Computing, 96 (2014) 793-816.

Digital Library

[14]

X. Li, J. Niu, M.K. Khan, J. Liao, Robust biometrics based three-factor remote user authentication scheme with key agreement, in: 2013 International Symposium on Biometrics and Security Technologies (ISBAST), IEEE, 2013, pp. 105-110.

[15]

Z. Tan, A user anonymity preserving three-factor authentication scheme for telecare medicine information systems, J Med Syst, 38 (2014) 1-9.

[16]

L. Cao, W. Ge, Analysis and improvement of a multi-factor biometric authentication scheme, Secur Commun Netw, 8 (2015) 617-625.

Digital Library

[17]

D. Mishra, S. Mukhopadhyay, S. Kumari, M.K. Khan, A. Chaturvedi, Security enhancement of a biometric based authentication scheme for telecare medicine information systems with nonce, J Med Syst, 38 (2014) 1-11.

Digital Library

[18]

Khan MK, Kumari S, Gupta MK. Further cryptanalysis of'a remote authentication scheme using mobile device. In: 2012 Fourth International Conference on Computational Aspects of Social Networks (CASoN). pp. 234-237.

[19]

P. Kocher, J. Jaffe, B. Jun, Differential power analysis, in: Advances in Cryptology-CRYPTO99, Springer, 1999, pp. 388-397.

[20]

D. Pointcheval, S. Zimmer, Multi-factor authenticated key exchange, in: Applied cryptography and network security, Springer, 2008, pp. 277-295.

Cited By

Miao JWang ZWu ZNing XTiwari P(2024)A blockchain-enabled privacy-preserving authentication management protocol for Internet of Medical ThingsExpert Systems with Applications: An International Journal10.1016/j.eswa.2023.121329237:PAOnline publication date: 27-Feb-2024
https://dl.acm.org/doi/10.1016/j.eswa.2023.121329
Barman SChattopadhyay SSamanta D(2024)Toward design a secure protocol for updating remotely stored credentials of a crypto‐biometric framework for multi‐server environmentSecurity and Privacy10.1002/spy2.3397:1Online publication date: 9-Jan-2024
Shukla SPatel S(2023)A design of provably secure multi-factor ECC-based authentication protocol in multi-server cloud architectureCluster Computing10.1007/s10586-023-04034-627:2(1559-1580)Online publication date: 29-May-2023
https://dl.acm.org/doi/10.1007/s10586-023-04034-6
Show More Cited By

A novel and provably secure biometrics-based three-factor remote authentication scheme for mobile client-server networks

Recommendations

A Secure User Anonymity-Preserving Three-Factor Remote User Authentication Scheme for the Telecare Medicine Information Systems

Recent advanced technology enables the telecare medicine information system (TMIS) for the patients to gain the health monitoring facility at home and also to access medical services over the Internet of mobile networks. Several remote user ...
A secure and robust anonymous three-factor remote user authentication scheme for multi-server environment using ECC

We propose a secure anonymous three-factor based remote user authentication scheme for multi-server environment using ECC.We show that the proposed scheme is accurate and provides mutual authentication and session key agreement securely on the basis of ...
A Secure and Robust User Authenticated Key Agreement Scheme for Hierarchical Multi-medical Server Environment in TMIS

The telecare medicine information system (TMIS) helps the patients to gain the health monitoring facility at home and access medical services over the Internet of mobile networks. Recently, Amin and Biswas presented a smart card based user ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image Computers and Electrical Engineering

Computers and Electrical Engineering Volume 45, Issue C

July 2015

445 pages

ISSN:0045-7906

Issue’s Table of Contents

Copyright © Elsevier Ltd.

Publisher

Pergamon Press, Inc.

United States

Publication History

Published: 01 July 2015

Author Tags

Qualifiers

Research-article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

28
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 19 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Miao JWang ZWu ZNing XTiwari P(2024)A blockchain-enabled privacy-preserving authentication management protocol for Internet of Medical ThingsExpert Systems with Applications: An International Journal10.1016/j.eswa.2023.121329237:PAOnline publication date: 27-Feb-2024
https://dl.acm.org/doi/10.1016/j.eswa.2023.121329
Barman SChattopadhyay SSamanta D(2024)Toward design a secure protocol for updating remotely stored credentials of a crypto‐biometric framework for multi‐server environmentSecurity and Privacy10.1002/spy2.3397:1Online publication date: 9-Jan-2024
Shukla SPatel S(2023)A design of provably secure multi-factor ECC-based authentication protocol in multi-server cloud architectureCluster Computing10.1007/s10586-023-04034-627:2(1559-1580)Online publication date: 29-May-2023
https://dl.acm.org/doi/10.1007/s10586-023-04034-6
Cao LLiang MZhang ZCao S(2022)Certificateless Cross-Domain Group Authentication Key Agreement Scheme Based on ECCWireless Communications & Mobile Computing10.1155/2022/75196882022Online publication date: 1-Jan-2022
https://dl.acm.org/doi/10.1155/2022/7519688
Meshram CIbrahim RMeshram SImoize AJamal SBarve S(2022)An efficient remote user authentication with key agreement procedure based on convolution-Chebyshev chaotic maps using biometricThe Journal of Supercomputing10.1007/s11227-021-04280-878:10(12792-12814)Online publication date: 1-Jul-2022
https://dl.acm.org/doi/10.1007/s11227-021-04280-8
Rangwani DOm H(2022)Four-factor mutual authentication scheme for health-care based on wireless body area networkThe Journal of Supercomputing10.1007/s11227-021-04099-378:4(5744-5778)Online publication date: 1-Mar-2022
https://dl.acm.org/doi/10.1007/s11227-021-04099-3
Shukla SPatel S(2022)A novel ECC-based provably secure and privacy-preserving multi-factor authentication protocol for cloud computingComputing10.1007/s00607-021-01041-6104:5(1173-1202)Online publication date: 1-May-2022
https://dl.acm.org/doi/10.1007/s00607-021-01041-6
Chunka CBanerjee SGoswami R(2021)An Efficient User Authentication and Session Key Agreement in Wireless Sensor Network Using Smart CardWireless Personal Communications: An International Journal10.1007/s11277-020-07926-7117:2(1361-1385)Online publication date: 1-Mar-2021
https://dl.acm.org/doi/10.1007/s11277-020-07926-7
Chen YChen J(2021)A secure three-factor-based authentication with key agreement protocol for e-Health cloudsThe Journal of Supercomputing10.1007/s11227-020-03395-877:4(3359-3380)Online publication date: 1-Apr-2021
https://dl.acm.org/doi/10.1007/s11227-020-03395-8
Gupta BPrajapati VNedjah NVijayakumar PEl-Latif AChang X(2021)Machine learning and smart card based two-factor authentication scheme for preserving anonymity in telecare medical information system (TMIS)Neural Computing and Applications10.1007/s00521-021-06152-x35:7(5055-5080)Online publication date: 17-Jun-2021
https://dl.acm.org/doi/10.1007/s00521-021-06152-x
Show More Cited By

View Options

View options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Issue’s Table of Contents