Abstract
Today, the world is taking large leaps of progress in technology. The technology is turning the vision of achieving transparency, speed, accuracy, authenticity, friendliness and security in various services and access control mechanisms, into reality. Consequently, new and newer ideas are coming forth by researchers throughout the world. Khan et al. (Chaos Solitons Fractals 35(3):519–524, 2008) proposed remote user authentication scheme with mobile device, using hash-function and fingerprint biometric. In 2012, Chen et al. pointed out forged login attack through loss of mobile device on Khan et al.’s scheme and subsequently proposed a scheme to improve on this drawback. Truong et al. (Proceedings of 26th IEEE International Conference on Advanced Information Networking and Applications, pp 678–685, 2012) demonstrated that in Chen et al.’s scheme, an adversary can successfully replay an intercepted login request. They also showed that how an adversary can make fool of both the participants of Chen et al.’s protocol by taking advantage of the fact that the user is not anonymous in scheme. Further, they proposed an improvement to Chen et al.’s scheme to cut off its problems. Through this paper, we show that Chen et al.’s scheme has some other drawbacks too and the improvement proposed by Truong et al. is still insecure and vulnerable. We also propose an improved scheme which overcomes the flaws and inherits the goodness of both the schemes, Chen et al.’s scheme and Truong et al.’s scheme.
Similar content being viewed by others
Explore related subjects
Discover the latest articles, news and stories from top researchers in related subjects.References
Lamport L (1981) Password authentication with insecure communication. Commun ACM 24:770–772
Horng G (1995) Password authentication without using password table. Inf Process Lett 55:247–250
Jan JK, Chen YY (1998) Paramita wisdom’ password authentication scheme without verification tables. J Syst Softw 42:45–57
Haller NM (1995) The S/KEY one-time password, system, RFC1760
Mitchell CJ, Chen l (1996) Comments on the S/KEY user authentication scheme. ACMOSR 30:12–16
Shimizu A (1990) A dynamic password authentication method by one-way function. IEICE Trans Inf Syst 73–D–I:630–636
Hwang MS, Li LH (2000) A new remote user authentication scheme using smart cards. IEEE Trans Consum Electron 46(1):28–30
Sun HM (2000) An efficient remote user authentication scheme using smart cards. IEEE Trans Consum Electron 46(4):958–961
Chein HY, Jan JK, Tseng YM (2002) An efficient and practical solution to remote authentication: smart card. Comput Secur 21(4):372–375
Hsu CL (2004) Security of Chein et al.’s remote user authentication scheme using smart cards. Comput Stand Interfaces 26(3):167–169
Ku WC, Chen SM (2004) Weaknesses and improvements of an efficient password based remote user authentication scheme using smart cards. IEEE Trans Consum Electron 50(1):204–207
Liao IE, Lee CC, Hwang MS (2006) A password authentication scheme over insecure networks. J Comput Syst Sci 72(4):727–740
Xiang T, Wong KW, Liao X (2008) Cryptanalysis of a password authentication scheme over insecure networks. J Comput Syst Sci 74(5):657–661
Wang XM, Zhang WF, Zhang JS, Khan MK (2007) Cryptanalysis and improvement on two efficient remote user authentication scheme using smart cards. Comput Stand Interfaces 29(5):507–512
Khan MK, Kim SK, Alghathbar K (2010) Cryptanalysis and security enhancement of a ‘more efficient & secure dynamic ID-based remote user authentication scheme. Comput Commun 34(3):305–309
Khan MK, Zhang J, Wang X (2008) Chaotic hash based fingerprint biometric remote user authentication scheme on mobile devices. Chaos, Solitons & Fractals 35(3):519–524
Chen CL, Lee CC, Hsu CY (2012) Mobile device integration of a fingerprint biometric remote authentication scheme. Int J Commun Syst 25:585–597. doi:10.1002/dac.1277
Lee JK, Ryu SR, Yoo KY (2002) Fingerprint based remote user authentication scheme using smart cards. Electron Lett 38:554–555
Lin CH, Lai YY (2004) A flexible biometrics remote user authentication scheme. Comput Stand Interfaces 27(1):19–23
Khan MK, Zhang J (2007) Improving the security of ‘a flexible biometrics remote user authentication scheme’. Comput Stand Interfaces 29:82–85
Yuan J, Jiang C, Jiang Z (2010) A biometric-based user authentication for wireless sensor networks. Wuhan Univ J Nat Sci 15:272–276. doi:10.1007/s11859-010-0318-2
Saru K, Gupta MK, Kumar M (2012) Cryptanalysis and security enhancement of Chen et al.’s remote user authentication scheme using smart card. Cent Eur J Comput Sci 2(1):60–75
Xu J, Zhu WT, Feng DG (2008) Improvement of a fingerprint-based remote user authentication scheme. Int J Secur Appl 2(3):73–80
An Y (2012) Security weaknesses of a biometric-based remote user authentication scheme using smart cards. Int J Biosci Biotechnol 4(3):21–28
Wang D, Li J (2011) A novel mutual authentication scheme based on fingerprint biometric and nonce using smart cards. Int J Secur Appl 5(4):1–12
Truong TT, Tran MT, Duong AD (2012) Robust mobile device integration of a fingerprint biometric remote authentication scheme. In: Proceedings of 26th IEEE International Conference on Advanced Information Networking and Applications, pp 678–685
Khan MK, Kumari S, Gupta MK (2012) Further cryptanalysis of ‘a remote authentication scheme using mobile device’. In: Fourth International Conference on Computational Aspects of Social Networks (CASoN), pp 234–237
Rhee HS, Kwon JO, Lee DH (2009) A remote user authentication scheme without using smart cards. Comput Stand Interfaces 31(1):6–13
Kocher P, Jaffe J, Jun B (1999) Differential power analysis. In: Proceedings of Advances in Cryptology, Santa Barbara, pp 388–397
Messerges TS, Dabbish EA, Sloan RH (2002) Examining smart-card security under the threat of power analysis attacks. IEEE Trans Comput 51(5):541–552
Yen SM, Joye M (2002) Checking before output may not be enough against fault-based cryptanalysis. IEEE Trans Comput 49(9):967–970
Kumar M, Gupta MK, Saru K (2011) Cryptanalysis of enhancements of a password authentication scheme over insecure networks. In: Proceedings of 4th International Conference on Contemporary Computing (IC3) (JIIT Noida), vol 168, pp 524–532
Gao ZX, Tu YQ (2008) An Improvement of a dynamic ID-based remote user authentication scheme with smart card. In: Proceedings of the 7th World Congress on Intelligent Control and Automation, pp 4562–4567
Sun DZ, Huai JP, Sun JZ, Li JX (2009) Cryptanalysis of a mutual authentication scheme based on nonce and smart cards. Comput Commun 32(6):1015–1017
Lowe G (1995) An attack on the Needham–Schroeder public key authentication protocol. Inf Process Lett 56(3):131–136
Lowe G (1996) Some new attacks upon security protocols. In: Proceedings of Computer Security Foundations Workshop VIII, IEEE Computer Society Press, Los Alamitos
Nam J, Kim S, Park S, Won D (2007) Security analysis of a nonce-based user authentication scheme using smart cards. IEICE Trans Fundam 90(1):299–302
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Khan, M.K., Kumari, S. & Gupta, M.K. More efficient key-hash based fingerprint remote authentication scheme using mobile device. Computing 96, 793–816 (2014). https://doi.org/10.1007/s00607-013-0308-2
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s00607-013-0308-2