姚琳,范庆娜,孔祥维

DOI: https://doi.org/10.3969/j.issn.1001-3695.2010.01.079

2010-01-01

Abstract:Traditional authorization with a variety of secure and privacy limitations,cannot satisfy the security needs of the internet environment,this paper proposed an identity authentication scheme based on biometric encryption.By adopting the biometric encryption,protected the biometric and key of the user well.The scheme could prevent unauthorized users from accessing and avoid unauthorized use of resources.The experiment results show that the scheme can distinguish the genuine users from imitated users though the face expressions very much.The scheme provided perfect authentication,and secure the communication well.

XIE Qi,CHEN De-ren,YU Xiu-yuan

IF: 2.034

2010-01-01

Systems Engineering

Abstract:In 2009, Park, et al. proposed an efficient remote user authentication protocol. They claimed that their protocol was the first password and smart card based remote user authentication scheme which can resist the off-line password guessing attack, and had many advantages over existing solutions such as no password tables and timestamp, low communication and computational costs. However, this paper shows that their protocol cannot resist the forgery attack and off-line password guessing attack. To overcome the security weaknesses, two improved schemes based on either nonce or timestamp without affecting the merits of the Park, et al. scheme are proposed. Technical discussions are provided to show that the improved protocol is secure, efficient and practical.

Hossen Asiful Mustafa,Hasan Muhammad Kafi

DOI: https://doi.org/10.48550/arXiv.1711.01198

2017-11-03

Abstract:Password security can no longer provide enough security in the area of remote user authentication. Considering this security drawback, researchers are trying to find solution with multifactor remote user authentication system. Recently, three factor remote user authentication using biometric and smart card has drawn a considerable attention of the researchers. However, most of the current proposed schemes have security flaws. They are vulnerable to attacks like user impersonation attack, server masquerading attack, password guessing attack, insider attack, denial of service attack, forgery attack, etc. Also, most of them are unable to provide mutual authentication, session key agreement and password, or smart card recovery system. Considering these drawbacks, we propose a secure three factor user authentication scheme using biometric and smart card. Through security analysis, we show that our proposed scheme can overcome drawbacks of existing systems and ensure high security in remote user authentication.

Cryptography and Security

Fan Wu,Lili Xu,Saru Kumari,Xiong Li

DOI: https://doi.org/10.1016/j.compeleceng.2015.02.015

IF: 4.152

2015-01-01

Computers & Electrical Engineering

Abstract:The biometrics, the password and the storage device are the elements of the three-factor authentication. In 2013, Yeh et al. proposed a three-factor user authentication scheme based on elliptic curve cryptography. However, we find that it has weaknesses including useless user identity, ambiguous process, no session key and no mutual authentication. Also, it cannot resist the user forgery attack and the server spoofing attack. Moreover, Khan et al. propose a fingerprint-based remote authentication scheme with mobile devices. Unfortunately it cannot withstand the user impersonation attack and the De-synchronization attack. Furthermore, the user’s identity cannot be anonymous, either. To overcome the disadvantages, we propose a new three-factor remote authentication scheme and give a formal proof with strong forward security. It could provide the user’s privacy and is secure. Compared to some recent three-factor authentication schemes, our scheme is secure and practical.

Xiong Li,Jianwei Niu,Zhibo Wang,Caisen Chen

DOI: https://doi.org/10.1002/sec.767

IF: 1.968

2013-01-01

Security and Communication Networks

Abstract:There are some biometrics-based three-factor remote user authentication schemes proposed by researchers for ensure high security features for network-based application systems. Recently, Das pointed out the security flaws of Li and Hwang's three-factor remote user authentication scheme, and proposed an enhanced biometrics-based three-factor remote user authentication scheme. Das's scheme overcomes the defects of Li and Hwang's scheme, and maintains the advantages of Li and Hwang's scheme at the same time. However, after detailed analysis, we find that Das's scheme remains vulnerable to forgery attack and stolen smart card attack; at the same time, Das's scheme cannot provide the session key agreement after the mutual authentication. To provide more security features, we design a three-factor remote user authentication scheme with key agreement using biometrics. Copyright © 2013 John Wiley & Sons, Ltd.

Xiong Li,Jianwei Niu,Muhammad Khurram Khan,Junguo Liao

DOI: https://doi.org/10.1109/ISBAST.2013.20

2013-01-01

Abstract:Recently, An pointed out the weaknesses of Das's three-factor remote user authentication scheme, and proposed an improved biometric based three-factor remote user authentication scheme. An's scheme improves the security problems of previous schemes while keeping the efficiency. However, after detailed analysis, we find that An's scheme exists some weaknesses such as vulnerable to denial-of-service (DoS) attack and forgery attack, and does not provide session key agreement. In order to provide high-level of security and more useful functions, we design a new robust biometric based three-factor remote user authentication scheme with key agreement using elliptic curve cryptosystem.

Xiong Li,Jian-Wei Niu,Jian Ma,Wen-Dong Wang,Cheng-Lian Liu

DOI: https://doi.org/10.1016/j.jnca.2010.09.003

IF: 7.574

2011-01-01

Journal of Network and Computer Applications

Abstract:Recently, Li and Hwang proposed a biometrics-based remote user authentication scheme using smart cards [Journal of Network and Computer Applications 33 (2010) 1–5]. The scheme is based on biometrics verification, smart card and one-way hash function, and it uses the nonce rather than a synchronized clock, so it is very efficient in computational cost. Unfortunately, the scheme has some security weaknesses, that is to say Li and Hwang's scheme does not provide proper authentication and it cannot resist the man-in-the-middle attacks. If an attacker controls the insecure channel, she/he can easily fabricate messages to pass the user's or server's authentication. Besides, the malicious attacker can impersonate the user to cheat the server and can impersonate the server to cheat the user without knowing any secret information. This paper proposes an improved biometrics-based remote user authentication scheme that removes the aforementioned weaknesses and supports session key agreement.

Youping Lin,Kaihui Wang,Baocan Zhang,Yuzhen Liu,Xiong Li

DOI: https://doi.org/10.14257/ijsia.2016.10.1.29

2016-01-01

International Journal of Security and Its Applications

Abstract:Authentication is an important and basic security service for many network based applications, which allows the registered user access remote services after the validity of his/her identity is verified by the remote server. Password, smart card and biometric are three frequently used factors in authentication, and some remote user authentication schemes for different environments had been presented based on these factors by researchers. Recently, Baruah et al. pointed out the weaknesses of Mishra et al.'s three factors user authentication scheme for multi-server environments, and they proposed an enhanced scheme. They claimed that their scheme has many security features and can resist some common attacks. However, based on our analysis, Baruah et al.'s scheme cannot resist stolen smart card attack, cannot protect user's anonymity, and it is also vulnerable to Denial of Service attack. In this paper, an enhanced three factors user authentication scheme for multi-server environments based on fuzzy extractor technology is proposed, and the analysis show that the proposed scheme is more security and efficient than other related schemes.

Qi Xie,Ji-Lin Wang,Deren Chen,Xiuyuan Yu

DOI: https://doi.org/10.1109/csse.2008.1043

2008-01-01

Abstract:Recently, Das et al. proposed a dynamic ID-based remote user authentication scheme using smart cards. Liao et al. pointed out some weaknesses of Das et al.psilas scheme, and presented an improved scheme. However, an impersonate attack on Liao et al.psilas scheme is proposed, it proves that their scheme is also insecure. To overcome the weakness, the new scheme is presented. The advantage of the proposed scheme is that there are no secret numbers in the smart card, and can withstand all sorts of attacks.

Yasir Giani,Li Jianhua,Chen Gongliang,Zahid Mehmood

DOI: https://doi.org/10.1109/compcomm.2016.7925201

2016-01-01

Abstract:In the recent decades, in order to achieve high-degree security many researchers are introducing multifactor authentication schemes replacing by conventional password-based remote authentication schemes. In 2010, Li and Hwang proposed biometric-based authentication scheme using the smart card. Later on, Das pointed out that the scheme is susceptible to denial of services attack and also having low efficiency. Then proposed a new scheme to overcome the weaknesses of prior scheme. In 2012, Younghwa An. substantiate that Das's scheme doesn't provide mutual authentication. In 2014, Cao and Ge pointed that Younghwa's scheme is still vulnerable to replay attack and unable to provide user anonymity, while an adversary can perform the re-registration by intercepting user identity IDx in the login phase. In this paper, we first analyze Cao and Ge's scheme and show that their scheme is still vulnerable to password guessing and traceability attacks.

Liling Cao,Wancheng Ge

DOI: https://doi.org/10.1002/sec.1010

IF: 1.968

2014-01-01

Security and Communication Networks

Abstract:In order to enhance the security in wireless communication, authentication schemes come to be more crucial and widely deployed recently, especially those which are referred to as multi-factor biometric authentication that base on password, biometrics, and smart card protections. A new scheme in this way was proposed in 2010 by Li and Hwang. Then Das extended the work of Li et al. and made an improvement of their weak scheme in 2011. However, in 2012, Younghwa An demonstrated that Das's protocol failed to achieve mutual authentication for the server and the user. In this paper, it is described that Younghwa An's scheme cannot withstand the following two attacks. i It is still vulnerable to replay attack, then an adversary can masquerade as the legal server. ii It cannot provide user anonymity and resistance to user masquerading attack, because an adversary can execute the re-registration process by intercepting the IDi in the login phase. Therefore, an improvement to Younghwa An's scheme is presented in this paper. Then, security formal analysis of the modified scheme using the Burrows-Abadi-Needham logic is given, which demonstrates that the modified scheme with slight high computation costs can protect against the several possible attacks. Copyright © 2014 John Wiley & Sons, Ltd.

De-song Wang,Jian-ping Li,Yuan Tang,Fu-long Xu,Yue-hao Yan

DOI: https://doi.org/10.1142/9789812799524_0026

2008-01-01

Abstract:In the recent several years, Lee et al. and Lin-Lai proposed fingerprint-based remote user authentication schemes using smart cards. But their schemes are vulnerable and susceptible to the attack and have practical pitfalls. Their schemes perform only unilateral authentication (only client authentication). In order to overcome the flaw, Khan and Zhang present a strong remote user authentication scheme by using fingerprint-biometric and smart cards. The proposed scheme is an extended and generalized form of ElGamal's signature scheme whose security is based on discrete logarithm problem, which is not yet forged. In addition, computational costs and efficiency of the proposed scheme are better than other related schemes. But as the time lapses, fingerprint of some people will be changed, such as being burned or being wounded. Once such case happened, the user won't be authentication. So we propose the authentication scheme of remote users by using multimodal biometric (fingerprint and face features) and smart cards. Proposed scheme not only overcome drawbacks and problems of previous schemes, but also provide a stronger and more secure authentication of remote users over insecure network.

Min Wu,Jianhua Chen,Wenxia Zhu,Zhenyang Yuan

DOI: https://doi.org/10.1504/ijesdf.2016.079447

2016-01-01

International Journal of Electronic Security and Digital Forensics

Abstract:The security of authentication scheme, especially multi-factor biometric authentication scheme based on password, smart card, and biometric in wireless communication is an important and significant issue that researchers have been focusing on lately. Most recently, Liling Cao et al. improved a multi-factor biometric authentication scheme which demonstrated that their scheme can resist masquerading attack, user masquerading attack, replay attack, and provide mutual authentication, and so on. In this paper, it is indicated that their scheme is vulnerable to stolen smart card attack, user impersonation attack, server impersonation attack and man-in-the-middle-attack. Then, in order to avoid these attacks, a revised scheme with slight high computation costs but more security than other related schemes is presented.

Jiaqing Mo,Hang Chen,Wei Shen

DOI: https://doi.org/10.1007/978-3-030-16946-6_36

2020-01-01

Abstract:Cryptanalyzing the security weaknesses of authentication protocols is extremely important to propose countermeasures and develop a truly secure protocol. Over last few years, many three factor-based authentication schemes with key agreement have been proposed for multi-server environment. In 2017, Ali and Pal developed a three-factor authentication scheme in multi-server environment using elliptic curve cryptography (ECC) to remedy the security flaws in Li et al.'s scheme and claimed their improved version can withstand the passive and active attacks. In this paper, we prove that Ali-Pal's scheme is subject to offline password guessing attack, replay attack, and known session-specific temporary information (KSSTI) attack. In the same year, Feng et al. examined Kumari et al.'s biometrics-based authentication scheme for multi-server environment and found that their scheme was vulnerable to several attacks. To fix these weaknesses, Feng et al. proposed an enhanced three-factor authentication scheme with key distribution for mobile multi-server environment and claimed that their scheme can satisfy the security and functional requirements. However, we show that Feng et al.'s scheme fails to resist offline password guessing attack, and suffers from replay attack. In addition to point out the security defects, we put forward countermeasures to eliminate the security risks and secure the three factor-based authentication schemes for multi-server environment.

TANG Hongbin,LIU Xinsoug

DOI: https://doi.org/10.3778/j.issn.1002-8331.2012.19.016

2012-01-01

Computer Engineering and Applications Journal

Abstract:A smart card based remote user authentication scheme is more secure than a password-based authentication scheme.In 2011,Chen et al.proposed an improvement on Hsiang et al.'s remote user authentication scheme,and claimed their scheme was more secure than Hsiang et al.'s scheme.However,their scheme is still vulnerable to insider attack,lost smart card attack,replay attack,and impersonation attack.To overcome the dictionary attack against lost smart card,a user authentication scheme based on smart card and elliptic curve discrete logarithm problem is proposed.This scheme is proved to be secure agaisnt various attacks and needs only one elliptic curve scale multiplication in the login and authentication phases.

Li Yang,Zhiming Zheng

DOI: https://doi.org/10.1371/journal.pone.0194093

IF: 3.7

2018-01-01

PLoS ONE

Abstract:According to advancements in the wireless technologies, study of biometrics-based multi-server authenticated key agreement schemes has acquired a lot of momentum. Recently, Wang et al. presented a three-factor authentication protocol with key agreement and claimed that their scheme was resistant to several prominent attacks. Unfortunately, this paper indicates that their protocol is still vulnerable to the user impersonation attack, privileged insider attack and server spoofing attack. Furthermore, their protocol cannot provide the perfect forward secrecy. As a remedy of these aforementioned problems, we propose a biometrics-based authentication and key agreement scheme for multi-server environments. Compared with various related schemes, our protocol achieves the stronger security and provides more functionality properties. Besides, the proposed protocol shows the satisfactory performances in respect of storage requirement, communication overhead and computational cost. Thus, our protocol is suitable for expert systems and other multi-server architectures. Consequently, the proposed protocol is more appropriate in the distributed networks.

xiong li,jianwei niu,muhammad khurram khan,junguo liao,xiaoke zhao

DOI: https://doi.org/10.1002/sec.961

IF: 1.968

2016-01-01

Security and Communication Networks

Abstract:As the fast growth of multimedia information, the security of multimedia systems is becoming a rather important topic nowadays. Multimedia systems are often suffering attacks when users access the information and online services. Because of the excellent features of the biometric, many biometric-based three-factor remote user authentication schemes have been proposed to provide high level of security for different network-based application systems. Recently, An pointed out the weaknesses of Das's three-factor remote user authentication scheme and proposed an improved biometric-based three-factor remote user authentication scheme. An's scheme improves the security problems of previous schemes while keeping the efficiency. However, after detailed analysis, we find that An's scheme exists some weaknesses such as vulnerable to denial-of-service attack and forgery attack, cannot detect unauthorized login quickly, and does not provide session key agreement. In order to provide high level of security for multimedia systems, we design a robust three-factor remote user authentication scheme with key agreement using elliptic curve cryptosystem. Copyright (c) 2014 John Wiley & Sons, Ltd.

bintsan hsieh,hertyan yeh,hungmin sun

DOI: https://doi.org/10.1109/ccst.2003.1297584

2003-01-01

Abstract:A remote user authentication scheme is a procedure for a server to authenticate a remote user in a network. Recently, Lee et al. proposed a fingerprint-based remote user authentication scheme to overcome the security flaw in Hwang and Li's scheme. In Lee et al.'s authentication scheme, they store two secret keys and some public elements in a smart card. In this paper, we will first review Lee et al.'s fingerprint-based user authentication scheme. Next, we will show that Lee et al.'s scheme still suffers from the impersonation attack.

Xiong Li,Kaihui Wang,Jian Shen,Saru Kumari,Fan Wu,Yonghua Hu

DOI: https://doi.org/10.1007/s12652-015-0338-z

IF: 3.662

2016-01-01

Journal of Ambient Intelligence and Humanized Computing

Abstract:Computer networks have become so ubiquitous that the user can access various services by using network devices at anytime and anywhere. However, due to the open nature of the network, the security issue has become an important consideration in these network-based systems that cannot be ignored, especially in critical systems, such as life-critical system and financial system. User authentication scheme is the most used and effective mechanism for information security, and many user authentication schemes have been proposed by researchers. Recently, Shen et al. proposed a biometrics-based user authentication scheme for multi-server environments in critical systems. However, their scheme lacks the wrong password detection mechanism and is vulnerable to denial-of-service attack. Besides, they do not consider the user anonymity property, and may suffer from biometrics template lost attack because the biometrics template is directly stored in user’s smart card. In this paper, an enhanced biometrics-based user authentication scheme for multi-server environments in critical systems is presented by adopting the fuzzy extractor. The analysis shows that the proposed scheme not only removes the security weaknesses of previous schemes, but also keeps the computational efficiency.