A Secure Biometrics-Based Multi-Server Authentication Protocol Using Smart Cards

IEEE Transactions on Information Forensics and Security

Volumn 10, Issue 9, 2015, Pages 1953-1966

  Odelu, Vanga ^a   Das, Ashok Kumar ^b   Goswami, Adrijit ^a  

^a INDIAN INSTITUTE OF TECHNOLOGY   (India)

^b INTERNATIONAL INSTITUTE OF INFORMATION TECHNOLOGY   (India)

Author keywords

Authentication; AVISPA; BAN logic; Revocation and re registration; Security; Smart card

Indexed keywords

BIOMETRICS; COMPUTATION THEORY; CRYPTOGRAPHY; INTERNET PROTOCOLS; MOBILE DEVICES; NETWORK PROTOCOLS; NETWORK SECURITY; PUBLIC KEY CRYPTOGRAPHY; SMART CARDS; TRANSPORTATION;

AVISPA; BAN LOGIC; ELLIPTIC CURVE CRYPTOGRAPHY(ECC); IMPERSONATION ATTACK; PASSIVE AND ACTIVE ATTACKS; REVOCATION AND RE-REGISTRATION; SECURE AUTHENTICATIONS; SECURITY;

AUTHENTICATION;

EID: 84937853874     PISSN: 15566013     EISSN: None     Source Type: Journal    
DOI: 10.1109/TIFS.2015.2439964     Document Type: Article

References (52)

1. J.-L. Tsai, N.-W. Lo, and T.-C. Wu"Novel anonymous authentication scheme using smart cards"IEEE Trans. Ind. Informat., vol. 9, no. 4, pp. 2004-2013, Nov. 2013
2. S. Abolfazli, Z. Sanaei, E. Ahmed, A. Gani, and R. Buyya"Cloudbased augmentation for mobile devices: Motivation, taxonomies, and open challenges"IEEE Commun. Surv. Tuts., vol. 16, no. 1, pp. 337-368, First Quarter 2014
3. R. Canetti and H. Krawczyk"Analysis of key-exchange protocols and their use for building secure channels"in Advances in Cryptology. Innsbruck, Austria: Springer-Verlag, 2001, pp. 453-474
4. M. Bellare, R. Canetti, and H. Krawczyk"A modular approach to the design and analysis of authentication and key exchange protocols"in Proc. 30th Annu. ACM Symp. Theory Comput. (STOC), 1998, pp. 419-428
5. E. Brickell and J. Li"Enhanced privacy ID: A direct anonymous attestation scheme with enhanced revocation capabilities"IEEE Trans. Dependable Secure Comput., vol. 9, no. 3, pp. 345-360, May/Jun. 2012
6. X. Huang, X. Chen, J. Li, Y. Xiang, and L. Xu"Further observations on smart-card-based password-Authenticated key agreement in distributed systems"IEEE Trans. Parallel Distrib. Syst., vol. 25, no. 7, pp. 1767-1775, Jul. 2014
7. D. Wang, D. He, P. Wang, and C. Chu"Anonymous two-factor authentication in distributed systems: Certain goals are beyond attainment"IEEE Trans. Dependable Secure Comput., to be published
8. S. Wu, Y. Zhu, and Q. Pu"Robust smart-cards-based user authentication scheme with user anonymity"Secur. Commun. Netw., vol. 5, no. 2, pp. 236-248, 2012
9. S. Kumari and M. K. Khan"Cryptanalysis and improvement of 'a robust smart-card-based remote user password authentication scheme, Int. J. Commun. Syst., vol. 27, no. 12, pp. 3939-3955, 2014
10. M. K. Khan and S. Kumari"Cryptanalysis and improvement of 'an efficient and secure dynamic ID-based authentication scheme for telecare medical information systems, Secur. Commun. Netw., vol. 7, no. 2, pp. 399-408, 2014
11. D. He, J. Bu, S. Chan, C. Chen, and M. Yin"Privacy-preserving universal authentication protocol for wireless communications"IEEE Trans. Wireless Commun., vol. 10, no. 2, pp. 431-436, Feb. 2011
12. L. Wu, Y. Zhang, and F. Wang"A new provably secure authentication and key agreement protocol for SIP using ECC"Comput. Standards Interf., vol. 31, no. 2, pp. 286-291, 2009
13. L. Lamport"Password authentication with insecure communication"Commun. ACM, vol. 24, no. 11, pp. 770-772, 1981
14. L.-H. Li, I.-C. Lin, and M.-S. Hwang"A remote password authentication scheme for multiserver architecture using neural networks"IEEE Trans. Neural Netw., vol. 12, no. 6, pp. 1498-1504, Nov. 2001
15. T.-Y. Chen, C.-H. Ling, and M.-S. Hwang"Weaknesses of the Yoon-Kim-Yoo remote user authentication scheme using smart cards"in Proc. IEEE Workshop Electron., Comput. Appl., Ottawa, ON, Canada, May 2014, pp. 771-774
16. W.-S. Juang"Efficient multi-server password authenticated key agreement using smart cards"IEEE Trans. Consum. Electron., vol. 50, no. 1, pp. 251-255, Feb. 2004
17. H.-C. Hsiang and W.-K. Shih"Improvement of the secure dynamic ID based remote user authentication scheme for multi-server environment"Comput. Standards Interf., vol. 31, no. 6, pp. 1118-1123, 2009
18. T.-Y. Chen, C.-C. Lee, M.-S. Hwang, and J.-K. Jan"Towards secure and efficient user authentication scheme using smart card for multiserver environments"J. Supercomput., vol. 66, no. 2, pp. 1008-1032, 2013
19. J.-L. Tsai, N.-W. Lo, and T.-C. Wu"A new password-based multi-server authentication scheme robust to password guessing attacks"Wireless Pers. Commun., vol. 71, no. 3, pp. 1977-1988, 2013
20. E.-J. Yoon and K.-Y. Yoo"Robust biometrics-based multi-server authentication with key agreement scheme for smart cards on elliptic curve cryptosystem"J. Supercomput., vol. 63, no. 1, pp. 235-255, 2013
21. H. Kim, W. Jeon, K. Lee, Y. Lee, and D. Won"Cryptanalysis and improvement of a biometrics-based multi-server authentication with key agreement scheme"in Proc. 12th Int. Conf. Comput. Sci. Appl. (ICCSA), Salvador, Brazil, 2012, pp. 391-406
22. D. He. (2011)."Security flaws in a biometrics-based multi-server authentication with key agreement scheme"IACR Cryptol. ePrint Arch., Tech. Rep. 2011/365, pp. 1-9
23. [Online]. Available: http://eprint.iacr.org/2011/365.pdf
24. D. He and D. Wang"Robust biometrics-based authentication scheme for multiserver environment"IEEE Syst. J., to be published
25. A. Jain, L. Hong, and S. Pankanti"Biometric identification"Commun. ACM, vol. 43, no. 2, pp. 90-98, 2000
26. N. K. Ratha, J. H. Connell, and R. M. Bolle"Enhancing security and privacy in biometrics-based authentication systems"IBM Syst. J., vol. 40, no. 3, pp. 614-634, 2001
27. K. Lauter"The advantages of elliptic curve cryptography for wireless security"IEEE Wireless Commun., vol. 11, no. 1, pp. 62-67, Feb. 2004
28. P. C. Kocher, J. Jaffe, and B. Jun"Differential power analysis"in Proc. 19th Annu. Int. Cryptol. Conf. Adv. Cryptol. (CRYPTO), vol. 1666. Santa Barbara, CA, USA, 1999, pp. 388-397
29. T. S. Messerges, E. A. Dabbish, and R. H. Sloan"Examining smartcard security under the threat of power analysis attacks"IEEE Trans. Comput., vol. 51, no. 5, pp. 541-552, May 2002
30. D. Dolev and A. C. Yao"On the security of public key protocols"IEEE Trans. Inf. Theory, vol. 29, no. 2, pp. 198-208, Mar. 1983
31. W. Stallings, Cryptography and Network Security: Principles and Practice, 3rd ed. Upper Saddle River, NJ, USA: Prentice-Hall, 2003
32. P. Sarkar"A simple and generic construction of authenticated encryption with associated data"ACM Trans. Inf. Syst. Secur., vol. 13, no. 4, Dec. 2010, Art. ID 33
33. D. R. Stinson"Some observations on the theory of cryptographic hash functions"Designs, Codes Cryptogr., vol. 38, no. 2, pp. 259-277, 2006
34. A. K. Jain, A. Ross, and S. Prabhakar"An introduction to biometric recognition"IEEE Trans. Circuits Syst. Video Technol., vol. 14, no. 1, pp. 4-20, Jan. 2004
35. Y. Dodis, L. Reyzin, and A. Smith"Fuzzy extractors: How to generate strong keys from biometrics and other noisy data"in Advances in Cryptology. Interlaken, Switzerland: Springer-Verlag, 2004, pp. 523-540
36. A. K. Das"Analysis and improvement on an efficient biometric-based remote user authentication scheme using smart cards"IET Inf. Secur., vol. 5, no. 3, pp. 145-151, 2011
37. K. Simoens, J. Bringer, H. Chabanne, and S. Seys"A framework for analyzing template security and privacy in biometric authentication systems"IEEE Trans. Inf. Forensics Security, vol. 7, no. 2, pp. 833-841, Apr. 2012
38. Q. Zhang, Y. Yin, D.-C. Zhan, and J. Peng"A novel serial multimodal biometrics framework based on semisupervised learning techniques"IEEE Trans. Inf. Forensics Security, vol. 9, no. 10, pp. 1681-1694, Oct. 2014
39. K. Niinuma, U. Park, and A. K. Jain"Soft biometric traits for continuous user authentication"IEEE Trans. Inf. Forensics Security, vol. 5, no. 4, pp. 771-780, Dec. 2010
40. M. A. Pathak, B. Raj, S. D. Rane, and P. Smaragdis"Privacy-preserving speech processing: Cryptographic and string-matching frameworks show promise"IEEE Signal Process. Mag., vol. 30, no. 2, pp. 62-74, Mar. 2013
41. D. Maio, D. Maltoni, R. Cappelli, J. L. Wayman, and A. K. Jain"FVC2002: Second fingerprint verification competition"in Proc. 16th Int. Conf. Pattern Recognit. (ICPR), Quebec City, QC, Canada, 2002, pp. 811-814
42. P. J. Phillips, P. Grother, R. J. Micheals, D. M. Blackburn, E. Tabassi, and J. M. Bone. FRVT 2002: Overview and Summary [Online]. Available: https://epic.org/privacy/surveillance/spotlight/1105/nist0303. pdf, accessed Feb. 2015
43. R.-C. Wang, W.-S. Juang, and C.-L. Lei"User authentication scheme with privacy-preservation for multi-server environment"IEEE Commun. Lett., vol. 13, no. 2, pp. 157-159, Feb. 2009
44. X. Li, J.-W. Niu, J. Ma, W.-D. Wang, and C.-L. Liu"Cryptanalysis and improvement of a biometrics-based remote user authentication scheme using smart cards"J. Netw. Comput. Appl., vol. 34, no. 1, pp. 73-79, 2011
45. X. Huang, Y. Xiang, A. Chonka, J. Zhou, and R. H. Deng"A generic framework for three-factor authentication: Preserving security and privacy in distributed systems"IEEE Trans. Parallel Distrib. Syst., vol. 22, no. 8, pp. 1390-1397, Aug. 2011
46. M. Burrows, M. Abadi, and R. Needham"A logic of authentication"ACM Trans. Comput. Syst., vol. 8, no. 1, pp. 18-36, 1990
47. AVISPA: Automated Validation of Internet Security Protocols and Applications [Online]. Available: http://www.avispa-project.org/, accessed Jan. 2013
48. C. Lv, M. Ma, H. Li, J. Ma, and Y. Zhang"An novel three-party authenticated key exchange protocol using one-time key"J. Netw. Comput. Appl., vol. 36, no. 1, pp. 498-503, 2013
49. D. Basin, S. Mödersheim, and L. Vigano"OFMC: A symbolic model checker for security protocols"Int. J. Inf. Secur., vol. 4, no. 3, pp. 181-208, 2005
50. FIPS PUB 180-1, Secure Hash Standard, U.S. Dept. Commerce, Nat. Inst. Standards Technol., Washington, DC, USA, Apr. 1995
51. National Institute of Standards and Technology (NIST), U.S. Department of Commerce. (Nov. 2001). FIPS PUB 197, Advanced Encryption Standard [Online]. Available: http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf, accessed Nov. 2010
52. H. H. Kilinc and T. Yanik"A survey of SIP authentication and key agreement schemes"IEEE Commun. Surv. Tuts., vol. 16, no. 2, pp. 1005-1023, Second Quarter 2014