International Journal of Internet, Broadcasting and Communication

The Institute of Internet, Broadcasting and Communication (한국인터넷방송통신학회)
권호 표지
DOI QR코드

DOI QR Code

An Improved Biometrics-based Password Authentication Scheme with Session Key Agreement

  • Yang, Hyungkyu (Computer Media Information Engineering, Kangnam University)
  • Received : 2016.06.17
  • Accepted : 2016.07.21
  • Published : 2016.08.31
Download PDF
⟨ Previous Next ⟩

Abstract

In 2013, Li et al. proposed an improved smart card-based remote user password authentication scheme, and claimed that their scheme not only overcomes security weaknesses of the Chen et al.'s scheme but also is a more user friendly scheme compared with other schemes. In this paper, we analyze the security of Li et al.'s authentication scheme and we show that Li et al.'s authentication scheme is still insecure against the various attacks, such as the off-line password guessing attack, the forgery attack, and the session key generation attack etc. Also, we propose an improved scheme that can resist these security drawbacks of Li et al.'s authentication, even if the secret information stored in the smart card is revealed. As a result of security analysis, the improved scheme is relatively more secure against several attacks than other related schemes in terms of the security.

Keywords

References

  1. L. Lamport, "Password Authentication with Insecure Communication," Communications of the ACM, vol. 24, no. 11, pp. 770-772, 1987. https://doi.org/10.1145/358790.358797
  2. S.M. Woo and M. Lee," Sensors Network and Security and Multimedia Enhancement," The International Journal of Internet, Broadcasting and Communication(IJIBC), Vol. 8, No. 1, pp. 64-76, Feb 2016. https://doi.org/10.7236/IJIBC.2016.8.1.64
  3. J.J. Kim, J.J. Kang, E.J. Rothwell and K.Y. Lee," RFID-based Secure Communication for Smart Device in Future Home Network Environment," The International Journal of Internet, Broadcasting and Communication(IJIBC), Vol. 5, No. 1, pp. 18-22, May 2013. https://doi.org/10.7236/IJIBC.2013.5.1.18
  4. Liu, J.Y., Zhou, A.M., Gao, M.X," A New Mutual Authentication Scheme based on Nonce and Smart Cards," Computer Communications, vol. 31, pp. 2205-2209, 2008. https://doi.org/10.1016/j.comcom.2008.02.002
  5. Xu, J., Zhu, W.T., Feng, D.G.," An Improved Smart Card-based Remote User Password Authentication Scheme with Provable Security," Computer Standards and Interfaces, vol. 31, no. 4, pp. 723-728, 2009. https://doi.org/10.1016/j.csi.2008.09.006
  6. Sood, S.K., Sarje, A.K., Singh, K.," An Improvement of Xu et al.'s Authentication Scheme using Smart Cards," Proceedings of the 3rd annual ACM Bangalore conference, India, pp. 17-5, 2010.
  7. Awasthi, A.K., Srivastava, K., Mittal, R.C," An Improved Timestamp-based Remote User Authentication Scheme," Computer and Electrical Engineering, vol. 37, pp. 869-874 (2011) https://doi.org/10.1016/j.compeleceng.2011.09.015
  8. Chen, B.L., Kuo, W.C., WCC, L.C.: Robust Smart Card-based Remote User Password Authentication Scheme. International Journal of Communication Systems, 2013.
  9. Xiong, L., Jianwei, N., Muhammad, K.K., Junguo, L.," An Enhanced Smart Card-based Remote User Password Authentication Scheme," Journal of Network and Computer Applications, vol. 36, pp. 1365-1371, 2013. https://doi.org/10.1016/j.jnca.2013.02.034
  10. Khan, M.K., Zhang, J.," An Efficient and Practical Fingerprint-based Remote User Authentication Scheme with Smart Cards," ISPEC 2006, LNCS 3903, pp. 260-268, 2006.
  11. Li, C.T., Hwang, M.S.," An Efficient Biometrics-based Remote User Authentication Scheme Using Smart Cards," Journal of Network and Computer Applications, vol. 33, pp. 1-5, 2010. https://doi.org/10.1016/j.jnca.2009.08.001
  12. Das, A.K.," Analysis and Improvement on an Efficient Biometric-based Remote User Authentication Scheme Using Smart Cards," IET Information Security, vol.5, Iss. 3, pp. 541-552, 2011.
  13. Kocher, P., Jaffe, J., Jun, B.," Differential Power Analysis," Proceedings of Advances in Cryptology, pp. 388-397, 1999.
  14. T. S. Messerges, E. A. Dabbish and R.H. Sloan, "Examining Smart-Card Security under the Threat of Power Analysis Attacks," IEEE Transactions on Computers, vol. 51, no. 5, pp. 541-552, 2002. https://doi.org/10.1109/TC.2002.1004593