Abstract
User authentication protocol is an important security mechanism for mobile networks. Recently, Wu et al. proposed a biometrics-based three-factor user authentication scheme using elliptic curve cryptography for mobile networks. However, in this paper, we find out that their scheme is vulnerable to the impersonation attack, because de/encryption key of the server and the user can be computed by an adversary. And then an improved three-factor authentication scheme for mobile client-server networks is proposed to overcome the weakness. The proposed scheme uses a random nonce to decrypt and encrypt messages without using the server's public key for reducing computation cost and avoiding the key management problem, and it also achieves user's anonymity. In addition, we apply the pi calculus-based formal verification tool ProVerif for security evaluations, and compare our scheme with some related schemes to show that the proposed scheme is both secure and efficient.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
