Abstract
In 2009, Xu et al. presented a safe, dynamic, id-based on remote user authentication method that has several advantages such as freely chosen passwords and mutual authentication. In this paper, we review the Xu–Zhu–Feng scheme and indicate many shortcomings in their scheme. Impersonation attacks and insider attacks could be effective. To overcome these drawbacks, we propose a secure biometric-based remote authentication scheme using biometric characteristics of hand-geometry, which is aimed at withstanding well-known attacks and achieving good performance. Furthermore, our work contains many crucial merits such as mutual authentication, user anonymity, freely chosen passwords, secure password changes, session key agreements, revocation by using personal biometrics, and does not need extra device or software for hand geometry in the login phase. Additionally, our scheme is highly efficient and withstands existing known attacks like password guessing, server impersonation, insider attacks, denial of service (DOS) attacks, replay attacks, and parallel-session attacks. Compared with the other related schemes, our work is powerful both in communications and computation costs.
Highlights
Password-based authentication schemes consider the most widespread protocol used to validate authentication between legitimate customers and the remote server
We propose a strong scheme based on smart card and feature extraction of hand geometry to overcome the above-mentioned issues
We propose a new efficient and secure smart card based on a remote password authentication scheme that overcomes the weaknesses of the Xu–Zhu–Feng scheme, and enjoys several features such as efficiency, flexible password-based remote mutual authentication, user anonymity, users being able to freely select and update their passwords, and the server and user being able to construct authenticated session keys
Summary
Password-based authentication schemes consider the most widespread protocol used to validate authentication between legitimate customers and the remote server. Adversaries can build a table of important words in order to enter the system by applying a dictionary attack. These passwords can be broken in a matter of a few short minutes. As a result, this type of password can be detected from a simple note, either in use or heedlessly rejected. This type of password can be detected from a simple note, either in use or heedlessly rejected While those ways need to be secured against, passwords are required to be less predictable by machines. The purpose of MFA is to generate a layered protection and make it more troublesome for an illegal person to arrive at Computers 2016, 5, 15; doi:10.3390/computers5030015 www.mdpi.com/journal/computers
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
