Biometric-based Remote User Authentication Scheme Research Articles

Cryptanalysis and Biometric-Based Enhancement of a Remote User Authentication Scheme for E-Healthcare System

In recent years, E-healthcare system is quite popular and the easiest medium to avail high-quality healthcare services from the specialized medical professions. In this system, the security is one of the major concern issues since during diagnosis process the patient’s medical-related documents are sensitive and it is always desirable that the authorized users can avail this facility in a secure way. Several remote user authentication schemes are reported to make E-healthcare system secure. Recently, Li et al. proposed a user authentication scheme for E-healthcare system and claimed that their scheme is able to withstand most of the common security attacks. However, we have reviewed their scheme and pointed out some vulnerabilities like identity and password guessing attacks; privileged insider attack; user impersonation attack; and smartcard theft attack. In order to overcome these security vulnerabilities, a biometric-based remote user authentication scheme is proposed for improving the security in E-healthcare system. The proposed scheme is validated using well-accepted Burrows–Abadi–Needham (BAN) logic and random oracle model. The informal security analysis ensures that the proposed scheme is able to resist several types of malicious cryptography attacks. Further, the proposed scheme is simulated using the Automated Validation of Internet Security Protocols and Applications (AVISPA) tool and the simulation results reveal that the scheme is secure against active and passive attacks. The proposed scheme is also compared with the existing schemes in terms of evaluation parameters like smartcard storage cost, communication cost, computation cost, and estimated time.

Key binding biometrics‐based remote user authentication scheme using smart cards

Remote user authentication schemes using smart cards provide solutions for securing user authentication. The schemes rely on passwords or biometric or both, which fall apart if the password is not kept secret. Additionally, the passwords can be stolen, lost, or forgotten and the stored biometric template is highly susceptible to a number of security and privacy attacks. This study presents a new biometric-based remote user authentication scheme using smart cards. In this study, the cryptographic key is concealed with a biometric template and discarded in the registration phase. During the login phase, the key is generated using a query biometric template in such a way that the key cannot be retrieved without a successful biometric verification. The strength of the proposed scheme is that it provides resistance to tampering and theft by way of a stored biometric template, privileged insider, and a smart card attacks and achieves some good properties such as it works without password (human memorised) and provides renewable property for the protected biometric template. Additionally, this scheme combines the good features of previous works to further capitalise on their sound security and design features. Security and performance analysis of the proposed scheme shows the advantage over other existing schemes.

멀티서버 환경을 위한 생체정보 기반 삼중 요소 사용자 인증 기법의 안전성 개선

In the multi-server environment, remote user authentication has a very critical issue because it provides the authorization that enables users to access their resource or services. For this reason, numerous remote user authentication schemes have been proposed over recent years. Recently, Lin et al. have shown that the weaknesses of Baruah et al.’s three factors user authentication scheme for multi-server environment, and proposed an enhanced biometric-based remote user authentication scheme. They claimed that their scheme has many security features and can resist various well-known attacks; however, we found that Lin et al.’s scheme is still insecure. In this paper, we demonstrate that Lin et al.’s scheme is vulnerable against the outsider attack and user impersonation attack, and propose a new biometric-based scheme for authentication and key agreement that can be used in the multi-server environment. Lastly, we show that the proposed scheme is more secure and can support the security properties.

Cryptanalysis of an Improvement of a Biometrics-Based Remote User Authentication Scheme using Smart Cards

ABSTRACT:-In the past few years, biometrics-based remote user authentication has become a topic of interest for cryptographers. Given the fact that applying biometrics in a remote user authentication scheme increases the security, several biometrics-based authentication schemes have been proposed. In 2011, Li et al. proposed an improvement for Li-Hwang’s biometrics-based remote user authentication scheme using a smart card. In their paper they have claimed that their scheme removes the weaknesses of Li-Hwang’s efficient scheme. This paper reviews and analyzes Li et al.’s scheme and demonstrates the flaws in its login, authentication and password change phases. It shows that this scheme has infrastructural deficiencies in its phases when the user enters a wrong password. It is also shown that these flaws could be removed with the verification of the entered password. Improvements in login phase, authentication phase and password change phase are proposed in this paper in order to remove these weaknesses

A robust anonymous biometric-based remote user authentication scheme using smart cards

Several biometric-based remote user authentication schemes using smart cards have been proposed in the literature in order to improve the security weaknesses in user authentication system. In 2012, An proposed an enhanced biometric-based remote user authentication scheme using smart cards. It was claimed that the proposed scheme is secure against the user impersonation attack, the server masquerading attack, the password guessing attack, and the insider attack and provides mutual authentication between the user and the server. In this paper, we first analyze the security of An’s scheme and we show that this scheme has three serious security flaws in the design of the scheme: (i) flaw in user’s biometric verification during the login phase, (ii) flaw in user’s password verification during the login and authentication phases, and (iii) flaw in user’s password change locally at any time by the user. Due to these security flaws, An’s scheme cannot support mutual authentication between the user and the server. Further, we show that An’s scheme cannot prevent insider attack. In order to remedy the security weaknesses found in An’s scheme, we propose a new robust and secure anonymous biometric-based remote user authentication scheme using smart cards. Through the informal and formal security analysis, we show that our scheme is secure against all possible known attacks including the attacks found in An’s scheme. The simulation results of our scheme using the widely-accepted AVISPA (Automated Validation of Internet Security Protocols and Applications) tool ensure that our scheme is secure against passive and active attacks. In addition, our scheme is also comparable in terms of the communication and computational overheads with An’s scheme and other related existing schemes. As a result, our scheme is more appropriate for practical applications compared to other approaches.

An improved biometric-based remote user authentication scheme for connected healthcare

The advancements in technology have made the internet an efficient and scalable tool to utilise for various online services; one of them is connected healthcare. The connected healthcare system presents the platform to deliver clinical service door to door. In these online services, it is required to ensure the authenticity of patients to protect medical resources/services. In 2013, Chang et al. presented biometric-based remote user authentication scheme with user anonymity for connected healthcare. They claimed that their biometrics based scheme is secure and efficient to validate the legality of the patient. Recently, Das and Goswami demonstrated that Chang et al.'s scheme is vulnerable to insider attack and man-in-the middle attack. They also showed some flaws in login and password change phases of Chang et al.'s scheme. Furthermore, they presented an improved scheme. However, we observe that Das and Goswami's scheme does not provide three factor authentication and is vulnerable to offline identity guessing attack. Further, we propose an improved biometric-based remote user authentication scheme for connected healthcare, which provides efficient login and password change phases where smart card quickly identifies the incorrect input. Moreover, the proposed scheme satisfies all desirable security attributes and achieves three factor authentication.

Analysis and Improvement on a Biometric-Based Remote User Authentication Scheme Using Smart Cards

In a recent paper (BioMed Research International, 2013/491289), Khan et al. proposed an improved biometrics-based remote user authentication scheme with user anonymity. The scheme is believed to be secure against password guessing attack, user impersonation attack, server masquerading attack, and provide user anonymity, even if the secret information stored in the smart card is compromised. In this paper, we analyze the security of Khan et al.’s scheme, and demonstrate that their scheme doesn’t provide user anonymity. This also renders that their scheme is insecure against other attacks, such as off-line password guessing attack, user impersonation attacks. Subsequently, we propose a robust biometric-based remote user authentication scheme. Besides, we simulate our scheme for the formal security verification using the wide-accepted BAN logic to ensure our scheme is working correctly by achieving the mutual authentication goals.

An enhanced biometric authentication scheme for telecare medicine information systems with nonce using chaotic hash function.

Recently, Awasthi and Srivastava proposed a novel biometric remote user authentication scheme for the telecare medicine information system (TMIS) with nonce. Their scheme is very efficient as it is based on efficient chaotic one-way hash function and bitwise XOR operations. In this paper, we first analyze Awasthi-Srivastava's scheme and then show that their scheme has several drawbacks: (1) incorrect password change phase, (2) fails to preserve user anonymity property, (3) fails to establish a secret session key beween a legal user and the server, (4) fails to protect strong replay attack, and (5) lacks rigorous formal security analysis. We then a propose a novel and secure biometric-based remote user authentication scheme in order to withstand the security flaw found in Awasthi-Srivastava's scheme and enhance the features required for an idle user authentication scheme. Through the rigorous informal and formal security analysis, we show that our scheme is secure against possible known attacks. In addition, we simulate our scheme for the formal security verification using the widely-accepted AVISPA (Automated Validation of Internet Security Protocols and Applications) tool and show that our scheme is secure against passive and active attacks, including the replay and man-in-the-middle attacks. Our scheme is also efficient as compared to Awasthi-Srivastava's scheme.

An Improved Biometric-Based User Authentication Scheme for C/S System

The authors first review the recently proposed Das's biometric-based remote user authentication scheme, and then show that Das's scheme is still insecure against some attacks and has some problems in password change phase. In order to overcome the design flaws in Das's scheme, an improvement of the scheme is further proposed. Cryptanalysis shows that our scheme is more efficient and secure against most of attacks; moreover, our scheme can provide strong mutual authentication by using verifying biometric, password as well as random nonces generated by the user and server.

Security flaws of Cheng et al.'s biometric-based remote user authentication scheme using quadratic residues

Security flaws of Cheng et al.'s biometric-based remote user authentication scheme using quadratic residues

An Improved Biometrics-Based Remote User Authentication Scheme with User Anonymity

The authors review the biometrics-based user authentication scheme proposed by An in 2012. The authors show that there exist loopholes in the scheme which are detrimental for its security. Therefore the authors propose an improved scheme eradicating the flaws of An's scheme. Then a detailed security analysis of the proposed scheme is presented followed by its efficiency comparison. The proposed scheme not only withstands security problems found in An's scheme but also provides some extra features with mere addition of only two hash operations. The proposed scheme allows user to freely change his password and also provides user anonymity with untraceability.

Biometrics and Biosecurity 2013

Biometrics and Biosecurity 2013

A secure biometric-based remote user authentication with key agreement scheme using extended chaotic maps

Recently, biometric-based remote user authentication schemes along with passwords have drawn considerable attention in research. In 2011, Das proposed an improvement on an efficient biometric-based remote user authentication scheme using smart cards and claimed his scheme could resist various attacks. However, there are some weaknesses in Das’s scheme such as the privileged insider attack and the off-line password guessing attack. Besides, Das’s scheme also cannot provide user anonymity. To overcome these weaknesses, we shall propose a secure biometric-based remote user authentication with key agreement scheme using extended chaotic maps. The proposed scheme not only can resist the above-mentioned attacks, but also provide user anonymity.

Li & Hwang's 생체기반 인증스킴에 대한 취약성 분석 및 개선

Recently, Li and Hwang scheme proposed a biometrics-based remote user authentication scheme using smart card. It is asserted that this scheme has very excellent benefits by the operation cost efficiency based on the smart card, one-way function and biometrics using random numbers. But this scheme cannot provide the properly authentication, especially, it is analyzed as the vulnerable security scheme for Denial-of-Service(DoS) attacks by impersonate attacks. The attacker controls the insecure channel, they can easily fabricate messages to pass the user`s or server`s authentication, and the malicious attacker can impersonate the user to cheat the server and can impersonate the server to cheat the user without knowing any secret information. This paper proposes the strong improved scheme which can respond to multiple attacks by supplementing the function of integrity check from the server which applied variable authenticator and OSPA without exposing the user`s password information. It is supplemented pregnable of disguise attack and mutual authentication of Li and Hwang scheme.

스마트 카드를 이용한 생체인식 기반 원격 사용자 인증 스킴의 보안성 개선

In 2011, Das proposed an effective biometrics-based remote user authentication scheme using smart cards that can provide strong authentication and mutual authentication, while eliminating the security drawbacks of Li-Hwang`s scheme. In this paper, we have shown that Das`s scheme is still insecure against several attacks and does not provide mutual authentication. Also, we proposed the enhanced scheme to overcome these security weaknesses, even if the secret information stored in the smart card is revealed. As a result of security analysis, the enhanced scheme is secure against user impersonation attack, server masquerading attack, off-line password guessing attack, and insider attack. And we can see that the enhanced scheme provides mutual authentication between the user and the server.

Security Analysis and Enhancements of an Effective Biometric-Based Remote User Authentication Scheme Using Smart Cards

Recently, many biometrics-based user authentication schemes using smart cards have been proposed to improve the security weaknesses in user authentication system. In 2011, Das proposed an efficient biometric-based remote user authentication scheme using smart cards that can provide strong authentication and mutual authentication. In this paper, we analyze the security of Das's authentication scheme, and we have shown that Das's authentication scheme is still insecure against the various attacks. Also, we proposed the enhanced scheme to remove these security problems of Das's authentication scheme, even if the secret information stored in the smart card is revealed to an attacker. As a result of security analysis, we can see that the enhanced scheme is secure against the user impersonation attack, the server masquerading attack, the password guessing attack, and the insider attack and provides mutual authentication between the user and the server.

An enhanced biometrics-based remote user authentication scheme using mobile devices

Remote user authentication is a mechanism, in which the remote server verifies the legitimacy of a user over an insecure communication channel. Recently, Wang and Li proposed a fingerprint-based remote user authentication scheme using mobile devices. We demonstrate that their scheme is vulnerable and susceptible to many attacks and has some practical pitfalls. To solve these problems, we propose an efficient fingerprint-based remote user authentication scheme using mobile devices. Proposed scheme not only overcomes all the drawbacks and problems of Wang and Li's scheme, but also provides secure and user-friendly fingerprint-based remote user authentication over insecure networks.

Improvement of Li-Hwang's biometrics-based remote user authentication scheme using smart cards

Recently, Li and Hwang proposed an efficient biometrics-based remote user authentication scheme without storing the password tables. Their scheme uses random numbers to solve the problem of synchro...

Cryptanalysis And Further Improvement Of A Biometric-Based Remote User Authentication Scheme Using Smart Cards

Recently, Li et al. proposed a secure biometric-based remote user authentication scheme using smart cards to withstand the security flaws of Li-Hwang's efficient biometric-based remote user authentication scheme using smart cards. Li et al.'s scheme is based on biometrics verification, smart card and one-way hash function, and it also uses the random nonce rather than a synchronized clock, and thus it is efficient in computational cost and more secure than Li-Hwang's scheme. Unfortunately, in this paper we show that Li et al.'s scheme still has some security weaknesses in their design. In order to withstand those weaknesses in their scheme, we further propose an improvement of their scheme so that the improved scheme always provides proper authentication and as a result, it establishes a session key between the user and the server at the end of successful user authentication.

Analysis and improvement on an efficient biometric-based remote user authentication scheme using smart cards

The author first reviews the recently proposed Li-Hwang's biometric-based remote user authentication scheme using smart cards; then shows that the Li-Hwang's scheme has some design flaws in their scheme. In order to withstand those flaws in their scheme, an improvement of their scheme is further proposed. The author also shows that the improved scheme provides strong authentication with the use of verifying biometric, password as well as random nonces generated by the user and the server as compared to that for the Li-Hwang's scheme and other related schemes.