On the Security of a Three Factor Remote User Authentication Scheme Using Fuzzy Extractor

  • Chien-Ming Chen
  • Yanyu Huang
  • Xiaoting Deng
  • Tsu-Yang Wu
Conference paper
Part of the Smart Innovation, Systems and Technologies book series (SIST, volume 109)


A secure authenticated key exchange protocol is an important key to establish a secure wireless communication. Various research have been conducted to study the efficiency and security of these authenticated key exchange protocol. A recent work by Giri et al. proposed a three factor remote user authentication scheme using Fuzzy Extractor for single server environment. However we found that their protocol is still vulnerable against an online password guessing attack. We also found that their protocol does not provide the perfect forward secrecy. To solve such problems, we propose a simple but effective improvement.



The work of Chien-Ming Chen was supported in part by Shenzhen Technical Project under Grant number JCYJ20170307151750788 and in part by Shenzhen Technical Project under Grant number QJSCX20170327161755. The work of Tsu-Yang Wu was supported in part by the Science and Technology Development Center, Ministry of Education, China under Grant no. 2017A13025 and the Natural Science Foundation of Fujian Province under Grant no. 2018J01636.


  1. 1.
    Chen, C.M., Fang, W., Liu, S., Wu, T.Y., Pan, J.S., Wang, K.H.: Improvement on a chaotic map-based mutual anonymous authentication protocol. J. Inf. Sci. Eng. 34(2) (2018)Google Scholar
  2. 2.
    Chen, C.M., Li, C.T., Liu, S., Wu, T.Y., Pan, J.S.: A provable secure private data delegation scheme for mountaineering events in emergency system. IEEE Access 5(1), 3410–3422 (2017)CrossRefGoogle Scholar
  3. 3.
    Chen, C.M., Xu, L., Wu, T.Y., Li, C.R.: On the security of a chaotic maps-based three-party authenticated key agreement protocol. J. Netw. Intell. 1(2), 61–66 (2016)Google Scholar
  4. 4.
    Giri, D., Maitra, T.: A three factor remote user authentication scheme using collision resist fuzzy extractor in single server environment. In: ITM Web of Conferences. vol. 13, p. 01020. EDP Sciences (2017)Google Scholar
  5. 5.
    Guo, C., Chang, C.C.: Chaotic maps-based password-authenticated key agreement using smart cards. Commun. Nonlinear Sci. Numer. Simul. 18(6), 1433–1440 (2013)MathSciNetCrossRefGoogle Scholar
  6. 6.
    Huang, X., Xiang, Y., Chonka, A., Zhou, J., Deng, R.H.: A generic framework for three-factor authentication: preserving security and privacy in distributed systems. IEEE Trans. Parallel Distrib. Syst. 22(8), 1390–1397 (2011)CrossRefGoogle Scholar
  7. 7.
    Jiang, Q., Khan, M.K., Lu, X., Ma, J., He, D.: A privacy preserving three-factor authentication protocol for e-health clouds. J. Supercomput. 72(10), 3826–3849 (2016)CrossRefGoogle Scholar
  8. 8.
    Ku, W.C., Chen, C.M., Lee, H.L.: Cryptanalysis of a variant of peyravian-zunic’s password authentication scheme. IEICE Trans. Commun. 86(5), 1682–1684 (2003)Google Scholar
  9. 9.
    Ku, W.C., Chen, C.M., Lee, H.L.: Weaknesses of lee-li-hwang’s hash-based password authentication scheme. ACM SIGOPS Oper. Syst. Rev. 37(4), 19–25 (2003)CrossRefGoogle Scholar
  10. 10.
    Lamport, L.: Password authentication with insecure communication. Commun. ACM 24(24), 770–772 (1981)CrossRefGoogle Scholar
  11. 11.
    Li, C.T., Chen, C.L., Lee, C.C., Weng, C.Y., Chen, C.M.: A novel three-party password-based authenticated key exchange protocol with user anonymity based on chaotic maps. Soft Comput. 22(8), 2495–2506 (2018)CrossRefGoogle Scholar
  12. 12.
    Li, C.T., Hwang, M.S.: An efficient biometrics-based remote user authentication scheme using smart cards. J. Netw. Comput. Appl. 33(1), 1–5 (2010)CrossRefGoogle Scholar
  13. 13.
    Li, C.T., Lee, C.C., Weng, C.Y., Chen, C.M.: Towards secure authenticating of cache in the reader for RFID-based IOT systems. Peer-To-Peer Netw. Appl. 11(1), 198–208 (2018)CrossRefGoogle Scholar
  14. 14.
    Li, X., Niu, J.W., Ma, J., Wang, W.D., Liu, C.L.: Cryptanalysis and improvement of a biometrics-based remote user authentication scheme using smart cards. J. Netw. Comput. Appl. 34(1), 73–79 (2011)CrossRefGoogle Scholar
  15. 15.
    Li, X., Xiong, Y., Ma, J., Wang, W.: An efficient and security dynamic identity based authentication protocol for multi-server architecture using smart cards. J. Netw. Comput. Appl. 35(2), 763–769 (2012)CrossRefGoogle Scholar
  16. 16.
    Liao, Y.P., Wang, S.S.: A secure dynamic ID based remote user authentication scheme for multi-server environment. Comput. Stand. Interfaces 31(1), 24–29 (2009)CrossRefGoogle Scholar
  17. 17.
    Mishra, D., Das, A.K., Mukhopadhyay, S.: A secure user anonymity-preserving biometric-based multi-server authenticated key agreement scheme using smart cards. Expert. Syst. Appl. 41(18), 8129–8143 (2014)CrossRefGoogle Scholar
  18. 18.
    Odelu, V., Das, A.K., Goswami, A.: A secure biometrics-based multi-server authentication protocol using smart cards. IEEE Trans. Inf. Forensics Secur. 10(9), 1953–1966 (2015)CrossRefGoogle Scholar
  19. 19.
    Sun, H.M., He, B.Z., Chen, C.M., Wu, T.Y., Lin, C.H., Wang, H.: A provable authenticated group key agreement protocol for mobile environment. Inf. Sci. 321, 224–237 (2015)MathSciNetCrossRefGoogle Scholar
  20. 20.
    Wang, D., Wang, P.: Two birds with one stone: two-factor authentication with security beyond conventional bound. IEEE Trans. Dependable Secur. Comput. (2016)Google Scholar
  21. 21.
    Wang, K.H., Chen, C.M., Fang, W., Wu, T.Y.: A secure authentication scheme for internet of things. Pervasive Mob. Comput. 42, 15–26 (2017)CrossRefGoogle Scholar
  22. 22.
    Wang, K.H., Chen, C.M., Fang, W., Wu, T.Y.: On the security of a new ultra-lightweight authentication protocol in IoT environment for RFID tags. J. Supercomput. 74(1), 65–70 (2018)CrossRefGoogle Scholar
  23. 23.
    Yeh, K.H.: A lightweight authentication scheme with user untraceability. Front. Inf. Technol. Electron. Eng. 16(4), 259–271 (2015)CrossRefGoogle Scholar
  24. 24.
    Yoon, E.J., Yoo, K.Y.: Robust biometrics-based multi-server authentication with key agreement scheme for smart cards on elliptic curve cryptosystem. J. Supercomput. 63(1), 235–255 (2013)CrossRefGoogle Scholar
  25. 25.
    Zhu, H., Zhang, Y., Xia, Y., Li, H.: Password-authenticated key exchange scheme using chaotic maps towards a new architecture in standard model. IJ Netw. Secur. 18(2), 326–334 (2016)Google Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  • Chien-Ming Chen
    • 1
  • Yanyu Huang
    • 1
  • Xiaoting Deng
    • 1
  • Tsu-Yang Wu
    • 2
    • 3
    • 4
  1. 1.Harbin Institute of Technology (Shenzhen)ShenzhenChina
  2. 2.College of Computer Science and EngineeringShandong University of TechnologyShandongChina
  3. 3.Fujian Provincial Key Laboratory of Big Data Mining and ApplicationsFujian University of TechnologyFuzhouChina
  4. 4.National Demonstration Center for Experimental Electronic Information and Electrical Technology Education (Fujian University of Technology)Fujian University of TechnologyFuzhouChina

Personalised recommendations