Device Parameter based Secure User Authentication

  • Kun-Lin Tsai
  • Fang-Yie LeuEmail author
  • King-Shing Yip
Conference paper
Part of the Lecture Notes on Data Engineering and Communications Technologies book series (LNDECT, volume 2)


User authentication is a procedure used to verify a user before he/she can login a system and website. Usually, the user’s account and password are employed to verify his/her identity. However, the two parameters may be hacked if the underlying network is unsafe. To provide a secure user authentication procedure, in this paper, we propose a secure user authentication scheme, named Device Parameter based User Authentication (DePUA in short), in which the hardware/software parameters of a user’s trusted device, the user’s password and a generated authorization code are employed to derive the device’s parameter key. Without the trusted device, the adversary is unable to login the system and access user’s information. The security analyses show that the DePUA can effectively verify user’s identity and has the features of machine-specific device’s parameter key, user anonymity, and two-factor security. Besides, it is able to resist replay attack, eavesdropping attack, and impersonation attack.


Smart Card User Authentication Impersonation Attack Authentication Code Elliptic Curve Cryptography 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Liao, Y.P., Wang, S.S.: A Robust Password-Based Remote User Authentication Scheme Using Bilinear Pairings without Using Smart Cards. In: International Computer Symposium, pp. 215–221. Taiwan (2010)Google Scholar
  2. 2.
    Ren, X., Wu, X.W.: A Novel Dynamic User Authentication Scheme. In: International Symposium on Communications and Information Technologies, Gold Coast, pp. 713–717. USA (2012)Google Scholar
  3. 3.
    Li, X., Ma, J., Wang, W., Xiong, Y., Zhang, J.: A Novel Smart Card and Dynamic ID based Remote User Authentication Scheme for Multi-server Environment. Mathematical and Computer Modelling. 58(1–2), 85–95 (2013)Google Scholar
  4. 4.
    4. Roalter, L., Kranz, M., Diewald, S., Möller, A.: The Smartphone as Mobile Authorization Proxy. In: International Conference on Computer Aided Systems Theory, pp. 306–307. Japan (2013)Google Scholar
  5. 5.
    Niinuma, K., Park, U., Jain, A.K.: Soft Biometric Traits for Continuous User Authentication. IEEE Transactions on Information Forensics and Security, 5(4), 771–780 (2010)Google Scholar
  6. 6.
    Tsai, K.L., Leu, F.Y., Tsai, S.H.: Data Encryption Method using Environmental Secret Key with Server Assistance. Intelligent Automation and Soft Computing, 22(3), 423–430 (2016)Google Scholar
  7. 7.
    Schreck, J.: Security and Privacy in User Modeling. Springer Science+Business Media. (2003)Google Scholar
  8. 8.
    Wang D., Wang, P.: Understanding Security Failures of Two-factor Authentication Schemes for Real-time Applications in Hierarchical Wireless Sensor Networks. Ad Hoc Networks, 20, 1–15 (2014)Google Scholar
  9. 9.
    Tsai, K.L., Huang, Y.L., Leu, F.Y., Tan, J.S., Ye, M.Y.: High-efficient Multi-Key Exchange Protocol based on Three-party Authentication. In: International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing, Birmingham, pp. 487–492. UK (2014)Google Scholar
  10. 10.
    Moghaddam, F.F., Moghaddam, S.G., Rouzbeh, S., Araghi, S.K., Alibeigi, N.M., Varnosfaderani, S.D.: A Scalable and Efficient User Authentication Scheme for Cloud Computing Environments. In: IEEE Region 10 Symposium, pp. 508–513. Malaysia (2014)Google Scholar
  11. 11.
    Huang, Y.L., Dai, C.R., Leu, F.Y., You, I.: A Secure Data Encryption Method Employing a Sequential-Logic Style Mechanism for a Cloud System. International Journal of Web and Grid Services, 11(1), 102–124 (2015)Google Scholar
  12. 12.
    Shin S., Kwon, T.: A Survey of Public Provable Data Possession Schemes with Batch Verification in Cloud Storage. Journal of Internet Services and Information Security, 5(3), 37–47 (2015)Google Scholar

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  1. 1.Department of Electrical EngineeringTunghai UniversityTaichungTaiwan
  2. 2.Department of Computer ScienceTunghai UniversityTaichungTaiwan

Personalised recommendations