Skip to main content
SpringerLink
Log in

Robust extended chaotic maps-based three-factor authentication scheme preserving biometric template privacy

  • Original Paper
  • Published:
Nonlinear Dynamics Aims and scope Submit manuscript

Abstract

Due to its high level of security, three-factor authentication combining password, smart card and biometrics has received much interest in the past decades. Recently, Islam proposed a dynamic identity-based three-factor authentication scheme using extended chaotic map which attempts to fulfill three-factor security and resist various known attacks, offering many advantages over existing works. However, in this paper we first show that the process of password verification in the login phase is invalid. Besides this defect, it is also vulnerable to user impersonation attack and off-line password guessing attack, under the condition that the smart card is lost or stolen. Furthermore, it fails to preserve biometric template privacy in the case that the password and the smart card are compromised. To remedy these flaws, we propose a robust three-factor authentication scheme, which not only resists various known attacks, but also provides more desired security features. We demonstrate that our scheme provides mutual authentication using the Burrows–Abadi–Needham logic. Our scheme provides high security strength as well as low computational cost.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3

Similar content being viewed by others

References

  1. Xia, Z., Wang, X., Sun, X., Wang, Q.: A secure and dynamic multi-keyword ranked search scheme over encrypted cloud data. IEEE Trans. Parallel Distrib. Syst. (2015). doi:10.1109/TPDS.2015.2401003

    Google Scholar 

  2. Fu, Z., Sun, X., Liu, Q., Zhou, L., Shu, J.: Achieving efficient cloud search services: multi-keyword ranked search over encrypted cloud data supporting parallel computing. IEICE Trans. Commun. E98–B(1), 190–200 (2015)

    Article  Google Scholar 

  3. Ren, Y., Shen, J., Wang, J., Han, J., Lee, S.: Mutual verifiable provable data auditing in public cloud storage. J. Internet Technol. 16(2), 317–323 (2015)

    Google Scholar 

  4. Guo, P., Wang, J., Li, B., Lee, S.: A variable threshold-value authentication architecture for wireless mesh networks. J. Internet Technol. 15(6), 929–936 (2014)

    Google Scholar 

  5. Zhao, D., Peng, H., Li, L., Yang, Y.: A secure and effective anonymous authentication scheme for roaming service in global mobility networks. Wirel. Pers. Commun. 78(1), 247–269 (2014)

    Article  Google Scholar 

  6. Wang, D., He, D., Wang, P., Chu, C.-H.: Anonymous two-factor authentication in distributed systems: certain goals are beyond attainment. IEEE Trans. Depend. Secure Comput. 12(4), 428–442 (2015). doi:10.1109/TDSC.2014.2355850

    Article  Google Scholar 

  7. Wang, D., Wang, N., Wang, P., Qing, S.: Preserving privacy for free: efficient and provably secure two-factor authentication scheme with user anonymity. Inf. Sci. 321, 162–178 (2015). doi:10.1016/j.ins.2015.03.070

    Article  Google Scholar 

  8. O’Gorman, L.: Comparing passwords, tokens, and biometrics for user authentication. Proc. IEEE 91(12), 2021–2040 (2003)

    Article  Google Scholar 

  9. Yu, J., Wang, G., Mu, Y., Gao, W.: An efficient and improved generic framework for three-factor authentication with provably secure instantiation. IEEE Trans. Inf. Forensics Secur. 9(12), 2302–2313 (2014). doi:10.1109/TIFS.2014.2362979

    Article  Google Scholar 

  10. Huang, X., Xiang, Y., Chonka, A., Zhou, J., Deng, R.H.: A generic framework for three-factor authentication: preserving security and privacy in distributed systems. IEEE Trans. Parallel Distrib. Syst. 22(8), 1390–1397 (2011)

    Article  Google Scholar 

  11. Lin, C.H., Lai, Y.Y.C.H.: A flexible biometrics remote user authentication scheme. Comput. Stand. Interfaces 27, 19–23 (2004)

    Article  Google Scholar 

  12. Khan, M.K., Zhang, J.S.: Improving the security of ‘a flexible biometrics remote user authentication scheme’. Comput. Stand. Interfaces 29, 82–85 (2007)

    Article  Google Scholar 

  13. Li, C.-T., Hwang, M.-S.: An efficient biometrics-based remote user authentication scheme using smart cards. J. Netw. Comput. Appl. 33, 1–5 (2010)

    Article  Google Scholar 

  14. Li, X., Niu, J.W., Ma, J., Wang, W.D., Liu, C.L.: Cryptanalysis and improvement of a biometric-based remote authentication scheme using smart cards. J. Netw. Comput. Appl. 34, 73–79 (2011)

    Article  Google Scholar 

  15. Das, A.K.: Analysis and improvement on an efficient biometric-based remote user authentication scheme using smart cards. IET Inf. Secur. 5(3), 145–151 (2012)

    Article  Google Scholar 

  16. Fan, C.I., Lin, Y.H.: Provably secure remote truly three factor authentication scheme with privacy protection on biometrics. IEEE Trans. Inf. Forensics Secur. 4, 933–945 (2009)

    Article  Google Scholar 

  17. Li, X., Niu, J., Wang, Z., Chen, C.: Applying biometrics to design three-factor remote user authentication scheme with key agreement. Secur. Commun. Netw. 7(10), 1488–1497 (2013)

    Google Scholar 

  18. Li, L., Peng, H., Kurths, J., Yang, Y., Schellnhuber, H.J.: Chaos-order transition in foraging behavior of ants. PNAS 111(23), 8392–8397 (2014)

    Article  Google Scholar 

  19. Niu, Y.J., Wang, X.Y.: An anonymous key agreement protocol based on chaotic maps. Commun. Nonlinear Sci. Numer. Simul. 16, 1986–1992 (2011)

    Article  MathSciNet  MATH  Google Scholar 

  20. Xue, K., Hong, P.: Security improvement on an anonymous key agreement protocol based on chaotic maps. Commun. Nonlinear Sci. Numer. Simul. 17, 2969–2977 (2012)

    Article  MathSciNet  MATH  Google Scholar 

  21. Lee, T.-F.: Enhancing the security of password authenticated key agreement protocols based on chaotic maps. Inf. Sci. 290, 63–71 (2015)

    Article  Google Scholar 

  22. Gong, P., Li, P., Shi, W.: A secure chaotic maps-based key agreement protocol without using smart cards. Nonlinear Dyn. 70, 2401–2406 (2012)

    Article  MathSciNet  Google Scholar 

  23. Xie, Q., Tu, X.: Chaotic maps-based three-party password authenticated key agreement scheme. Nonlinear Dyn. 74, 1021–1027 (2013)

    Article  MathSciNet  MATH  Google Scholar 

  24. Zhao, F., Gong, P., Li, S., Li, M., Li, P.: Cryptanalysis and improvement of a three-party key agreement protocol using enhanced Chebyshev polynomials. Nonlinear Dyn. 74, 419–427 (2013)

    Article  MathSciNet  MATH  Google Scholar 

  25. Lee, C.-C., Li, C.-T., Hsu, C.-W.: A three-party password based authenticated key exchange protocol with user anonymity using extended chaotic maps. Nonlinear Dyn. 73, 125–132 (2013)

    Article  MathSciNet  MATH  Google Scholar 

  26. Farash, M.S., Attari, M.A.: An efficient and provably secure three-party password-based authenticated key exchange protocol based on Chebyshev chaotic maps. Nonlinear Dyn. 77(1), 399–411 (2014). doi:10.1007/s11071-014-1304-6

    Article  MathSciNet  MATH  Google Scholar 

  27. Lai, H., Orgun, M.A., Xiao, J., Pieprzyk, J., Xue, L., Yang, Y.: Provably secure three-party key agreement protocol using Chebyshev chaotic maps in the standard model. Nonlinear Dyn. 77(4), 1427–1439 (2014)

    Article  MathSciNet  MATH  Google Scholar 

  28. Guo, C., Chang, C.-C.: Chaotic maps-based password authenticated key agreement using smart cards. Commun. Nonlinear Sci. Numer. Simul. 18(6), 1433–1440 (2013)

    Article  MathSciNet  MATH  Google Scholar 

  29. Hao, X., Wang, J., Yang, Q., Yan, X., Li, P.: A chaotic map based authentication scheme for telecare medicine information systems. J. Med. Syst. 37(2), 1–7 (2013)

    Article  Google Scholar 

  30. Jiang, Q., Ma, J., Lu, X., Tian, Y.: Robust chaotic map-based authentication and key agreement scheme with strong anonymity for telecare medicine information systems. J. Med. Syst. 38(2), 1–8 (2014)

    Article  Google Scholar 

  31. Yau, W.C., Phan, R.C.W.: Security analysis of a chaotic map based authentication scheme for telecare medicine information systems. J. Med. Syst. 37(6), 1–9 (2013)

    Article  Google Scholar 

  32. Yau, W.C., Phan, R.C.W.: Cryptanalysis and improvement of a three-party key agreement protocol using enhanced Chebyshev polynomials. Nonlinear Dyn. 79(2), 809–821 (2014). doi:10.1007/s11071-014-1704-7

    Article  MathSciNet  Google Scholar 

  33. Tan, Z.: A chaotic maps-based authenticated key agreement protocol with strong anonymity. Nonlinear Dyn. 72(1–2), 311–320 (2013)

    Article  MathSciNet  MATH  Google Scholar 

  34. Li, C.T., Lee, C.C., Weng, C.Y.: An extended chaotic maps based user authentication and privacy preserving scheme against DoS attacks in pervasive and ubiquitous computing environments. Nonlinear Dyn. 74(4), 1133–1143 (2013)

    Article  MathSciNet  Google Scholar 

  35. Lee, C.C., Lou, D.C., Li, C.T.: An extended chaotic maps-based protocol with key agreement for multiserver environments. Nonlinear Dyn. 76(1), 853–866 (2013). doi:10.1007/s11071-013-1174-3

    Article  MathSciNet  MATH  Google Scholar 

  36. Khan, M.K., Zhang, J., Wang, X.: Chaotic hash-based fingerprint biometric remote user authentication scheme on mobile devices. Chaos, Solitons Fract. 35(3), 519–524 (2008)

    Article  Google Scholar 

  37. Lee, C.C., Chen, C.C., Wu, C.Y., Huang, S.-Y.: An extended chaotic maps-based key agreement protocol with user anonymity. Nonlinear Dyn. 69(1–2), 79–87 (2012)

    Article  MathSciNet  MATH  Google Scholar 

  38. He, D., Chen, Y., Chen, J.: Cryptanalysis and improvement of an extended chaotic maps-based key agreement protocol. Nonlinear Dyn. 69(3), 1149–1157 (2012)

    Article  MathSciNet  MATH  Google Scholar 

  39. Lee, C.C., Hsu, C.W.: A secure biometric-based remote user authentication with key agreement scheme using extended chaotic maps. Nonlinear Dyn. 71(1–2), 201–211 (2013)

    Article  MathSciNet  Google Scholar 

  40. Islam, S.K.H.: Provably secure dynamic identity-based three-factor password authentication scheme using extended chaotic maps. Nonlinear Dyn. 78(3), 2261–2276 (2014). doi:10.1007/s11071-014-1584-x

    Article  MathSciNet  Google Scholar 

  41. Dodis Y., Reyzin L., Smith A.: Fuzzy extractors: How to generate strong keys from biometrics and other noisy data. In: Proceedings of EUROCRYPT, pp. 523–540(2004)

  42. Juels A., Sudan M.: A fuzzy vault scheme. In: Proceedings of International Symposium on Information Theory (ISIT), p. 408 (2002)

  43. Nagar, A., Nandakumar, K., Jain, A.K.: Securing fingerprint template: fuzzy vault with minutiae descriptors. In: Proceedings of 19th International Conference on Pattern Recognition, pp. 1–4 (2008)

  44. He, D., Kumar, N., Lee, J.-H.: Enhanced three-factor security protocol for USB consumer storage devices. IEEE Trans. Consum. Electr. 60(1), 30–37 (2014)

    Article  Google Scholar 

  45. He, D., Wang, D.: Robust biometrics-based authentication scheme for multi-server environment. IEEE Syst. J. 9(3), 816–823 (2015). doi:10.1109/JSYST.2014.2301517

    Article  Google Scholar 

  46. Wang, D., Wang, P., Ma, C., Chen, Z.: iPass: privacy preserving two-factor authentication scheme against smart card loss problem. Cryptology ePrint Archive 439, 1–35 (2012). http://eprint.iacr.org/2012/439.pdf

  47. Bergamo, P., Arco, P., Santis, A., Kocarev, L.: Security of public key cryptosystems based on Chebyshev polynomials. IEEE. Trans. Circ. Syst. 52, 1382–1393 (2005)

    Article  MathSciNet  Google Scholar 

  48. Zhang, L.: Cryptanalysis of the public key encryption based on multiple chaotic systems. Chaos Solitons Fract. 37(3), 669–674 (2008)

    Article  MathSciNet  MATH  Google Scholar 

  49. Kocher, P., Jaffe, J., Jun, B.: Differential power analysis. In: Proceedings of Advances in Cryptology (Crypto’99), LNCS, pp. 388–397 (1999)

  50. Messerges, T.S., Dabbish, E.A., Sloan, R.H.: Examining smart-card security under the threat of power analysis attacks. IEEE Trans. Comput. 51(5), 541–552 (2002)

    Article  MathSciNet  Google Scholar 

  51. Jiang, Q., Ma, J., Li, G., Yang, L.: An efficient ticket based authentication protocol with unlinkability for wireless access networks. Wirel. Pers. Commun. 77(2), 1489–1506 (2014)

    Article  Google Scholar 

  52. Jiang, Q., Ma, J., Lu, X., Tian, Y.: An efficient two-factor user authentication scheme with unlinkability for wireless sensor networks. Peer-to-Peer Netw. Appl. 8(6), 1070–1081 (2015). doi:10.1007/s12083-014-0285-z

    Article  Google Scholar 

  53. Arkko, J., Nikander, P., Näslund, M.: Enhancing Privacy with Shared Pseudo Random Sequences, Security Protocols. Springer, Berlin (2007)

    Google Scholar 

  54. Burrows, M., Abadi, M., Needham, R.: A logic of authentication. ACM Trans. Comput. Syst. 8(1), 18–36 (1990)

    Article  MATH  Google Scholar 

Download references

Acknowledgments

This work is supported by National Natural Science Foundation of China (Program Nos. 61202389, U1405255, 61309016, 61372075, 61201220, U1135002), National High Technology Research and Development Program (863 Program) (Program No. 2015AA011704), Fundamental Research Funds for the Central Universities (Program No. JB140302). The authors also extend their appreciation to the Deanship of Scientific Research at King Saud University, Riyadh, Saudi Arabia, for funding this work through the research group Project No. RGP-VPP-318. The authors would like to thank the anonymous reviewers and the editor for their constructive comments that have helped us to improve this paper.

Author information

Authors and Affiliations

  1. School of Cyber Engineering, Xidian University, Xi’an, 710071, People’s Republic of China

    Qi Jiang, Fushan Wei, Shuai Fu & Jianfeng Ma

  2. State Key Laboratory of Mathematical Engineering and Advanced Computing, Zhengzhou, 450002, People’s Republic of China

    Guangsong Li

  3. Department of Software Engineering, College of Computer and Information Sciences, King Saud University, P.O. Box 51178, Riyadh, 11543, Kingdom of Saudi Arabia

    Abdulhameed Alelaiwi

Authors
  1. Qi Jiang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Fushan Wei
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Shuai Fu
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Jianfeng Ma
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Guangsong Li
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Abdulhameed Alelaiwi
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Qi Jiang.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Jiang, Q., Wei, F., Fu, S. et al. Robust extended chaotic maps-based three-factor authentication scheme preserving biometric template privacy. Nonlinear Dyn 83, 2085–2101 (2016). https://doi.org/10.1007/s11071-015-2467-5

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11071-015-2467-5

Keywords

Search

Navigation