Skip to main content
SpringerLink
Log in

Analysis and Improvement on a Biometric-Based Remote User Authentication Scheme Using Smart Cards

  • Published:
Wireless Personal Communications Aims and scope Submit manuscript

Abstract

In a recent paper (BioMed Research International, 2013/491289), Khan et al. proposed an improved biometrics-based remote user authentication scheme with user anonymity. The scheme is believed to be secure against password guessing attack, user impersonation attack, server masquerading attack, and provide user anonymity, even if the secret information stored in the smart card is compromised. In this paper, we analyze the security of Khan et al.’s scheme, and demonstrate that their scheme doesn’t provide user anonymity. This also renders that their scheme is insecure against other attacks, such as off-line password guessing attack, user impersonation attacks. Subsequently, we propose a robust biometric-based remote user authentication scheme. Besides, we simulate our scheme for the formal security verification using the wide-accepted BAN logic to ensure our scheme is working correctly by achieving the mutual authentication goals.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1

Similar content being viewed by others

References

  1. Lamport (1981). Password authentication with insecure communication. Communications of the ACM, 24(11), 770–772.

  2. Zhu, J., & Ma, J. (2004). A new authentication scheme with anonymity for wireless environment. IEEE Transactions on Consumer Electronics, 50(1), 230–234.

    MathSciNet  Google Scholar 

  3. Chang, C. C., Lee, C. Y., & Chiu, Y. C. (2009). Enhanced authentication scheme with anonymity for roaming service in global mobility networks. Computer Communications, 32(4), 611–618.

    Article  Google Scholar 

  4. Das, A. K. (2013). A secure and effective user authentication and privacy preserving protocol with smart cards for wireless communications. Networking Science, 2(1-2), 12–27.

  5. He, D., Ma, M., Zhang, Y., Chen, C., & Bu, J. (2011). A strong user authentication scheme with smart cards for wireless communications. Computer Communications, 34(3), 367–374.

    Article  Google Scholar 

  6. Wen, F. T., Susilo, W., & Yang, G. M. (2013). A secure and effective anonymous user authentication scheme for roaming service in global mobility networks. Wireless Personal Communication, 73, 993–1004.

  7. Lee, C. C., Hwang, M. S., & Liao, I. E. (2006). Security enhancement on a new authentication scheme with anonymity for wireless environments. IEEE Transactions on Industrial Electronics, 53(5), 1683–1686.

    Article  Google Scholar 

  8. Li, C. T., & Lee, C. C. (2012). A novel user authentication and privacy preserving scheme with smart cards for wireless communications. Mathematical and Computer Modelling, 55(1–2), 35–44.

    Article  MATH  MathSciNet  Google Scholar 

  9. Wu, C. C., Lee, W. B., & Tsaur, W. J. (2008). A secure authentication scheme with anonymity for wireless communications. IEEE Communications Letters, 12(10), 722–723.

    Article  Google Scholar 

  10. Yang, G., Wong, D. S., Wang, H., & Deng, X. (2008). Two-factor mutual authentication based on smart cards and passwords. Journal of Computer and System Sciences, 74(7), 1160–1172.

    Article  MATH  MathSciNet  Google Scholar 

  11. Kocher, P., Jaffe, J., & Jun, B. (1999). Differential power analysis. Advances in Cryptology-CRYPTO, LNCS, 1666, 388–397.

    Article  Google Scholar 

  12. Messerges, T. S., Dabbish, E. A., & Sloan, R. H. (2002). Examining smart-card security under the threat of power analysis attacks. IEEE Transactions on Computers, 51(5), 541–552.

    Article  MathSciNet  Google Scholar 

  13. Ku, W. C., Chang, S. T., & Chiang, M. H. (2005). Further cryptanalysis of fingerprint-based remote user authentication scheme using smartcards. Electronics Letters, 41(5), 240–241.

    Article  Google Scholar 

  14. Khan, M. K., & Zhang, J. (2006). An efficient and practical fingerprint-based remote user authentication scheme with smart cards. Lecture Notes in Computer Science, 3903, 260–268.

    Article  Google Scholar 

  15. Baig, A., Bouridane, A., Kurugollu, F., & Qu, G. (2009). Fingerprint-Iris fusion based identification system using a single hamming distancematcher. International Journal of Bio-Science and Bio-Technology, 1(1), 47–58.

    Google Scholar 

  16. Chang, C. C., Chang, S. C., & Lai, Y. W. (2010). An improved biometrics-based user authentication scheme without concurrency system. International Journal of Intelligent Information Processing, 1(1), 41–49.

    Article  Google Scholar 

  17. Li, C. T., & Hwang, M. S. (2010). An efficient biometrics-based remote user authentication scheme using smart cards. Journal of Network and Computer Applications, 33(1), 1–5.

    Article  Google Scholar 

  18. Das, A. K. (2011). Analysis and improvement on an efficient biometric-based remote user authentication scheme using smart cards. IET Information Security, 5(3), 541–552.

    Article  Google Scholar 

  19. An, Y. H. (2012). Security analysis and enhancements of an effective biometric-based remote user authentication scheme using smart cards. Journal of Biomedicine and Biotechnology, Article ID 519723, 2012. doi:10.1155//519723.

  20. Khan, M. K., & Kumari, S. (2013). An improved biometrics-based remote user authentication scheme with user anonymity. Journal of Biomedicine and Biotechnology, Article ID 491289, 2013.

  21. Burrows, M., Abadi, M., & Needham, R. (1990). A logic of authentication. ACM Transactions on Computer Systems, 8(1), 18–36.

    Article  Google Scholar 

Download references

Acknowledgments

The authors are grateful to the editor and anonymous reviewers for their valuable suggestions, which improved the paper. This work is supported by Natural Science Foundation of Shandong Province(Grant No. ZR2013FM009).

Author information

Author notes

  1. Fengtong Wen

    Present address: University of Wollongong, Wollongong, NSW, 2522, Australia

Authors and Affiliations

  1. School of Mathematical Sciences, University of Jinan, Jinan, 250022, China

    Fengtong Wen

  2. School of Computer Science and Software Engineering, University of Wollongong, Wollongong, NSW, 2522, Australia

    Fengtong Wen, Willy Susilo & Guomin Yang

Authors
  1. Fengtong Wen
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Willy Susilo
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Guomin Yang
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Fengtong Wen.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Wen, F., Susilo, W. & Yang, G. Analysis and Improvement on a Biometric-Based Remote User Authentication Scheme Using Smart Cards. Wireless Pers Commun 80, 1747–1760 (2015). https://doi.org/10.1007/s11277-014-2111-6

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11277-014-2111-6

Keywords

Search

Navigation