Abstract
Computer networks have become so ubiquitous that the user can access various services by using network devices at anytime and anywhere. However, due to the open nature of the network, the security issue has become an important consideration in these network-based systems that cannot be ignored, especially in critical systems, such as life-critical system and financial system. User authentication scheme is the most used and effective mechanism for information security, and many user authentication schemes have been proposed by researchers. Recently, Shen et al. proposed a biometrics-based user authentication scheme for multi-server environments in critical systems. However, their scheme lacks the wrong password detection mechanism and is vulnerable to denial-of-service attack. Besides, they do not consider the user anonymity property, and may suffer from biometrics template lost attack because the biometrics template is directly stored in user’s smart card. In this paper, an enhanced biometrics-based user authentication scheme for multi-server environments in critical systems is presented by adopting the fuzzy extractor. The analysis shows that the proposed scheme not only removes the security weaknesses of previous schemes, but also keeps the computational efficiency.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Abdalla M, Izabachene M, Pointcheval D (2008) Anonymous and transparent gateway-based password-authenticated key exchange. Cryptology and network security. Springer, Berlin, pp 133–148
Cappelli R, Maio D, Lumini A, Maltoni D (2007) Fingerprint image reconstruction from standard templates. IEEE Trans Pattern Anal Mach Intell 29(9):1489–1503
Das AK (2011) Analysis and improvement on an efficient biometric-based remote user authentication scheme using smart cards. IET Inf Secur 5(3):145–151
Dodis Y, Reyzin L, Smith A (2004) Fuzzy extractors: how to generate strong keys from biometrics and other noisy data. Advances in cryptology—eurocrypt. Springer, Berlin Heidelberg, pp 523–540
Fu ZJ, Sun XM, Liu Q, Zhou L, Shu JG (2015) Achieving efficient cloud search services: multi-keyword ranked search over encrypted cloud data supporting parallel computing. IEICE Trans Commun E98–B(1):190–200
Guo P, Wang J, Li B, Lee SY (2014) A variable threshold-value authentication architecture for wireless mesh networks. J Internet Technol 15(6):929–936
Hankerson D, Menezes AJ, Vanstone S (2006) Guide to elliptic curve cryptography. Springer, New York
He DB, Kumar N, Chen JH, Lee CC, Chilamkurti N, Yeo SS (2015a) Robust anonymous authentication protocol for healthcare applications using wireless medical sensor networks. Multimedia Syst 21(1):49–60
He DB, Kumar N, Chilamkurti N (2015b) A secure temporal-credential-based mutual authentication and key agreement scheme with pseudo identity for wireless sensor networks. Inf Sci 321:263–277
He DB, Wang D (2015) Robust biometrics-based authentication scheme for multi-server environment. IEEE Syst J 9(3):816–823
He DB, Wu SH (2013) Security flaws in a smart card based authentication scheme for multi-server environment. Wirel Pers Commun 70(1):323–329
Hsiang HC, Shih WK (2009) Improvement of the secure dynamic ID based remote user authentication scheme for multi-server environment. Comput Stand Interfaces 31(6):1118–1123
Jain AK, Nandakumar K, Nagar A (2008) Biometric template security. EURASIP J Adv Signal Process, Article ID 579416. doi:10.1155/2008/579416
Juang WS (2004) Efficient multi-server password authenticated key agreement using smart cards. IEEE Trans Consum Electron 50(1):251–255
Kocher P, Jaffe J, Jun B (1999) Differential power analysis. In: Proceedings of advances in cryptology (Crypto’99), pp 388–397
Lamport L (1981) Password authentication with insecure communication. Commun ACM 24(11):770–772
Lee CC, Lin TH, Chang RX (2011) A Secure dynamic ID based remote user authentication scheme for multi-server environment using smart cards. Expert Syst Appl 38(11):13863–13870
Li CT, Hwang MS (2010) An efficient biometrics-based remote user authentication scheme using smart cards. J Netw Comput Appl 33(1):1–5
Li LH, Lin IC, Hwang MS (2001) A remote password authentication scheme for multi-server architecture using neural networks. IEEE Trans Neural Netw 12(6):1498–1504
Li X, Ma J, Wang WD, Xiong YP, Zhang JS (2013a) A novel smart card and dynamic ID based remote user authentication scheme for multi-server environment. Math Comput Model 58(1–2):85–95
Li X, Niu JW, Khan MK, Liao JG (2013b) An enhanced smart card based remote user password authentication scheme. J Netw Comput Appl 36(5):1365–1371
Li X, Niu JW, Ma J, Wang WD, Liu CL (2011) Cryptanalysis and improvement of a biometrics-based remote user authentication scheme using smart cards. J Netw Comput Appl 34(1):73–79
Li X, Niu JW, Wang ZB, Chen CS (2014) Applying biometrics to design three-factor remote user authentication scheme with key agreement. Secur Commun Netw 7(10):1488–1497
Li X, Xiong YP, Ma J, Wang WD (2012) An efficient and security dynamic identity based authentication protocol for multi-server architecture using smart cards. J Netw Comput Appl 35(2):763–769
Liao YP, Wang SS (2009) A secure dynamic ID based remote user authentication scheme for multi-server environment. Comput Stand Interfaces 31(1):24–29
Ma CG, Wang D, Zhao SD (2014) Security flaws in two improved remote user authentication schemes using smart cards. Int J Commun Syst 27(10):2215–2227
Messerges TS, Dabbish EA, Sloan RH (2002) Examining smart-card security under the threat of power analysis attacks. IEEE Trans Comput 51(5):541–552
Pointcheval D, Zimmer S (2008) Multi-factor authenticated key exchange. Applied cryptography and network security. Springer, Berlin, pp 277–295
Ren YJ, Shen J, Wang J, Han J, Lee SY (2015) Mutual verifiable provable data auditing in public cloud storage. J Internet Technol 16(2):317–323
Ross A, Shah J, Jain AK (2007) From template to image: reconstructing fingerprints from minutiae points. IEEE Trans Pattern Anal Mach Intell 29(4):544–560
Shen H, Gao CZ, He DD, Wu LB (2015) New biometrics-based authentication scheme for multi-server environment in critical systems. J Ambient Intell Humaniz Comput 6(6):825–834
Sood SK, Sarje AK, Singh K (2011) A secure dynamic identity based authentication protocol for multi-server architecture. J Netw Comput Appl 34(2):609–618
Tsai JL (2008) Efficient multi-server authentication scheme based on one-way hash function without verification table. Comput Secur 27(3–4):115–121
Tsaur WJ, Wu CC, Lee WB (2004) A smart card-based remote scheme for password authentication in multi-server internet services. Comput Stand Interfaces 27(1):39–51
Wang D, He DB, Wang P, Chu CH (2015a) Anonymous two-factor authentication in distributed systems: certain goals are beyond attainment. IEEE Trans Dependable Secur Comput 12(4):428–442
Wang D, Wang N, Wang P, Qing SH (2015b) Preserving privacy for free: efficient and provably secure two-factor authentication scheme with user anonymity. Inf Sci 321:162–178
Wang D, Wang P (2013) Offline dictionary attack on two password authentication schemes using smart cards. In: Proceedings of 16th information security conference (ISC 2013), 13–15 Nov, Dallas, Texas, USA. Springer, LNCS, pp 1–16
Wang D, Wang P (2014a) On the usability of two-factor authentication. In: International conference on security and privacy in communication networks (SecureComm 2014), vol 152 of the series lecture notes of the institute for computer sciences, Social Informatics and Telecommunications Engineering, pp 141–150
Wang D, Wang P (2014b) Understanding security failures of two-factor authentication schemes for real-time applications in hierarchical wireless sensor networks. Ad Hoc Netw 20:1–15
Wu F, Xu LL, Saru K, Li X (2015) A novel and provably secure biometrics-based three-factor remote authentication scheme for mobile client–server networks. Comput Electr Eng 45:274–285
Xia ZH, Wang XH, Sun XM, Wang Q (2015) A secure and dynamic multi-keyword ranked search scheme over encrypted cloud data. IEEE Trans Parallel Distrib Syst. doi:10.1109/TPDS.2015.2401003
Xu L, Wu F (2015a) An improved and provable remote user authentication scheme based on elliptic curve cryptosystem with user anonymity. Secur Commun Netw 8(2):245–260
Xu L, Wu F (2015b) Cryptanalysis and improvement of a user authentication scheme preserving uniqueness and anonymity for connected health care. J Med Syst 39(2):1–9
Yoon EJ, Yoo KY (2013) Robust biometrics-based multi-server authentication with key agreement scheme for smart cards on elliptic curve cryptosystem. J Supercomput 63(1):235–255
Yu J, Wang GL, Mu Y, Gao W (2014) An efficient generic framework for three-factor authentication with provably secure instantiation. IEEE Trans Inf Forensics Secur 9(12):2302–2313
Acknowledgments
This work was supported by the National Natural Science Foundation of China under Grant Nos. 61300220, 61308001, 61572013 and 61572188, the Research Fund of the State Key Laboratory of Software Development Environment, BUAA under Grant no. SKLSDE–2014KF–02, the China Postdoctoral Science Foundation Funded Projects under Grant Nos. 2014M550590 and 2015T80035. Besides, it is also supported by PAPD, CICAEET, Fujian Education and Scientific Research Program for Young and Middle-aged Teachers under Grant No. JA14369, and the National Training Program of Innovation and Entrepreneurship for the Undergraduates of Local University with the No. 201410534003.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Li, X., Wang, K., Shen, J. et al. An enhanced biometrics-based user authentication scheme for multi-server environments in critical systems. J Ambient Intell Human Comput 7, 427–443 (2016). https://doi.org/10.1007/s12652-015-0338-z
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s12652-015-0338-z