A lightweight multi-factor mobile user authentication scheme

Sun, Jianguo; Zhong, Qi; Liang, Kun; Wang, Wenshan; Da, Qingan; Lin, Yun

doi:10.1109/infcomw.2018.8406952

Cited by 10 publications

(13 citation statements)

References 18 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This protocol takes into account the connection of user data with data used for device identification (IMEI/IMSI) [15]. User credentials and biometry were used in the next authentication scheme, which assumes obtaining two-way authentication [16]. This scheme generates hashes of values obtained on the basis of reader biometric features.…”

Section: Related Workmentioning

confidence: 99%

“…The use of fixed IMEI and IMSI values allows one to confirm that the authentication request comes from a device associated with the user during the registration process; however, these are values that can be read by any application installed on the mobile device. For other schemes, such as those presented in [16]- [19], according to section 2.3.1 of Regulation [1] relating to the authentication mechanism, a high level of trust is required from the scheme used to implement dynamic authentication. Within such a process, the factor that serves as evidence of the identity of the user must be changed whenever authentication is attempted.…”

Section: Related Workmentioning

confidence: 99%

“…However, this approach has not been implemented in any of these schemes. Thus, despite the fact that, in the case of schemes presented in [4], [16], an attempt to generate session keys on the basis of IMEI/IMSI was made, they cannot be considered as factors meeting the required criteria.…”

Section: Related Workmentioning

confidence: 99%

See 2 more Smart Citations

Multifactor Authentication Protocol in a Mobile Environment

2019

View full text Add to dashboard Cite

The implementation of services that process confidential data in a mobile environment requires an adequate level of security with the strictest possible mechanisms of information protection. The dominance of mobile devices as client applications of distributed systems has led to the development of new techniques that combine traditional methods of protection with protocols leveraging the potential of numerous interfaces available from a smartphone. For this reason, an upward trend in the use of biometricsbased methods and dynamically generated OTP secrets can be observed. Mobile devices are increasingly used in complex business processes that require strong user authentication methods, which, according to the European Commission (Regulation), must use at least two authentication factors belonging to different categories. Therefore, on the basis of the analysis of the solutions presented so far, a distributed protocol has been proposed. It enables user authentication using three authentication factors: possession, knowledge, and inherence. The described authentication scheme refers to the possibility of carrying out the process in the mobile environment of the Android platform with guaranteed authentication support.

show abstract

Section: Related Workmentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

Multifactor Authentication Protocol in a Mobile Environment

2019

View full text Add to dashboard Cite

show abstract

“…Nevertheless, the disadvantage of this system is that it deals with limited security threats, and the accuracy of recognition technology based on biometric was not good. Sun et al [33] presented a scheme based on user biometrics with smartphone information using a fuzzy extractor. This system does not store raw information for biometric measurements, thus, depending on the offline method to change the biometrics or password, it does resist some attacks.…”

Section: Related Workmentioning

confidence: 99%

Efficient and Flexible Multi-Factor Authentication Protocol Based on Fuzzy Extractor of Administrator’s Fingerprint and Smart Mobile Device

Mohammed

Yassin

2019

Cryptography

View full text Add to dashboard Cite

In an era of tremendous development in information technology and the Internet of Things (IoT), security plays a key role in safety devices connected with the Internet. Authentication is vital in the security field, and to achieve a strong authentication scheme, there are several systems using a Multi-Factor Authentication (MFA) scheme based on a smart card, token, and biometric. However, these schemes have suffered from the extra cost; lost, stolen or broken factor, and malicious attacks. In this paper, we design an MFA protocol to be the authenticated administrator of IoT’s devices. The main components of our protocol are a smart mobile device and the fuzzy extractor of the administrator’s fingerprint. The information of the authenticated user is stored in an anomalous manner in mobile devices and servers to resist well-known attacks, and, as a result, the attacker fails to authenticate the system when they obtain a mobile device or password. Our work overcomes the above-mentioned issues and does not require extra cost for a fingerprint device. By using the AVISPA tool to analysis protocol security, the results are good and safe against known attacks.

show abstract

“…In fact, if there are no such restrictions, we can directly employ those authentications proved to be secure in CK model. On the other hand, we also note the security of some protocols 24,28,[42][43][44][45][46][47][48] are discussed with the BAN logic or AVISPA. However, the BAN logic and AVISPA also cannot guarantee the security of the protocol.…”

Section: Security Analysismentioning

confidence: 99%

Security-enhanced three-factor remote user authentication scheme based on Chebyshev chaotic maps

Zhao¹,

Jiang³

et al. 2019

International Journal of Distributed Sensor Networks

View full text Add to dashboard Cite

With the wide deployment of new computing paradigms, such as cloud computing and edge computing, the people can access services provided by remote servers more conveniently via the Internet. To preserve the security of those messages transmitted over the public channel, remote user authentication protocols are popularly implemented in various information systems. Recently, Park et al. pointed that Cao and Ge's three-factor authentication scheme suffers from offline identity guessing attack and server impersonation attack. They also proposed a new scheme after presenting the corresponding cryptanalysis. However, we found that Park et al.'s scheme is vulnerable to offline password guessing attack, which is the most serious threat against this kind of authentication scheme. In addition, their scheme cannot provide complete correctness due to the misuse of bio-hashing and also fails to achieve user untraceability and perfect forward secrecy. To conquer these security pitfalls, we put forward a password, smart card, and biometrics-based three-factor remote user authentication scheme using the extended Chebyshev chaotic maps. The security analysis indicates that the proposed scheme can withstand various well-known attacks including offline guessing attack, impersonation attack, and so on. The performance evaluation shows that the proposed scheme provides stronger security guarantee at the cost of acceptable computation overhead. Thus, the proposed scheme is more desirable for securing communication in mobile networks.

show abstract

A lightweight multi-factor mobile user authentication scheme

Cited by 10 publications

References 18 publications

Multifactor Authentication Protocol in a Mobile Environment

Multifactor Authentication Protocol in a Mobile Environment

Efficient and Flexible Multi-Factor Authentication Protocol Based on Fuzzy Extractor of Administrator’s Fingerprint and Smart Mobile Device

Security-enhanced three-factor remote user authentication scheme based on Chebyshev chaotic maps

Contact Info

Product

Resources

About