Analysis and improvement of a multi-factor biometric authentication scheme

Cao, Liling; Wan-cheng, GE

doi:10.1002/sec.1010

Cited by 18 publications

(17 citation statements)

References 29 publications

(25 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In addition, the running time of XOR operation is rather low, and we thus ignore the timing results. We can see that previous schemes 18,19,21 are more efficient than other schemes since they do not use Diffie-Hellman key exchange. Compared with Park et al's 24 scheme, our scheme consumes more computation resources for providing stronger security guarantee, but we think the additional computation cost is acceptable and worthwhile.…”

Section: Performance Evaluationmentioning

confidence: 89%

“…However, An 19 pointed out that Das' scheme also cannot withstand impersonation attack and server spoofing attack. Although An 19 put forward a new three-factor authentication scheme, Khan and Kumari 20 demonstrated that this scheme cannot resist offline guessing attack, Cao and Ge 21 showed that this scheme is vulnerable to replay attack. Subsequently, Yeh et al 22 and Wu et al 23 further analyzed the security of these schemes.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Security-enhanced three-factor remote user authentication scheme based on Chebyshev chaotic maps

Zhao¹,

Jiang³

et al. 2019

International Journal of Distributed Sensor Networks

View full text Add to dashboard Cite

With the wide deployment of new computing paradigms, such as cloud computing and edge computing, the people can access services provided by remote servers more conveniently via the Internet. To preserve the security of those messages transmitted over the public channel, remote user authentication protocols are popularly implemented in various information systems. Recently, Park et al. pointed that Cao and Ge's three-factor authentication scheme suffers from offline identity guessing attack and server impersonation attack. They also proposed a new scheme after presenting the corresponding cryptanalysis. However, we found that Park et al.'s scheme is vulnerable to offline password guessing attack, which is the most serious threat against this kind of authentication scheme. In addition, their scheme cannot provide complete correctness due to the misuse of bio-hashing and also fails to achieve user untraceability and perfect forward secrecy. To conquer these security pitfalls, we put forward a password, smart card, and biometrics-based three-factor remote user authentication scheme using the extended Chebyshev chaotic maps. The security analysis indicates that the proposed scheme can withstand various well-known attacks including offline guessing attack, impersonation attack, and so on. The performance evaluation shows that the proposed scheme provides stronger security guarantee at the cost of acceptable computation overhead. Thus, the proposed scheme is more desirable for securing communication in mobile networks.

show abstract

Section: Performance Evaluationmentioning

confidence: 89%

Section: Introductionmentioning

confidence: 99%

Security-enhanced three-factor remote user authentication scheme based on Chebyshev chaotic maps

Zhao¹,

Jiang³

et al. 2019

International Journal of Distributed Sensor Networks

View full text Add to dashboard Cite

show abstract

“…Xu and Wu 46 found that Xie et al's scheme 45 is vulnerable to desynchronization attacks, and proposed an improvement. 35 (A2, A3) 37,38 Choi et al 37 -Park et al 38 (A3, A4) 39 Zhao et al 39 -…”

Section: Single-server Environmentmentioning

confidence: 99%

An independent three‐factor mutual authentication and key agreement scheme with privacy preserving for multiserver environment and a survey

Chuang

Lei

2020

Int J Communication

View full text Add to dashboard Cite

SummaryIn the past decades, the demand for remote mutual authentication and key agreement (MAKA) scheme with privacy preserving grows rapidly with the rise of the right to privacy and the development of wireless networks and Internet of Things (IoT). Numerous remote MAKA schemes are proposed for various purposes, and they have different properties. In this paper, we survey 49 three‐factor–based remote MAKA schemes with privacy preserving from 2013 to 2019. None of them can simultaneously achieve security, suitability for multiserver environments, user anonymity, user untraceability, table free, public key management free, and independent authentication. Therefore, we propose an efficient three‐factor MAKA scheme, which achieves all the properties. We propose a security model of a three‐factor–based MAKA scheme with user anonymity for multiserver environments and formally prove that our scheme is secure under the elliptic curve computational Diffie‐Hellman problem assumption, decisional bilinear Diffie‐Hellman problem assumption, and hash function assumption. We compare the proposed scheme to relevant schemes to show our contribution and also show that our scheme is sufficiently efficient for low‐power portable mobile devices.

show abstract

“…Similarly, in protocol [17], the smart privileged insider attacker who knows , 1 , and in registration phase can impersonate a legal user. Similarly, in protocol [16], the smart privileged insider attacker of the registration center who knows , , and can impersonate a legal user. Wu et al [17] have illustrated many weaknesses of protocol [19].…”

Section: Resistance To the Smart Privileged Insider Attackmentioning

confidence: 99%

A Secure and Efficient Multi-Factor Mutual Certificateless Authentication with Key Agreement Protocol for Mobile Client-Server Environment on ECC without the third-party

Cao

Wan-cheng

2016

IJSIA

Self Cite

View full text Add to dashboard Cite

show abstract

Analysis and improvement of a multi-factor biometric authentication scheme

Cited by 18 publications

References 29 publications

Security-enhanced three-factor remote user authentication scheme based on Chebyshev chaotic maps

Security-enhanced three-factor remote user authentication scheme based on Chebyshev chaotic maps

An independent three‐factor mutual authentication and key agreement scheme with privacy preserving for multiserver environment and a survey

A Secure and Efficient Multi-Factor Mutual Certificateless Authentication with Key Agreement Protocol for Mobile Client-Server Environment on ECC without the third-party

Contact Info

Product

Resources

About