Skip to main content
SpringerLink
Log in

On the Security of a Three Factor Remote User Authentication Scheme Using Fuzzy Extractor

  • Conference paper
  • First Online:
Recent Advances in Intelligent Information Hiding and Multimedia Signal Processing (IIH-MSP 2018)

Part of the book series: Smart Innovation, Systems and Technologies ((SIST,volume 109))

  • 440 Accesses

Abstract

A secure authenticated key exchange protocol is an important key to establish a secure wireless communication. Various research have been conducted to study the efficiency and security of these authenticated key exchange protocol. A recent work by Giri et al. proposed a three factor remote user authentication scheme using Fuzzy Extractor for single server environment. However we found that their protocol is still vulnerable against an online password guessing attack. We also found that their protocol does not provide the perfect forward secrecy. To solve such problems, we propose a simple but effective improvement.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 169.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 219.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 219.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Chen, C.M., Fang, W., Liu, S., Wu, T.Y., Pan, J.S., Wang, K.H.: Improvement on a chaotic map-based mutual anonymous authentication protocol. J. Inf. Sci. Eng. 34(2) (2018)

    Google Scholar 

  2. Chen, C.M., Li, C.T., Liu, S., Wu, T.Y., Pan, J.S.: A provable secure private data delegation scheme for mountaineering events in emergency system. IEEE Access 5(1), 3410–3422 (2017)

    Article  Google Scholar 

  3. Chen, C.M., Xu, L., Wu, T.Y., Li, C.R.: On the security of a chaotic maps-based three-party authenticated key agreement protocol. J. Netw. Intell. 1(2), 61–66 (2016)

    Google Scholar 

  4. Giri, D., Maitra, T.: A three factor remote user authentication scheme using collision resist fuzzy extractor in single server environment. In: ITM Web of Conferences. vol. 13, p. 01020. EDP Sciences (2017)

    Google Scholar 

  5. Guo, C., Chang, C.C.: Chaotic maps-based password-authenticated key agreement using smart cards. Commun. Nonlinear Sci. Numer. Simul. 18(6), 1433–1440 (2013)

    Article  MathSciNet  MATH  Google Scholar 

  6. Huang, X., Xiang, Y., Chonka, A., Zhou, J., Deng, R.H.: A generic framework for three-factor authentication: preserving security and privacy in distributed systems. IEEE Trans. Parallel Distrib. Syst. 22(8), 1390–1397 (2011)

    Article  Google Scholar 

  7. Jiang, Q., Khan, M.K., Lu, X., Ma, J., He, D.: A privacy preserving three-factor authentication protocol for e-health clouds. J. Supercomput. 72(10), 3826–3849 (2016)

    Article  Google Scholar 

  8. Ku, W.C., Chen, C.M., Lee, H.L.: Cryptanalysis of a variant of peyravian-zunic’s password authentication scheme. IEICE Trans. Commun. 86(5), 1682–1684 (2003)

    Google Scholar 

  9. Ku, W.C., Chen, C.M., Lee, H.L.: Weaknesses of lee-li-hwang’s hash-based password authentication scheme. ACM SIGOPS Oper. Syst. Rev. 37(4), 19–25 (2003)

    Article  Google Scholar 

  10. Lamport, L.: Password authentication with insecure communication. Commun. ACM 24(24), 770–772 (1981)

    Article  Google Scholar 

  11. Li, C.T., Chen, C.L., Lee, C.C., Weng, C.Y., Chen, C.M.: A novel three-party password-based authenticated key exchange protocol with user anonymity based on chaotic maps. Soft Comput. 22(8), 2495–2506 (2018)

    Article  MATH  Google Scholar 

  12. Li, C.T., Hwang, M.S.: An efficient biometrics-based remote user authentication scheme using smart cards. J. Netw. Comput. Appl. 33(1), 1–5 (2010)

    Article  Google Scholar 

  13. Li, C.T., Lee, C.C., Weng, C.Y., Chen, C.M.: Towards secure authenticating of cache in the reader for RFID-based IOT systems. Peer-To-Peer Netw. Appl. 11(1), 198–208 (2018)

    Article  Google Scholar 

  14. Li, X., Niu, J.W., Ma, J., Wang, W.D., Liu, C.L.: Cryptanalysis and improvement of a biometrics-based remote user authentication scheme using smart cards. J. Netw. Comput. Appl. 34(1), 73–79 (2011)

    Article  Google Scholar 

  15. Li, X., Xiong, Y., Ma, J., Wang, W.: An efficient and security dynamic identity based authentication protocol for multi-server architecture using smart cards. J. Netw. Comput. Appl. 35(2), 763–769 (2012)

    Article  Google Scholar 

  16. Liao, Y.P., Wang, S.S.: A secure dynamic ID based remote user authentication scheme for multi-server environment. Comput. Stand. Interfaces 31(1), 24–29 (2009)

    Article  Google Scholar 

  17. Mishra, D., Das, A.K., Mukhopadhyay, S.: A secure user anonymity-preserving biometric-based multi-server authenticated key agreement scheme using smart cards. Expert. Syst. Appl. 41(18), 8129–8143 (2014)

    Article  Google Scholar 

  18. Odelu, V., Das, A.K., Goswami, A.: A secure biometrics-based multi-server authentication protocol using smart cards. IEEE Trans. Inf. Forensics Secur. 10(9), 1953–1966 (2015)

    Article  Google Scholar 

  19. Sun, H.M., He, B.Z., Chen, C.M., Wu, T.Y., Lin, C.H., Wang, H.: A provable authenticated group key agreement protocol for mobile environment. Inf. Sci. 321, 224–237 (2015)

    Article  MathSciNet  MATH  Google Scholar 

  20. Wang, D., Wang, P.: Two birds with one stone: two-factor authentication with security beyond conventional bound. IEEE Trans. Dependable Secur. Comput. (2016)

    Google Scholar 

  21. Wang, K.H., Chen, C.M., Fang, W., Wu, T.Y.: A secure authentication scheme for internet of things. Pervasive Mob. Comput. 42, 15–26 (2017)

    Article  Google Scholar 

  22. Wang, K.H., Chen, C.M., Fang, W., Wu, T.Y.: On the security of a new ultra-lightweight authentication protocol in IoT environment for RFID tags. J. Supercomput. 74(1), 65–70 (2018)

    Article  Google Scholar 

  23. Yeh, K.H.: A lightweight authentication scheme with user untraceability. Front. Inf. Technol. Electron. Eng. 16(4), 259–271 (2015)

    Article  Google Scholar 

  24. Yoon, E.J., Yoo, K.Y.: Robust biometrics-based multi-server authentication with key agreement scheme for smart cards on elliptic curve cryptosystem. J. Supercomput. 63(1), 235–255 (2013)

    Article  Google Scholar 

  25. Zhu, H., Zhang, Y., Xia, Y., Li, H.: Password-authenticated key exchange scheme using chaotic maps towards a new architecture in standard model. IJ Netw. Secur. 18(2), 326–334 (2016)

    Google Scholar 

Download references

Acknowledgement

The work of Chien-Ming Chen was supported in part by Shenzhen Technical Project under Grant number JCYJ20170307151750788 and in part by Shenzhen Technical Project under Grant number QJSCX20170327161755. The work of Tsu-Yang Wu was supported in part by the Science and Technology Development Center, Ministry of Education, China under Grant no. 2017A13025 and the Natural Science Foundation of Fujian Province under Grant no. 2018J01636.

Author information

Authors and Affiliations

  1. Harbin Institute of Technology (Shenzhen), Shenzhen, China

    Chien-Ming Chen, Yanyu Huang & Xiaoting Deng

  2. College of Computer Science and Engineering, Shandong University of Technology, Shandong, China

    Tsu-Yang Wu

  3. Fujian Provincial Key Laboratory of Big Data Mining and Applications, Fujian University of Technology, Fuzhou, 350118, China

    Tsu-Yang Wu

  4. National Demonstration Center for Experimental Electronic Information and Electrical Technology Education (Fujian University of Technology), Fujian University of Technology, Fuzhou, 350118, China

    Tsu-Yang Wu

Authors
  1. Chien-Ming Chen
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Yanyu Huang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Xiaoting Deng
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Tsu-Yang Wu
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Tsu-Yang Wu .

Editor information

Editors and Affiliations

  1. College of Information Science and Engineering, Fujian University of Technology, Fuzhou, Fujian, China

    Jeng-Shyang Pan

  2. Graduate School of Engineering, Tohoku University, Sendai, Miyagi, Japan

    Akinori Ito

  3. Swinburne University of Technology, Hawthorn, VIC, Australia

    Pei-Wei Tsai

  4. Centre for Artificial Intelligence, Faculty of Engineering and Information Technology, University of Technology Sydney, Canberra, ACT, Australia

    Lakhmi C. Jain

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Chen, CM., Huang, Y., Deng, X., Wu, TY. (2019). On the Security of a Three Factor Remote User Authentication Scheme Using Fuzzy Extractor. In: Pan, JS., Ito, A., Tsai, PW., Jain, L. (eds) Recent Advances in Intelligent Information Hiding and Multimedia Signal Processing. IIH-MSP 2018. Smart Innovation, Systems and Technologies, vol 109. Springer, Cham. https://doi.org/10.1007/978-3-030-03745-1_21

Download citation

Publish with us

Policies and ethics

Search

Navigation