Abstract
A secure authenticated key exchange protocol is an important key to establish a secure wireless communication. Various research have been conducted to study the efficiency and security of these authenticated key exchange protocol. A recent work by Giri et al. proposed a three factor remote user authentication scheme using Fuzzy Extractor for single server environment. However we found that their protocol is still vulnerable against an online password guessing attack. We also found that their protocol does not provide the perfect forward secrecy. To solve such problems, we propose a simple but effective improvement.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Chen, C.M., Fang, W., Liu, S., Wu, T.Y., Pan, J.S., Wang, K.H.: Improvement on a chaotic map-based mutual anonymous authentication protocol. J. Inf. Sci. Eng. 34(2) (2018)
Chen, C.M., Li, C.T., Liu, S., Wu, T.Y., Pan, J.S.: A provable secure private data delegation scheme for mountaineering events in emergency system. IEEE Access 5(1), 3410–3422 (2017)
Chen, C.M., Xu, L., Wu, T.Y., Li, C.R.: On the security of a chaotic maps-based three-party authenticated key agreement protocol. J. Netw. Intell. 1(2), 61–66 (2016)
Giri, D., Maitra, T.: A three factor remote user authentication scheme using collision resist fuzzy extractor in single server environment. In: ITM Web of Conferences. vol. 13, p. 01020. EDP Sciences (2017)
Guo, C., Chang, C.C.: Chaotic maps-based password-authenticated key agreement using smart cards. Commun. Nonlinear Sci. Numer. Simul. 18(6), 1433–1440 (2013)
Huang, X., Xiang, Y., Chonka, A., Zhou, J., Deng, R.H.: A generic framework for three-factor authentication: preserving security and privacy in distributed systems. IEEE Trans. Parallel Distrib. Syst. 22(8), 1390–1397 (2011)
Jiang, Q., Khan, M.K., Lu, X., Ma, J., He, D.: A privacy preserving three-factor authentication protocol for e-health clouds. J. Supercomput. 72(10), 3826–3849 (2016)
Ku, W.C., Chen, C.M., Lee, H.L.: Cryptanalysis of a variant of peyravian-zunic’s password authentication scheme. IEICE Trans. Commun. 86(5), 1682–1684 (2003)
Ku, W.C., Chen, C.M., Lee, H.L.: Weaknesses of lee-li-hwang’s hash-based password authentication scheme. ACM SIGOPS Oper. Syst. Rev. 37(4), 19–25 (2003)
Lamport, L.: Password authentication with insecure communication. Commun. ACM 24(24), 770–772 (1981)
Li, C.T., Chen, C.L., Lee, C.C., Weng, C.Y., Chen, C.M.: A novel three-party password-based authenticated key exchange protocol with user anonymity based on chaotic maps. Soft Comput. 22(8), 2495–2506 (2018)
Li, C.T., Hwang, M.S.: An efficient biometrics-based remote user authentication scheme using smart cards. J. Netw. Comput. Appl. 33(1), 1–5 (2010)
Li, C.T., Lee, C.C., Weng, C.Y., Chen, C.M.: Towards secure authenticating of cache in the reader for RFID-based IOT systems. Peer-To-Peer Netw. Appl. 11(1), 198–208 (2018)
Li, X., Niu, J.W., Ma, J., Wang, W.D., Liu, C.L.: Cryptanalysis and improvement of a biometrics-based remote user authentication scheme using smart cards. J. Netw. Comput. Appl. 34(1), 73–79 (2011)
Li, X., Xiong, Y., Ma, J., Wang, W.: An efficient and security dynamic identity based authentication protocol for multi-server architecture using smart cards. J. Netw. Comput. Appl. 35(2), 763–769 (2012)
Liao, Y.P., Wang, S.S.: A secure dynamic ID based remote user authentication scheme for multi-server environment. Comput. Stand. Interfaces 31(1), 24–29 (2009)
Mishra, D., Das, A.K., Mukhopadhyay, S.: A secure user anonymity-preserving biometric-based multi-server authenticated key agreement scheme using smart cards. Expert. Syst. Appl. 41(18), 8129–8143 (2014)
Odelu, V., Das, A.K., Goswami, A.: A secure biometrics-based multi-server authentication protocol using smart cards. IEEE Trans. Inf. Forensics Secur. 10(9), 1953–1966 (2015)
Sun, H.M., He, B.Z., Chen, C.M., Wu, T.Y., Lin, C.H., Wang, H.: A provable authenticated group key agreement protocol for mobile environment. Inf. Sci. 321, 224–237 (2015)
Wang, D., Wang, P.: Two birds with one stone: two-factor authentication with security beyond conventional bound. IEEE Trans. Dependable Secur. Comput. (2016)
Wang, K.H., Chen, C.M., Fang, W., Wu, T.Y.: A secure authentication scheme for internet of things. Pervasive Mob. Comput. 42, 15–26 (2017)
Wang, K.H., Chen, C.M., Fang, W., Wu, T.Y.: On the security of a new ultra-lightweight authentication protocol in IoT environment for RFID tags. J. Supercomput. 74(1), 65–70 (2018)
Yeh, K.H.: A lightweight authentication scheme with user untraceability. Front. Inf. Technol. Electron. Eng. 16(4), 259–271 (2015)
Yoon, E.J., Yoo, K.Y.: Robust biometrics-based multi-server authentication with key agreement scheme for smart cards on elliptic curve cryptosystem. J. Supercomput. 63(1), 235–255 (2013)
Zhu, H., Zhang, Y., Xia, Y., Li, H.: Password-authenticated key exchange scheme using chaotic maps towards a new architecture in standard model. IJ Netw. Secur. 18(2), 326–334 (2016)
Acknowledgement
The work of Chien-Ming Chen was supported in part by Shenzhen Technical Project under Grant number JCYJ20170307151750788 and in part by Shenzhen Technical Project under Grant number QJSCX20170327161755. The work of Tsu-Yang Wu was supported in part by the Science and Technology Development Center, Ministry of Education, China under Grant no. 2017A13025 and the Natural Science Foundation of Fujian Province under Grant no. 2018J01636.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Chen, CM., Huang, Y., Deng, X., Wu, TY. (2019). On the Security of a Three Factor Remote User Authentication Scheme Using Fuzzy Extractor. In: Pan, JS., Ito, A., Tsai, PW., Jain, L. (eds) Recent Advances in Intelligent Information Hiding and Multimedia Signal Processing. IIH-MSP 2018. Smart Innovation, Systems and Technologies, vol 109. Springer, Cham. https://doi.org/10.1007/978-3-030-03745-1_21
Download citation
DOI: https://doi.org/10.1007/978-3-030-03745-1_21
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-03744-4
Online ISBN: 978-3-030-03745-1
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)