Abstract
Nowadays users can access various online services and resources from distributed information systems remotely via Internet or other public networks. However, remote online systems are vulnerable to many security attacks due to they are built on public networks. Therefore it is necessary to design an authentication scheme for securing network communications between a login user and a remote server. In 2016, Han et al. proposed a secure three-factor authentication scheme based on elliptic curve cryptography (ECC) to achieve this goal. Unfortunately, we analyzed Han et al.’s scheme and demonstrated that their authentication scheme cannot satisfactory to be implemented in practice because it fails to ensure the property of unlinkability between the login user and the remote server and is unable to withstand account duplication attack. In this paper, we suggest an enhanced anonymous authentication scheme to repair the security flaws in Han et al.’s scheme. We give the security analysis and performance evaluation to demonstrate that the proposed scheme not only resists the aforementioned security weaknesses on Han et al.’s scheme but also inherits the functionality merits and performance efficiencies of their authentication scheme.
This is a preview of subscription content, log in via an institution.
References
An, Y.: Security analysis and enhancements of an effective biometric-based remote user authentication scheme using smart cards. J. Biomed. Biotechnol. 2012, 1–6 (2012). Article no. 519723
Burrows, M., Abadi, M., Needham, R.: A logic of authentication. ACM Trans. Comput. Syst. 8(1), 18–36 (1990)
Koblitz, N.: Elliptic curve cryptosystems. Math. Comput. 48, 203–209 (1987)
Das, A.K.: Analysis and improvement on an efficient biometricbased remote user authentication. IET Inf. Secur. 5(3), 145–151 (2011)
Das, A.K., Goswami, A.: A robust anonymous biometric-based remote user authentication scheme using smart cards. J. King Saud Univ. Comput. Inf. Sci. 27(2), 193–210 (2015)
Das, A.K.: A secure user anonymity-preserving three-factor remote user authentication scheme for the telecare medicine information systems. J. Med. Syst. 39(3), 1–20 (2015). Article no. 30
Guo, D., Wen, Q., Li, W., Zhang, H., Jin, Z.: An improved biometrics-based authentication scheme for telecare medical information systems. J. Med. Syst. 39(3), 1–10 (2015). Article no. 20
Han, L., Tan, X., Wang, S., Liang, X.: An efficient and secure three-factor based authenticated key exchange scheme using elliptic curve cryptosystems. Peer-to-Peer Netw. Appl. (2016). doi:10.1007/s12083-016-0499-3
Jin, A.T.B., Ling, D.N.C., Goh, A.: Biohashing: two factor authentication featuring fingerprint data and tokenised random number. Pattern Recogn. 37(11), 2245–2255 (2004)
Li, C.T., Hwang, M.S.: An efficient biometrics-based remote user authentication scheme using smart cards. J. Netw. Comput. Appl. 33(1), 1–5 (2010)
Lu, Y., Li, L., Peng, H., Yang, Y.: An enhanced biometric-based authentication scheme for telecare medicine information systems using elliptic curve cryptosystem. J. Med. Syst. 39(3), 1–9 (2015). Article no. 32
Mishra, D., Das, A.K., Mukhopadhyay, S.: A secure user anonymity-preserving biometric-based multi-server authenticated key agreement scheme using smart cards. Expert Syst. Appl. 41(8), 8129–8143 (2014)
Moon, J., Choi, Y., Kim, J., Won, D.: An improvement of robust and efficient biometrics based password authentication scheme for telecare medicine information systems using extended chaotic maps. J. Med. Syst. 40(3), 1–11 (2016). Article no. 70
Wu, F., Xu, L., Kumari, S., Li, X.: A novel and provably secure biometrics-based three-factor remote authentication scheme for mobile client-server networks. Comput. Electr. Eng. 45, 274–285 (2015)
Yeh, H.L., Chen, T.H., Hu, K.J., Shih, W.K.: Robust elliptic curve cryptography-based three factor user authentication providing privacy of biometric data. IET Inf. Secur. 7(3), 247–252 (2013)
Acknowledgements
The authors would like to thank the anonymous reviewers for their valuable comments and suggestions. This research was supported in part by the Ministry of Science and Technology, Taiwan, R.O.C., under Grand number MOST 105-2221-E-165-005 and MOST 105-3314-C-165-001-ES.
Author information
Authors and Affiliations
Corresponding authors
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Li, CT., Chen, CL., Lee, CC., Chen, CM. (2017). Further Improvement on An Efficient and Secure Three-factor Based Authenticated Key Exchange Scheme Using Elliptic Curve Cryptosystems. In: Au, M., Castiglione, A., Choo, KK., Palmieri, F., Li, KC. (eds) Green, Pervasive, and Cloud Computing. GPC 2017. Lecture Notes in Computer Science(), vol 10232. Springer, Cham. https://doi.org/10.1007/978-3-319-57186-7_10
Download citation
DOI: https://doi.org/10.1007/978-3-319-57186-7_10
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-57185-0
Online ISBN: 978-3-319-57186-7
eBook Packages: Computer ScienceComputer Science (R0)