Skip to main content
SpringerLink
Log in

More efficient key-hash based fingerprint remote authentication scheme using mobile device

  • Published:
Computing Aims and scope Submit manuscript

Abstract

Today, the world is taking large leaps of progress in technology. The technology is turning the vision of achieving transparency, speed, accuracy, authenticity, friendliness and security in various services and access control mechanisms, into reality. Consequently, new and newer ideas are coming forth by researchers throughout the world. Khan et al. (Chaos Solitons Fractals 35(3):519–524, 2008) proposed remote user authentication scheme with mobile device, using hash-function and fingerprint biometric. In 2012, Chen et al. pointed out forged login attack through loss of mobile device on Khan et al.’s scheme and subsequently proposed a scheme to improve on this drawback. Truong et al. (Proceedings of 26th IEEE International Conference on Advanced Information Networking and Applications, pp 678–685, 2012) demonstrated that in Chen et al.’s scheme, an adversary can successfully replay an intercepted login request. They also showed that how an adversary can make fool of both the participants of Chen et al.’s protocol by taking advantage of the fact that the user is not anonymous in scheme. Further, they proposed an improvement to Chen et al.’s scheme to cut off its problems. Through this paper, we show that Chen et al.’s scheme has some other drawbacks too and the improvement proposed by Truong et al. is still insecure and vulnerable. We also propose an improved scheme which overcomes the flaws and inherits the goodness of both the schemes, Chen et al.’s scheme and Truong et al.’s scheme.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1

Similar content being viewed by others

References

  1. Lamport L (1981) Password authentication with insecure communication. Commun ACM 24:770–772

    Article  Google Scholar 

  2. Horng G (1995) Password authentication without using password table. Inf Process Lett 55:247–250

    Article  MATH  Google Scholar 

  3. Jan JK, Chen YY (1998) Paramita wisdom’ password authentication scheme without verification tables. J Syst Softw 42:45–57

    Article  Google Scholar 

  4. Haller NM (1995) The S/KEY one-time password, system, RFC1760

  5. Mitchell CJ, Chen l (1996) Comments on the S/KEY user authentication scheme. ACMOSR 30:12–16

    Google Scholar 

  6. Shimizu A (1990) A dynamic password authentication method by one-way function. IEICE Trans Inf Syst 73–D–I:630–636

    Google Scholar 

  7. Hwang MS, Li LH (2000) A new remote user authentication scheme using smart cards. IEEE Trans Consum Electron 46(1):28–30

    Article  Google Scholar 

  8. Sun HM (2000) An efficient remote user authentication scheme using smart cards. IEEE Trans Consum Electron 46(4):958–961

    Article  Google Scholar 

  9. Chein HY, Jan JK, Tseng YM (2002) An efficient and practical solution to remote authentication: smart card. Comput Secur 21(4):372–375

    Article  Google Scholar 

  10. Hsu CL (2004) Security of Chein et al.’s remote user authentication scheme using smart cards. Comput Stand Interfaces 26(3):167–169

    Article  Google Scholar 

  11. Ku WC, Chen SM (2004) Weaknesses and improvements of an efficient password based remote user authentication scheme using smart cards. IEEE Trans Consum Electron 50(1):204–207

    Article  Google Scholar 

  12. Liao IE, Lee CC, Hwang MS (2006) A password authentication scheme over insecure networks. J Comput Syst Sci 72(4):727–740

    MATH  MathSciNet  Google Scholar 

  13. Xiang T, Wong KW, Liao X (2008) Cryptanalysis of a password authentication scheme over insecure networks. J Comput Syst Sci 74(5):657–661

    Article  MATH  MathSciNet  Google Scholar 

  14. Wang XM, Zhang WF, Zhang JS, Khan MK (2007) Cryptanalysis and improvement on two efficient remote user authentication scheme using smart cards. Comput Stand Interfaces 29(5):507–512

    Article  Google Scholar 

  15. Khan MK, Kim SK, Alghathbar K (2010) Cryptanalysis and security enhancement of a ‘more efficient & secure dynamic ID-based remote user authentication scheme. Comput Commun 34(3):305–309

    Article  Google Scholar 

  16. Khan MK, Zhang J, Wang X (2008) Chaotic hash based fingerprint biometric remote user authentication scheme on mobile devices. Chaos, Solitons & Fractals 35(3):519–524

    Article  Google Scholar 

  17. Chen CL, Lee CC, Hsu CY (2012) Mobile device integration of a fingerprint biometric remote authentication scheme. Int J Commun Syst 25:585–597. doi:10.1002/dac.1277

    Article  Google Scholar 

  18. Lee JK, Ryu SR, Yoo KY (2002) Fingerprint based remote user authentication scheme using smart cards. Electron Lett 38:554–555

    Article  Google Scholar 

  19. Lin CH, Lai YY (2004) A flexible biometrics remote user authentication scheme. Comput Stand Interfaces 27(1):19–23

    Article  Google Scholar 

  20. Khan MK, Zhang J (2007) Improving the security of ‘a flexible biometrics remote user authentication scheme’. Comput Stand Interfaces 29:82–85

    Article  Google Scholar 

  21. Yuan J, Jiang C, Jiang Z (2010) A biometric-based user authentication for wireless sensor networks. Wuhan Univ J Nat Sci 15:272–276. doi:10.1007/s11859-010-0318-2

    Article  Google Scholar 

  22. Saru K, Gupta MK, Kumar M (2012) Cryptanalysis and security enhancement of Chen et al.’s remote user authentication scheme using smart card. Cent Eur J Comput Sci 2(1):60–75

    Article  Google Scholar 

  23. Xu J, Zhu WT, Feng DG (2008) Improvement of a fingerprint-based remote user authentication scheme. Int J Secur Appl 2(3):73–80

    Google Scholar 

  24. An Y (2012) Security weaknesses of a biometric-based remote user authentication scheme using smart cards. Int J Biosci Biotechnol 4(3):21–28

    Google Scholar 

  25. Wang D, Li J (2011) A novel mutual authentication scheme based on fingerprint biometric and nonce using smart cards. Int J Secur Appl 5(4):1–12

    MATH  Google Scholar 

  26. Truong TT, Tran MT, Duong AD (2012) Robust mobile device integration of a fingerprint biometric remote authentication scheme. In: Proceedings of 26th IEEE International Conference on Advanced Information Networking and Applications, pp 678–685

  27. Khan MK, Kumari S, Gupta MK (2012) Further cryptanalysis of ‘a remote authentication scheme using mobile device’. In: Fourth International Conference on Computational Aspects of Social Networks (CASoN), pp 234–237

  28. Rhee HS, Kwon JO, Lee DH (2009) A remote user authentication scheme without using smart cards. Comput Stand Interfaces 31(1):6–13

    Article  Google Scholar 

  29. Kocher P, Jaffe J, Jun B (1999) Differential power analysis. In: Proceedings of Advances in Cryptology, Santa Barbara, pp 388–397

  30. Messerges TS, Dabbish EA, Sloan RH (2002) Examining smart-card security under the threat of power analysis attacks. IEEE Trans Comput 51(5):541–552

    Article  MathSciNet  Google Scholar 

  31. Yen SM, Joye M (2002) Checking before output may not be enough against fault-based cryptanalysis. IEEE Trans Comput 49(9):967–970

    Google Scholar 

  32. Kumar M, Gupta MK, Saru K (2011) Cryptanalysis of enhancements of a password authentication scheme over insecure networks. In: Proceedings of 4th International Conference on Contemporary Computing (IC3) (JIIT Noida), vol 168, pp 524–532

  33. Gao ZX, Tu YQ (2008) An Improvement of a dynamic ID-based remote user authentication scheme with smart card. In: Proceedings of the 7th World Congress on Intelligent Control and Automation, pp 4562–4567

  34. Sun DZ, Huai JP, Sun JZ, Li JX (2009) Cryptanalysis of a mutual authentication scheme based on nonce and smart cards. Comput Commun 32(6):1015–1017

    Article  Google Scholar 

  35. Lowe G (1995) An attack on the Needham–Schroeder public key authentication protocol. Inf Process Lett 56(3):131–136

    Article  MATH  Google Scholar 

  36. Lowe G (1996) Some new attacks upon security protocols. In: Proceedings of Computer Security Foundations Workshop VIII, IEEE Computer Society Press, Los Alamitos

  37. Nam J, Kim S, Park S, Won D (2007) Security analysis of a nonce-based user authentication scheme using smart cards. IEICE Trans Fundam 90(1):299–302

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Center of Excellence in Information Assurance, King Saud University, Riyadh, Kingdom of Saudi Arabia

    Muhammad Khurram Khan

  2. Department of Mathematics, Agra College, Dr. B.R.A.University, Agra, Uttar Pradesh, India

    Saru Kumari

  3. Department of Mathematics, Chaudhary Charan Singh University, Meerut, Uttar Pradesh, India

    Mridul K. Gupta

Authors
  1. Muhammad Khurram Khan
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Saru Kumari
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Mridul K. Gupta
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Muhammad Khurram Khan.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Khan, M.K., Kumari, S. & Gupta, M.K. More efficient key-hash based fingerprint remote authentication scheme using mobile device. Computing 96, 793–816 (2014). https://doi.org/10.1007/s00607-013-0308-2

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s00607-013-0308-2

Keywords

Mathematics Subject Classification

Search

Navigation