Skip to main content
SpringerLink
Log in

A Three-Factor Based Remote User Authentication Scheme: Strengthening Systematic Security and Personal Privacy for Wireless Communications

  • Published:
Wireless Personal Communications Aims and scope Submit manuscript

Abstract

Anonymous remote user authentication plays more and more important role in wireless personal communication networks to guarantee systematic security and personal privacy. However, as promising as it is, security and privacy issues have seriously challenged user experience and system performance in the authentication schemes for a long time. In this paper, we propose a remote user authentication scheme for wireless communication networks. Our proposal employs the personal workstation as a trusted proxy to preserve perfect user privacy, while maintaining system security. It not only provides mutual authentication with key agreement mechanism, but also keeps user’ privacy private in a reliable domain. In addition, the technologies of Bluetooth (or Wifi) improve user experience and improve user friendliness in three-factor based authentication schemes. Moreover, our scheme supports flexible user login and security level. Finally, the security proof and performance analysis show that our scheme is more efficient and practical.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3

Similar content being viewed by others

References

  1. Awasthi, A. K., Srivastava, K., & Mittal, R. C. (2011). An improved timestamp-based remote user authentication scheme. Computers & Electrical Engineering, 37(6), 869–874.

    Article  Google Scholar 

  2. Bonneau, J., Herley, C., & Van Oorschot, P. C., et al. (2012). The quest to replace passwords: A framework for comparative evaluation of web authentication schemes. In IEEE symposium on security and privacy, pp. 553–567.

  3. Burrows, M., Abadi, M., & Needham, R. (1990). A logic of authentication. ACM Transactions on Computer Systems, 8(1), 18–36.

    Article  MATH  Google Scholar 

  4. Chien, H. Y., Jan, J. K., & Tseng, Y. M. (2002). An efficient and practical solution to remote authentication: Smart card. Computers & Security, 21(4), 372–375.

    Article  Google Scholar 

  5. Czeskis, A., Dietz, M., & Kohno, T., et al. (2012). Strengthening user authentication through opportunistic cryptographic identity assertions. In Proceedings of the 2012 ACM conference on computer and communications security, pp. 404–414.

  6. Dietz, M., Czeskis, A., & Balfanz, D., et al. (2012). Origin-bound certificates: A fresh approach to strong client authentication for the web. In Proceedings of 21st USENIX security symposium.

  7. Dodis, Y., Ostrovsky, R., Reyzin, L., et al. (2008). Fuzzy extractors: How to generate strong keys from biometrics and other noisy data. SIAM Journal on Computing, 38(1), 97–139.

    Article  MathSciNet  MATH  Google Scholar 

  8. Halevi, S., & Krawczyk, H. (1999). Public-key cryptography and password protocols. ACM Transactions on Information and System Security (TISSEC), 2(3), 230–268.

    Article  Google Scholar 

  9. Hwang, M. S., & Li, L. H. (2000). A new remote user authentication scheme using smart cards. IEEE Transactions on Consumer Electronics, 46(1), 28–30.

    Article  Google Scholar 

  10. Huang, X., Xiang, Y., Chonka, A., et al. (2011). A generic framework for three-factor authentication: Preserving security and privacy in distributed systems. IEEE Transactions on Parallel and Distributed Systems, 22(8), 1390–1397.

    Article  Google Scholar 

  11. Jain, A. K., & Nandakumar, K. (2012). Biometric authentication: System security and user privacy. IEEE Computer, 45(11), 87–92.

    Article  Google Scholar 

  12. Kocher, P., Jaffe, J., & Jun, B. (1999). Differential power analysis. In Advances in Cryptology CRYPTO’99, pp. 388–397.

  13. Li, X., Niu, J. W., Ma, J., et al. (2011). Cryptanalysis and improvement of a biometrics-based remote user authentication scheme using smart cards. Journal of Network and Computer Applications, 34(1), 73–79.

    Article  Google Scholar 

  14. Li, X., Xiong, Y., Ma, J., et al. (2012). An efficient and security dynamic identity based authentication protocol for multi-server architecture using smart cards. Journal of Network and Computer Applications, 35(2), 763–769.

    Article  Google Scholar 

  15. Li, X., Wen, Q., Zhang, H., et al. (2013). An improved authentication with key agreement scheme on elliptic curve cryptosystem for global mobility networks. International Journal of Network Management, 23(5), 311–324.

    Article  Google Scholar 

  16. Messerges, T. S., Dabbish, E. A., & Sloan, R. H. (2002). Examining smart-card security under the threat of power analysis attacks. IEEE Transactions on Computers, 51(5), 541–552.

    Article  MathSciNet  Google Scholar 

  17. Samfat, D., Molva, R., & Asokan, N. (1995). Untraceability in mobile networks. In Proceedings of the 1st annual international conference on Mobile computing and networking, pp. 26–36.

  18. Wang, Y., Streff, K., & Raman, S. (2012). Smartphone security challenges. Computer, 45(12), 52–58. doi:10.1109/MC.2012.288.

    Article  Google Scholar 

  19. Wen, F., & Li, X. (2012). An improved dynamic ID-based remote user authentication with key agreement scheme. Computers and Electrical Engineering, 38(2), 381–387.

    Article  Google Scholar 

  20. Yang, P., Cao, Z., & Dong, X. (2011). Fuzzy identity based signature with applications to biometric authentication. Computers and Electrical Engineering, 37(4), 532–540.

    Article  MathSciNet  MATH  Google Scholar 

Download references

Acknowledgments

This work is supported by NSFC (Grant Nos. 61300181, 61272057, 61202434, 61170270, 61100203, 61121061), the Fundamental Research Funds for the Central Universities (Grant Nos. 2012RC0612, 2011YB01).

Author information

Authors and Affiliations

  1. State Key Laboratory of Networking and Switching Technology, Beijing University of Posts and Telecommunications, Beijing, 100876, China

    Xuelei Li, Qiaoyan Wen & Wenmin Li

Authors
  1. Xuelei Li
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Qiaoyan Wen
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Wenmin Li
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Wenmin Li.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Li, X., Wen, Q. & Li, W. A Three-Factor Based Remote User Authentication Scheme: Strengthening Systematic Security and Personal Privacy for Wireless Communications. Wireless Pers Commun 86, 1593–1610 (2016). https://doi.org/10.1007/s11277-015-3008-8

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11277-015-3008-8

Keywords

Search

Navigation