Abstract
Anonymous remote user authentication plays more and more important role in wireless personal communication networks to guarantee systematic security and personal privacy. However, as promising as it is, security and privacy issues have seriously challenged user experience and system performance in the authentication schemes for a long time. In this paper, we propose a remote user authentication scheme for wireless communication networks. Our proposal employs the personal workstation as a trusted proxy to preserve perfect user privacy, while maintaining system security. It not only provides mutual authentication with key agreement mechanism, but also keeps user’ privacy private in a reliable domain. In addition, the technologies of Bluetooth (or Wifi) improve user experience and improve user friendliness in three-factor based authentication schemes. Moreover, our scheme supports flexible user login and security level. Finally, the security proof and performance analysis show that our scheme is more efficient and practical.
Similar content being viewed by others
References
Awasthi, A. K., Srivastava, K., & Mittal, R. C. (2011). An improved timestamp-based remote user authentication scheme. Computers & Electrical Engineering, 37(6), 869–874.
Bonneau, J., Herley, C., & Van Oorschot, P. C., et al. (2012). The quest to replace passwords: A framework for comparative evaluation of web authentication schemes. In IEEE symposium on security and privacy, pp. 553–567.
Burrows, M., Abadi, M., & Needham, R. (1990). A logic of authentication. ACM Transactions on Computer Systems, 8(1), 18–36.
Chien, H. Y., Jan, J. K., & Tseng, Y. M. (2002). An efficient and practical solution to remote authentication: Smart card. Computers & Security, 21(4), 372–375.
Czeskis, A., Dietz, M., & Kohno, T., et al. (2012). Strengthening user authentication through opportunistic cryptographic identity assertions. In Proceedings of the 2012 ACM conference on computer and communications security, pp. 404–414.
Dietz, M., Czeskis, A., & Balfanz, D., et al. (2012). Origin-bound certificates: A fresh approach to strong client authentication for the web. In Proceedings of 21st USENIX security symposium.
Dodis, Y., Ostrovsky, R., Reyzin, L., et al. (2008). Fuzzy extractors: How to generate strong keys from biometrics and other noisy data. SIAM Journal on Computing, 38(1), 97–139.
Halevi, S., & Krawczyk, H. (1999). Public-key cryptography and password protocols. ACM Transactions on Information and System Security (TISSEC), 2(3), 230–268.
Hwang, M. S., & Li, L. H. (2000). A new remote user authentication scheme using smart cards. IEEE Transactions on Consumer Electronics, 46(1), 28–30.
Huang, X., Xiang, Y., Chonka, A., et al. (2011). A generic framework for three-factor authentication: Preserving security and privacy in distributed systems. IEEE Transactions on Parallel and Distributed Systems, 22(8), 1390–1397.
Jain, A. K., & Nandakumar, K. (2012). Biometric authentication: System security and user privacy. IEEE Computer, 45(11), 87–92.
Kocher, P., Jaffe, J., & Jun, B. (1999). Differential power analysis. In Advances in Cryptology CRYPTO’99, pp. 388–397.
Li, X., Niu, J. W., Ma, J., et al. (2011). Cryptanalysis and improvement of a biometrics-based remote user authentication scheme using smart cards. Journal of Network and Computer Applications, 34(1), 73–79.
Li, X., Xiong, Y., Ma, J., et al. (2012). An efficient and security dynamic identity based authentication protocol for multi-server architecture using smart cards. Journal of Network and Computer Applications, 35(2), 763–769.
Li, X., Wen, Q., Zhang, H., et al. (2013). An improved authentication with key agreement scheme on elliptic curve cryptosystem for global mobility networks. International Journal of Network Management, 23(5), 311–324.
Messerges, T. S., Dabbish, E. A., & Sloan, R. H. (2002). Examining smart-card security under the threat of power analysis attacks. IEEE Transactions on Computers, 51(5), 541–552.
Samfat, D., Molva, R., & Asokan, N. (1995). Untraceability in mobile networks. In Proceedings of the 1st annual international conference on Mobile computing and networking, pp. 26–36.
Wang, Y., Streff, K., & Raman, S. (2012). Smartphone security challenges. Computer, 45(12), 52–58. doi:10.1109/MC.2012.288.
Wen, F., & Li, X. (2012). An improved dynamic ID-based remote user authentication with key agreement scheme. Computers and Electrical Engineering, 38(2), 381–387.
Yang, P., Cao, Z., & Dong, X. (2011). Fuzzy identity based signature with applications to biometric authentication. Computers and Electrical Engineering, 37(4), 532–540.
Acknowledgments
This work is supported by NSFC (Grant Nos. 61300181, 61272057, 61202434, 61170270, 61100203, 61121061), the Fundamental Research Funds for the Central Universities (Grant Nos. 2012RC0612, 2011YB01).
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Li, X., Wen, Q. & Li, W. A Three-Factor Based Remote User Authentication Scheme: Strengthening Systematic Security and Personal Privacy for Wireless Communications. Wireless Pers Commun 86, 1593–1610 (2016). https://doi.org/10.1007/s11277-015-3008-8
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11277-015-3008-8