Skip to main content
Log in

An efficient and secure three-factor based authenticated key exchange scheme using elliptic curve cryptosystems

  • Published:
Peer-to-Peer Networking and Applications Aims and scope Submit manuscript

Abstract

Recently, many authentication schemes have been provided which are based on biometrics with password and smart cards. The three-factor schemes can provide high security for remote authentication between a user and a server. In 2015, Lu et al. proposed a three-factor authentication scheme based on elliptic curve cryptography. However, we show that Lu et al’s scheme leaks user’s identity and is vulnerable to impersonation attacks. To enhance the scheme’s security, we propose a new efficient three-factor authentication scheme. Furthermore, we give a formal security proof under BAN logic and random orale model. From comparative results of some recent ones, our scheme is efficient and secure for practical applications.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3

Similar content being viewed by others

References

  1. Arshad H, Nikooghadam M (2014) Three-Factor Anonymous authentication and key agreement scheme for telecare medicine information systems. J Med Syst 38(12):136–147

    Article  Google Scholar 

  2. Burrow M, Abadi M, Needham R (1990) A logic of authentication. ACM Trans Comput Syst 8:18–36

    Article  Google Scholar 

  3. Chang C-C, Wu T-C (1991) Remote password authentication with smart cards. Comput Digit Tech IEE Proc E 138(3):165–168

    Article  Google Scholar 

  4. Chang C-C, Hwang S-J (1993) Using smart cards to authenticate remote passwords. Comput Math Appl 26(7):19–27

    Article  MATH  Google Scholar 

  5. Chang YF, Yu SH, Shiao DR (2013) An uniqueness and anonymity-preserving remote user authentication scheme for connected health care. J Med Syst 37(12):9902–9910

    Article  Google Scholar 

  6. Chen C, Lee C, Hsu C (2012) Mobile device integration of a fingerprint biometric remote authentication scheme. Int J Commun Syst 25(2):585–597

    Article  Google Scholar 

  7. Chiou S-Y, Ying Z, Liu J (2016) Improvement of a privacy authentication scheme based on cloud for medical environment. J Med Syst 40:101

    Article  Google Scholar 

  8. Chuang YH, Tseng YM (2010) An efficient dynamic group key agreement protocol for imbalanced wireless networks. Int J Netw Manag 20(4):167–180

    Google Scholar 

  9. Das ML, Saxena A, Gulati VP (2004) A dynamic ID-based remote user authentication scheme. IEEE Trans Consum Electron 50(2):629–631

    Article  Google Scholar 

  10. Das AK (2015) A secure and robust temporal credential-based three-factor user authentication scheme for wireless sensor networks. Peer-to-peer Netw Appl 9(1):223–244

    Article  Google Scholar 

  11. He DB, Chen JH, Zhang R (2012) A more secure authentication scheme for telecare medicine information systems. J Med Syst 36(2):1989–1995

    Google Scholar 

  12. Jin AT, Ling D, Goh A (2004) Biohashing: Two factor authentication featuring fingerprint data and tokenised random number. Pattern Recogn 37(11):2245–2255

    Article  Google Scholar 

  13. Khan MK, Kim KS, Alghathbar K (2010) Cryptanalysis and security enhancement of a more efficient secure dynamic idbased remote user authentication scheme. Comput Commun 34(3):305–309

    Article  Google Scholar 

  14. Khan M, Kuman C, Gupta M (2014) More efficient key-hash based fingerprint remote authentication scheme using device. Computing 96(9):793–816

    Article  MathSciNet  Google Scholar 

  15. Kocher P, Jaffe J, Jun B (1999) Differential power analysis, Proceedings of 19th Annual International Cryptology conference(CRYPTO’99). LNCS 1666:388–397

    Google Scholar 

  16. Ku W, Chen S (2004) Impersonation attack on a dynamic ID based remote user authentication using smartcards. IEICE Trans Commun E88-B:2165–2167

    Article  Google Scholar 

  17. Lamport (1981) Password authentication with insecure communication. Commun ACM 24(11):770–772

    Article  MathSciNet  Google Scholar 

  18. Lu Y, Li L, Peng H, Yang Y (2015) An enhanced Biometric-Based authentication scheme for telecare medicine information systems using elliptic curve cryptosystem. J Med Syst 39(2):1–9

    Article  Google Scholar 

  19. Lu Y, Li L, Peng H, Yang Y (2016) A secure and efficient mutual authentication scheme for session initiation protocol. Peer-to-Peer Netw Appl 9(1):449–459

    Article  Google Scholar 

  20. Lumini A, Nanni L (2007) Biohashing: Two factor authentication featuring fingerprint data and tokenised random number. Pattern Recogn 40(3):1057–1065

    Article  MATH  Google Scholar 

  21. Messerges TS, Dabbish EA, Sloan RH (2002) Examining smartcard security under the threat of power analysis attacks. IEEE Trans Comput 51(5):541–552

    Article  MathSciNet  Google Scholar 

  22. Mir O, Munilla J, Kumari S (2015) Efficient anonymous authentication with key agreement protocol for wireless medical sensor networks. Peer-to-Peer Netw Appl:1–13

  23. Mishra D, Das AK, Mukhopadhyay S (2016) A secure and efficient ECC-based user anonymity-preserving session initiation authentication protocol using smart card. Peer-to-Peer Netw Appl 9(1):171–192

    Article  Google Scholar 

  24. Moon J, Choi Y, Kim J, Won D (2016) An improvement of robust and efficient biometrics based password authentication scheme for telecare medicine information systems using extended chaotic maps. J Med Syst 40:70

    Article  Google Scholar 

  25. Siddiqui Z, Abdullah A-H, Khan M-K, Lee H-C, Alghamdi A-S (2015) Cryptanalysis and improvement of ’a secure authentication scheme for telecare medical information system’ with nonce verification, Peer-to-Peer Netw Appl, pp 1–13. doi:10.1007/s12083-015-0364-9

  26. Wang YY, Kiu JY, Xiao FX, Dan J (2009) A more efficient secure dynamic ID-based remote user authentication. Comput Commun 32:583–585

    Article  Google Scholar 

  27. Wang XM, Zhang WF, Zhang JS, Khan MK (2007) Cryptanalysis and improvement on two efficient remote user authentication scheme using smart cards. Comput Stander Interface 29:507–512

    Article  Google Scholar 

  28. Wu Z-Y, Lee Y-C, Lai F, Lee H-C, Chung Y (2012) A secure authentication scheme for telecare medicine information systems. J Med Syst 36(3):1529–1535

    Article  Google Scholar 

  29. Wu F, Xu L, Kumari S, Li X (2015) A novel and provably secure biometrics-based three-factor remote authentication scheme for mobile client server networks. Comput Electr Eng 45(C):274285

    Google Scholar 

  30. Yeh H-L, Chen T-H, Hu K-J, Shih W-K (2013) Robust elliptic curve cryptography-based three factor user authentication providing privacy of biometric data. IET Inf Secur 7(3):247252

    Article  Google Scholar 

Download references

Acknowledgments

This research is supported by National Basic Research Program of China (Grant No. 2013CB834205), Natural Science Foundation of Zhejiang Province (Grant No. LZ12F02005) and Opening project of Key Laboratory of Public Security Information Application Based on Big-data Architecture, Ministry of Public Security (Grant No. 2014DSJSY004).

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Shengbao Wang.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Han, L., Tan, X., Wang, S. et al. An efficient and secure three-factor based authenticated key exchange scheme using elliptic curve cryptosystems. Peer-to-Peer Netw. Appl. 11, 63–73 (2018). https://doi.org/10.1007/s12083-016-0499-3

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s12083-016-0499-3

Keywords

Navigation