Abstract
Recently, many authentication schemes have been provided which are based on biometrics with password and smart cards. The three-factor schemes can provide high security for remote authentication between a user and a server. In 2015, Lu et al. proposed a three-factor authentication scheme based on elliptic curve cryptography. However, we show that Lu et al’s scheme leaks user’s identity and is vulnerable to impersonation attacks. To enhance the scheme’s security, we propose a new efficient three-factor authentication scheme. Furthermore, we give a formal security proof under BAN logic and random orale model. From comparative results of some recent ones, our scheme is efficient and secure for practical applications.
Similar content being viewed by others
References
Arshad H, Nikooghadam M (2014) Three-Factor Anonymous authentication and key agreement scheme for telecare medicine information systems. J Med Syst 38(12):136–147
Burrow M, Abadi M, Needham R (1990) A logic of authentication. ACM Trans Comput Syst 8:18–36
Chang C-C, Wu T-C (1991) Remote password authentication with smart cards. Comput Digit Tech IEE Proc E 138(3):165–168
Chang C-C, Hwang S-J (1993) Using smart cards to authenticate remote passwords. Comput Math Appl 26(7):19–27
Chang YF, Yu SH, Shiao DR (2013) An uniqueness and anonymity-preserving remote user authentication scheme for connected health care. J Med Syst 37(12):9902–9910
Chen C, Lee C, Hsu C (2012) Mobile device integration of a fingerprint biometric remote authentication scheme. Int J Commun Syst 25(2):585–597
Chiou S-Y, Ying Z, Liu J (2016) Improvement of a privacy authentication scheme based on cloud for medical environment. J Med Syst 40:101
Chuang YH, Tseng YM (2010) An efficient dynamic group key agreement protocol for imbalanced wireless networks. Int J Netw Manag 20(4):167–180
Das ML, Saxena A, Gulati VP (2004) A dynamic ID-based remote user authentication scheme. IEEE Trans Consum Electron 50(2):629–631
Das AK (2015) A secure and robust temporal credential-based three-factor user authentication scheme for wireless sensor networks. Peer-to-peer Netw Appl 9(1):223–244
He DB, Chen JH, Zhang R (2012) A more secure authentication scheme for telecare medicine information systems. J Med Syst 36(2):1989–1995
Jin AT, Ling D, Goh A (2004) Biohashing: Two factor authentication featuring fingerprint data and tokenised random number. Pattern Recogn 37(11):2245–2255
Khan MK, Kim KS, Alghathbar K (2010) Cryptanalysis and security enhancement of a more efficient secure dynamic idbased remote user authentication scheme. Comput Commun 34(3):305–309
Khan M, Kuman C, Gupta M (2014) More efficient key-hash based fingerprint remote authentication scheme using device. Computing 96(9):793–816
Kocher P, Jaffe J, Jun B (1999) Differential power analysis, Proceedings of 19th Annual International Cryptology conference(CRYPTO’99). LNCS 1666:388–397
Ku W, Chen S (2004) Impersonation attack on a dynamic ID based remote user authentication using smartcards. IEICE Trans Commun E88-B:2165–2167
Lamport (1981) Password authentication with insecure communication. Commun ACM 24(11):770–772
Lu Y, Li L, Peng H, Yang Y (2015) An enhanced Biometric-Based authentication scheme for telecare medicine information systems using elliptic curve cryptosystem. J Med Syst 39(2):1–9
Lu Y, Li L, Peng H, Yang Y (2016) A secure and efficient mutual authentication scheme for session initiation protocol. Peer-to-Peer Netw Appl 9(1):449–459
Lumini A, Nanni L (2007) Biohashing: Two factor authentication featuring fingerprint data and tokenised random number. Pattern Recogn 40(3):1057–1065
Messerges TS, Dabbish EA, Sloan RH (2002) Examining smartcard security under the threat of power analysis attacks. IEEE Trans Comput 51(5):541–552
Mir O, Munilla J, Kumari S (2015) Efficient anonymous authentication with key agreement protocol for wireless medical sensor networks. Peer-to-Peer Netw Appl:1–13
Mishra D, Das AK, Mukhopadhyay S (2016) A secure and efficient ECC-based user anonymity-preserving session initiation authentication protocol using smart card. Peer-to-Peer Netw Appl 9(1):171–192
Moon J, Choi Y, Kim J, Won D (2016) An improvement of robust and efficient biometrics based password authentication scheme for telecare medicine information systems using extended chaotic maps. J Med Syst 40:70
Siddiqui Z, Abdullah A-H, Khan M-K, Lee H-C, Alghamdi A-S (2015) Cryptanalysis and improvement of ’a secure authentication scheme for telecare medical information system’ with nonce verification, Peer-to-Peer Netw Appl, pp 1–13. doi:10.1007/s12083-015-0364-9
Wang YY, Kiu JY, Xiao FX, Dan J (2009) A more efficient secure dynamic ID-based remote user authentication. Comput Commun 32:583–585
Wang XM, Zhang WF, Zhang JS, Khan MK (2007) Cryptanalysis and improvement on two efficient remote user authentication scheme using smart cards. Comput Stander Interface 29:507–512
Wu Z-Y, Lee Y-C, Lai F, Lee H-C, Chung Y (2012) A secure authentication scheme for telecare medicine information systems. J Med Syst 36(3):1529–1535
Wu F, Xu L, Kumari S, Li X (2015) A novel and provably secure biometrics-based three-factor remote authentication scheme for mobile client server networks. Comput Electr Eng 45(C):274285
Yeh H-L, Chen T-H, Hu K-J, Shih W-K (2013) Robust elliptic curve cryptography-based three factor user authentication providing privacy of biometric data. IET Inf Secur 7(3):247252
Acknowledgments
This research is supported by National Basic Research Program of China (Grant No. 2013CB834205), Natural Science Foundation of Zhejiang Province (Grant No. LZ12F02005) and Opening project of Key Laboratory of Public Security Information Application Based on Big-data Architecture, Ministry of Public Security (Grant No. 2014DSJSY004).
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Han, L., Tan, X., Wang, S. et al. An efficient and secure three-factor based authenticated key exchange scheme using elliptic curve cryptosystems. Peer-to-Peer Netw. Appl. 11, 63–73 (2018). https://doi.org/10.1007/s12083-016-0499-3
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s12083-016-0499-3