An anonymous and efficient remote biometrics user authentication scheme in a multi server environment

doi:10.1007/s11704-014-3125-7

Front. Comput. Sci.

2015, Vol. 9

Issue (1) : 142-156 https://doi.org/10.1007/s11704-014-3125-7

RESEARCH ARTICLE

An anonymous and efficient remote biometrics user authentication scheme in a multi server environment

Peng JIANG(

),Qiaoyan WEN,Wenmin LI,Zhengping JIN,Hua ZHANG

State Key Laboratory of Networking and Switching Technology, Beijing University of Posts and Telecommunications, Beijing 100876, China

Download: PDF(620 KB)
Export: BibTeX | EndNote | Reference Manager | ProCite | RefWorks

Abstract

As service demands rise and expand single-server user authentication has become unable to satisfy actual application demand. At the same time identity and password based authentication schemes are no longer adequate because of the insecurity of user identity and password. As a result biometric user authentication has emerged as a more reliable and attractive method. However, existing biometric authentication schemes are vulnerable to some common attacks and provide no security proof, some of these biometric schemes are also either inefficient or lack sufficient concern for privacy. In this paper, we propose an anonymous and efficient remote biometric user authentication scheme for a multi-server architecture with provable security. Through theoretical mathematic deduction, simulation implementation, and comparison with related work, we demonstrate that our approach can remove the aforementioned weaknesses and is well suited for a multiserver environment.

Keywords biometrics remote authentication multi-server architecture smart card

Corresponding Author(s): Peng JIANG

Issue Date: 09 February 2015

Cite this article:

Peng JIANG,Qiaoyan WEN,Wenmin LI, et al. An anonymous and efficient remote biometrics user authentication scheme in a multi server environment[J]. Front. Comput. Sci., 2015, 9(1): 142-156.

URL:

https://academic.hep.com.cn/fcs/EN/10.1007/s11704-014-3125-7
https://academic.hep.com.cn/fcs/EN/Y2015/V9/I1/142

1	Lamport L. Password authentication with insecure communication. Communications of the ACM, 1981, 24(11): 770-772 https://doi.org/10.1145/358790.358797
2	He D B, Chen J H, Hu J. An ID-based client authentication with key agreement protocol for mobile client-server environment on ECC with provable security. Information Fusion, 2012, 13(3): 223-230 https://doi.org/10.1016/j.inffus.2011.01.001
3	Li L H, Lin L C, Hwang M S. A remote password authentication scheme for multi-server architecture using neural networks. IEEE Transactions on Neural Networks, 2001, 12(6): 1498-1504 https://doi.org/10.1109/72.963786
4	He D B. An efficient remote user authentication and key exchange protocol for mobile client-server environment from pairings. Ad Hoc Networks, 2012, 10(6): 1009-1016 https://doi.org/10.1016/j.adhoc.2012.01.002
5	Liao Y P, Wang S S. A secure dynamic ID based remote user authentication scheme for multi-server environment. Computer Standards & Interfaces, 2009, 31(1): 24-29 https://doi.org/10.1016/j.csi.2007.10.007
6	He D B, Chen J H, Chen Y T. A secure mutual authentication scheme for session initiation protocol using elliptic curve cryptography. Security and Communication Networks, 2012, 5(12): 1423-1429 https://doi.org/10.1002/sec.506
7	Li X, Niu J W, Khan M K, Wang Z B. Applying LU decomposition of matrices to design anonymity bilateral remote user authentication scheme. Mathematical Problems in Engineering. 2013, Article ID 910409, 10 pages https://doi.org/10.1155/2013/910409
8	Chen T H, Chen Y C, Shih W K, Wei H W. An efficient anonymous authentication protocol for mobile pay-TV. Journal of Network and Computer Applications, 2011, 34(4): 1131-1137 https://doi.org/10.1016/j.jnca.2010.11.005
9	He D B, Chen J H, Zhang R. A more secure authentication scheme for telecare medicine information systems. Journal of Medical Systems, 2012, 36(3): 1989-1995 https://doi.org/10.1007/s10916-011-9658-5
10	Leung K C, Cheng L M, Fong A S, Chan C K. Cryptanalysis of a modified remote user authentication scheme using smart cards. IEEE Transactions on Consumer Electronics, 2003, 49(4): 1243-1245 https://doi.org/10.1109/TCE.2003.1261224
11	Fan C I, Chan Y C, Zhang Z K. Robust remote authentication scheme with smart cards. Computers & Security, 2005, 24(8): 619-628 https://doi.org/10.1016/j.cose.2005.03.006
12	Lee S W, Kim H S, Yoo K Y. Efficient nonce-based remote user authentication scheme using smart cards. Applied Mathematics and Computation, 2005, 167(1): 355-361 https://doi.org/10.1016/j.amc.2004.06.111
13	Juang W S. Efficient multi-server password authenticated key agreement using smart cards. IEEE Transaction on Consumer Electronics, 2004, 50(1): 251-255 https://doi.org/10.1109/TCE.2004.1277870
14	Tai J L. Efficient multi-server authentication scheme based on one-way hash function without verification table. Computers & Security, 2008, 27(3-4): 115-121
15	Hsiang H C, Shih W K. Improvement of the secure dynamic ID based remote user authentication scheme for multi-server environment. Computer Standards & Interfaces, 2009, 31(6): 1118-1123 https://doi.org/10.1016/j.csi.2008.11.002
16	Yoon E J, Yoo K Y. Robust biometrics-based multi-server authentication with key agreement scheme for smart cards on elliptic curve cryptosystem. Journal of Supercomputing, 2013, 63(1): 235-255 https://doi.org/10.1007/s11227-010-0512-1
17	Lee C C, Lin T H, Chang R X. A secure dynamic ID based remote user authentication scheme for multi-server environment using smart cards. Expert Systems with Applications, 2011, 38: 13863-13870
18	Li X, Xiong Y P, Ma J, Wang W D. An efficient and security dynamic identity based authentication protocol for multi-server architecture using smart cards. Journal of Network and Computer Applications, 2012, 35: 763-769 https://doi.org/10.1016/j.jnca.2011.11.009
19	Liao Y P, Hsiao C M. A novel multi-server remote user authentication scheme using self-certified public keys for mobile clients. Future Generation Computer Systems, 2013, 29(3): 886-900 https://doi.org/10.1016/j.future.2012.03.017
20	Ratha N K, Connell J H, Bolle R M. Enhancing security and privacy in biometrics- based authentication systems. IBM Systems Journal, 2001, 40(3): 614-634 https://doi.org/10.1147/sj.403.0614
21	He D B, Chen J H, Hu J. Improvement on a smart card based password authentication scheme. Journal of Internet Technology, 2012, 13(3): 405-410
22	He D B, Chen J H, Hu J. Further improvement of Juang et al.’s password-authenticated key agreement scheme using smart cards. Kuwait Journal of Science & Engineering, 2011, 38(2A): 55-68
23	Li X, Niu J W, Liao J G, Liang W. Cryptanalysis of a dynamic identity based remote user authentication scheme with verifiable password update. International Journal of Communication Systems, 2013 https://doi.org/10.1002/dac.2676
24	He D B, Wang D, Wu S H. Cryptanalysis and improvement of a password-based remote user authentication scheme without smart cards. Information Technology and Control, 2013, 42(2): 170-177 https://doi.org/10.5755/j01.itc.42.2.2554
25	Li X, Ma J, Wang W D, Xiong Y P, Zhang J S. A novel smart card and dynamic ID based remote user authentication scheme for multi-server environment. Mathematical and Computer Modelling, 2013, 58(1-2): 85-95 https://doi.org/10.1016/j.mcm.2012.06.033
26	Jiang P, Wen Q Y, Li W M, Jin Z P, Zhang H. An anonymous user authentication with key agreement scheme without pairings for multiserver architecture using SCPKs. The Scientific World Journal, 2013, Article ID 419592, 8 pages https://doi.org/10.1155/2013/419592
27	Li X, Niu J W, Khan M K, Liao J G. An enhanced smart card based remote user password authentication scheme. Journal of Network and Computer Applications, 2013, 36(5): 1365-1371 https://doi.org/10.1016/j.jnca.2013.02.034
28	Lee J K, Ryu S R, Yoo K Y. Fingerprint-based remote user authentication scheme using smart cards. Electronics Letters, 2002, 38(12): 554-555 https://doi.org/10.1049/el:20020380
29	Lin C H, Lai Y Y. A flexible biometrics remote user authentication scheme. Computer Standards and Interfaces, 2004, 27(1): 19-23 https://doi.org/10.1016/j.csi.2004.03.003
30	Chang C C, Lin I C. Remarks on fingerprint-based remote user authentication scheme using smart cards. ACM SIGOPS Operating Systems Review, 2004, 38(4): 91-96 https://doi.org/10.1145/1031154.1031165
31	Kim H S, Lee S W, Yoo K Y. ID-based password authentication scheme using smart cards and fingerprints. ACM SIGOPS Operating Systems Review, 2003, 37(4): 32-41 https://doi.org/10.1145/958965.958969
32	Scott M. Cryptanalysis of an ID-based password authentication scheme using smart cards and fingerprints. ACM SIGOPS Operating Systems Review, 2004, 38(2): 73-75 https://doi.org/10.1145/991130.991137
33	Khan M K, Zhang J S. Improving the security of a flexible biometrics remote user authentication scheme. Computer Standards & Interfaces, 2007, 29(1): 82-85 https://doi.org/10.1016/j.csi.2006.01.002
34	Li C T, Hwang M S. An efficient biometrics-based remote user authentication scheme using smart cards. Journal of Network and Computer Applications, 2010, 33(1): 1-5 https://doi.org/10.1016/j.jnca.2009.08.001
35	Li X, Niu J W, Ma J, Wang W D, Liu C L. Cryptanalysis and improvement of a biometric-based remote authentication scheme using smart cards. Journal of Network and Computer Applications, 2011, 34(1): 73-79 https://doi.org/10.1016/j.jnca.2010.09.003
36	Das A K. Analysis and improvement on an efficient biometric-based remote user authentication scheme using smart cards. IET Information Security, 2011, 5(3): 145-151 https://doi.org/10.1049/iet-ifs.2010.0125
37	Kim H H, Jeon W R, Lee K W, Lee Y H, Won D H. Cryptanalysis and improvement of a biometrics-based multi-server authentication with key agreement scheme. In: Proceedings of Computational Science and its Applications. 2012, 7335: 391-406
38	Li X, Niu J W, Wang Z B, Chen C. Applying biometrics to design threefactor remote user authentication scheme with key agreement. Security and Communication Networks, 2013 https://doi.org/10.1002/sec.767
39	Lee C C, Hsu C W. A secure biometric-based remote user authentication with key agreement scheme using extended chaotic maps. Nonlinear Dynamics, 2013, 71(1-2): 201-211 https://doi.org/10.1007/s11071-012-0652-3
40	Chen J, Yang Y. Activity completion duration based checkpoint selection for dynamic verification of temporal constraints in grid workflow systems. International Journal of High Performance Applications, 2008, 22(3): 319-329 https://doi.org/10.1177/1094342007086229
41	Jain A K, Nandakumar K, Nagar A. Biometric template security. EURASIP Journal on Advances in Signal Processing, 2008, 1-17
42	Dodis Y, Reyzin L, Smith A. Fuzzy extractors: How to generate strong keys from biometrics and other noisy data. In advances in CryptologyEUROCRYPT, 2005, 3027: 523-540
43	Abdalla M, Fouque P A, Pointcheval D. Password-based authenticated key exchange in the three-party setting. In: Procedings of the 8th International Workshop on Theory and Practice in Public Key Cryptography (PKC 2005). 2005, 3386: 65-84
44	Hankerson D, Menezes A, Vanstone S. Guide to elliptic curve c<?Pub Caret?>ryptography. New York: Springer-Verlag, 2004

[1]

Supplementary Material

Download

[1]	Hunny MEHROTRA, Banshidhar MAJHI. Local feature based retrieval approach for iris biometrics[J]. Front Comput Sci, 2013, 7(5): 767-781.
[2]	YANG Jian, YANG Jingyu, ZHANG David. Median Fisher Discriminator: a robust feature extraction method with applications to biometrics[J]. Front. Comput. Sci., 2008, 2(3): 295-305.
[3]	Tang Yuanyan. Status of pattern recognition with wavelet analysis[J]. Front. Comput. Sci., 2008, 2(3): 268-294.

Viewed

Full text

Abstract

Cited

Shared

Discussed