Skip to main content
placeholder image

Analysis and improvement on a biometric-based remote user authentication scheme using smart cards

Journal Article


Abstract


  • In a recent paper (BioMed Research International, 2013/491289), Khan et al. proposed an improved biometrics-based remote user authentication scheme with user anonymity. The scheme is believed to be secure against password guessing attack, user impersonation attack, server masquerading attack, and provide user anonymity, even if the secret information stored in the smart card is compromised. In this paper, we analyze the security of Khan et al.’s scheme, and demonstrate that their scheme doesn’t provide user anonymity. This also renders that their scheme is insecure against other attacks, such as off-line password guessing attack, user impersonation attacks. Subsequently, we propose a robust biometric-based remote user authentication scheme. Besides, we simulate our scheme for the formal security verification using the wide-accepted BAN logic to ensure our scheme is working correctly by achieving the mutual authentication goals.

  • In a recent paper (BioMed Research International, 2013/491289), Khan et al. proposed an improved biometrics-based remote user authentication scheme with user anonymity. The scheme is believed to be secure against password guessing attack, user impersonation attack, server masquerading attack, and provide user anonymity, even if the secret information stored in the smart card is compromised. In this paper, we analyze the security of Khan et al.’s scheme, and demonstrate that their scheme doesn’t provide user anonymity. This also renders that their scheme is insecure against other attacks, such as off-line password guessing attack, user impersonation attacks. Subsequently, we propose a robust biometric-based remote user authentication scheme. Besides, we simulate our scheme for the formal security verification using the wide-accepted BAN logic to ensure our scheme is working correctly by achieving the mutual authentication goals.

Publication Date


  • 2015

Citation


  • Wen, F., Susilo, W. & Yang, G. (2015). Analysis and improvement on a biometric-based remote user authentication scheme using smart cards. Wireless Personal Communications: an international journal, 80 (4), 1747-1760.

Scopus Eid


  • 2-s2.0-84925515897

Ro Metadata Url


  • http://ro.uow.edu.au/eispapers/3365

Has Global Citation Frequency


Number Of Pages


  • 13

Start Page


  • 1747

End Page


  • 1760

Volume


  • 80

Issue


  • 4

Place Of Publication


  • United States

Abstract


  • In a recent paper (BioMed Research International, 2013/491289), Khan et al. proposed an improved biometrics-based remote user authentication scheme with user anonymity. The scheme is believed to be secure against password guessing attack, user impersonation attack, server masquerading attack, and provide user anonymity, even if the secret information stored in the smart card is compromised. In this paper, we analyze the security of Khan et al.’s scheme, and demonstrate that their scheme doesn’t provide user anonymity. This also renders that their scheme is insecure against other attacks, such as off-line password guessing attack, user impersonation attacks. Subsequently, we propose a robust biometric-based remote user authentication scheme. Besides, we simulate our scheme for the formal security verification using the wide-accepted BAN logic to ensure our scheme is working correctly by achieving the mutual authentication goals.

  • In a recent paper (BioMed Research International, 2013/491289), Khan et al. proposed an improved biometrics-based remote user authentication scheme with user anonymity. The scheme is believed to be secure against password guessing attack, user impersonation attack, server masquerading attack, and provide user anonymity, even if the secret information stored in the smart card is compromised. In this paper, we analyze the security of Khan et al.’s scheme, and demonstrate that their scheme doesn’t provide user anonymity. This also renders that their scheme is insecure against other attacks, such as off-line password guessing attack, user impersonation attacks. Subsequently, we propose a robust biometric-based remote user authentication scheme. Besides, we simulate our scheme for the formal security verification using the wide-accepted BAN logic to ensure our scheme is working correctly by achieving the mutual authentication goals.

Publication Date


  • 2015

Citation


  • Wen, F., Susilo, W. & Yang, G. (2015). Analysis and improvement on a biometric-based remote user authentication scheme using smart cards. Wireless Personal Communications: an international journal, 80 (4), 1747-1760.

Scopus Eid


  • 2-s2.0-84925515897

Ro Metadata Url


  • http://ro.uow.edu.au/eispapers/3365

Has Global Citation Frequency


Number Of Pages


  • 13

Start Page


  • 1747

End Page


  • 1760

Volume


  • 80

Issue


  • 4

Place Of Publication


  • United States