research article an improved biometric-based user...
TRANSCRIPT
Research ArticleAn Improved Biometric-Based User Authentication Scheme forCS System
Li Jiping1 Ding Yaoming1 Xiong Zenggang1 and Liu Shouyin2
1 School of Computer and Information Science Hubei Engineering University Xiaogan 432000 China2 College of Physical and Technology Central China Normal University Wuhan 430079 China
Correspondence should be addressed to Ding Yaoming xgdym21cncom
Received 24 August 2013 Revised 18 February 2014 Accepted 27 February 2014 Published 27 April 2014
Academic Editor Chuan-Ming Liu
Copyright copy 2014 Li Jiping et alThis is an open access article distributed under the Creative Commons Attribution License whichpermits unrestricted use distribution and reproduction in any medium provided the original work is properly cited
The authors first review the recently proposed Dasrsquos biometric-based remote user authentication scheme and then show that Dasrsquosscheme is still insecure against some attacks and has some problems in password change phase In order to overcome the designflaws in Dasrsquos scheme an improvement of the scheme is further proposed Cryptanalysis shows that our scheme is more efficientand secure against most of attacks moreover our scheme can provide strong mutual authentication by using verifying biometricpassword as well as random nonces generated by the user and server
1 Introduction
In a clientserver system the validity of remote user is neces-sary to assure the security of the system Traditional remoteidentity-based authentication schemes [1ndash9] are based onpasswords onlyHowever simple passwords are always easy tobreak by using simple dictionary attacks since they have lowentropy To overcome this problem cryptographic secret keysand passwords are used in the remote user authenticationschemes But the long and random cryptographic keys aredifficult to memorize and hence they must be stored some-where [10] it is expensive to maintain the long cryptographickeys Furthermore both passwords and cryptographic keysare unable to provide nonrepudiation because they can beforgotten or lost or when they are shared with other peoplethere is no-way to know who the actual user is [11] Abiometric system operates by acquiring biometric data froman individual extracting a feature set from the acquired dataand comparing this feature set against the template set inthe database [12ndash14] In [3] the authors propose an online(119905 119899) threshold secret sharing scheme based on biometricverification and threshold password authentication In [15]a continuous user authentication scheme based on biometricverification by fusing hard and soft traits is proposed irrespec-tive of user posture in front of the system In [16] a BIO3G
protocol based on biometric authentication for 3G mobileenvironments is proposed to provide real end to end stronguser authentication In [17] the author analyzes the securityof Dasrsquos biometric-based authentication scheme and showsthat the scheme is still insecure against some attacks anddoes not provide mutual authentication between the userand server In [18] the author proposes an enhanced schemebased on biometric verification and smart card to removethe security weakness of Dasrsquos scheme analyzed in [17]However the proposed scheme in [18] cannot withstand thereplay attack between the user and the remote server Inthe abovementioned schemes biometric verification allowsone to confirm or establish an individual identity Thereforebiometric keys are proposedwhich are based on physiologicaland behavioral characteristics of persons such as fingerprintsfaces irises hand geometry and palm prints Some advan-tages of biometric keys are described as follows [19 20]
(i) Biometric keys cannot be lost or forgotten(ii) Biometric keys are very difficult to copy or share(iii) Biometric keys are extremely hard to forge or dis-
tribute(iv) Biometric keys cannot be guessed easily(v) Someonersquos biometrics is not easier to break than
others
Hindawi Publishing CorporationInternational Journal of Distributed Sensor NetworksVolume 2014 Article ID 275341 9 pageshttpdxdoiorg1011552014275341
2 International Journal of Distributed Sensor Networks
Table 1 Notations used in the proposed scheme
Notation Description119862119894
Client119877119894
Trusted registration center119878119894
ServerPW119894
Password shared between 119862119894and 119878
119894
ID119894
Identity of the user 119862119894
119861119894
Biometric template of the user 119862119894
119889(∙) Symmetric parametric function120591 Predetermined threshold for biometric verificationℎ(∙) A secure one-way hash function119883119904
A secret information maintained by the server119877119888
A random number chosen by 119862119894
119877119904
A random number chosen by 119878119894
119860 119861 Data 119860 concatenates with data 119861119860 oplus 119861 XOR operation of 119860 and 119861
As a result biometric-based remote user authenticationsare inherently more reliable and secure than usual traditionalpassword-based remote user authentication schemes
In this paper we propose an improvement of Dasrsquosbiometric-based remote user authentication scheme usingsmart cards in order to withstand his design flaws Theremainder of this paper is organized as follows In Section 2we briefly review the Dasrsquos biometric-based remote userauthentication scheme using smart cards [21] In Section 3we analyze the design flaws in Dasrsquos scheme In Section 4 wepropose an improvement of the scheme in order to eliminatethe design flaws discussed in Section 3 Security analysis ofour scheme and performance comparison with other relatedschemes are implemented in Section 5 Finally we concludethe paper in Section 6
2 Review of DASrsquos Biometric-Based RemoteUser Authentication Scheme
In this section we review in brief Dasrsquos biometric-basedremote user authentication scheme [21] For describing theDasrsquos scheme [21] we use the notations shown in Table 1Dasrsquos scheme consists of the following four phases namelyregistration phase login phase authentication phase andchange password phase Details of each phase are given in thefollowing subsections
21 Registration Phase In order to login to the system theremote user 119862
119894needs to perform the following stages as
shown in Algorithm 1
Step 1The user inputs hisher personal biometric119861119894on a spe-
cific device and offers hisher password PW119894and the identity
ID119894of the user to the registration center 119877
119894in person
119862119894
119878119894
(1)ID119894 119861119894 PW119894997888997888997888997888997888997888997888rarr
(2) Computes 119903119894and 119890
119894
119891119894= ℎ(119861
119894)
119903119894= ℎ(PW
119894) oplus 119891119894
119890119894= ℎ(ID
119894 119883119904) oplus 119903119894
(3)Smart card(ID119894 ℎ(sdot) 119891119894 119903119894 119890119894)larr997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888
Algorithm 1 Registration phase of Dasrsquos scheme
Step 2 The registration center 119877119894then computes 119891
119894= ℎ(119861
119894)
119903119894= ℎ(PW
119894) oplus 119891119894 and 119890
119894= ℎ(ID
119894119883119904) oplus 119903119894 Here 119883
119904is secret
information generated by the server
Step 3 Finally the registration center 119877119894
loads(ID119894 ℎ(sdot) 119891
119894 119890119894 119903119894) on the userrsquos smart card and sends
the information to the user 119862119894via a secure channel
22 Login Phase In this phase if a user 119862119894wants to login to
the server 119878119894 heshe needs to perform the following steps as
shown in Algorithm 2
Step 1 119862119894first inserts hisher smart card into the smart card
reader of a terminal and offers hisher personal biometrictemplate119861
119894 on the specific device to verify hisher biometric
Step 2 Next the userrsquos personal biometric template 119861119894is
matched against the template stored in the system
Step 3 If the above verification does not hold then 119862119894does
not pass the biometric verification and as a result the remoteuser authentication is terminated Otherwise on the otherhand if the abovementioned verification holds 119862
119894passes the
biometric verification and 119862119894then inputs hisher password
PW119894to perform Step 4
Step 4 The smart card computes 1199031015840119894= ℎ(PW
119894) oplus 119891119894 If 1199031015840119894
= 119903119894
then password verification fails and the client terminates thesession
Step 5 If 1199031015840119894= 119903119894 the smart card computes 119872
1= 119890119894oplus 1199031015840119894
which is equal to ℎ(ID119894 119883119904)1198722= 1198721oplus 119877119888 which is equal
to ℎ(ID119894 119883119904) oplus 119877119888 and 119872
3= ℎ(119877
119888) where 119877
119888is a random
number generated by the user
Step 6 Finally 119862119894sends the message ⟨ID
11989411987221198723⟩ to the
remote server 119878119894
23 Authentication Phase After receiving the login requestmessage ⟨ID
11989411987221198723⟩ 119878119894performs the following steps as
shown in Algorithm 3 in order to authenticate whether theuser 119862
119894is legal or not
International Journal of Distributed Sensor Networks 3
119862119894
119878119894
(1) Inserts the smart card and 119861119894
(2) Verifies whether 119861119894matches with template stored in system
(3) If it holds then 119862119894inputs hisher password PW
119894
(4) Computes 1199031015840119894= ℎ(PW
119894) oplus 119891119894
(5) Checks if 1199031015840119894= 119903119894
(6) If it holds the smart card computes the following1198721= 119890119894oplus 1199031015840119894
1198722= 1198721oplus 119877119888
1198723= ℎ(119877
119888)
(7)⟨ID119894 1198722 1198723⟩997888997888997888997888997888997888997888997888997888997888rarr
Algorithm 2 Login phase of Dasrsquos scheme
119862119894
119878119894
(1) Checks whether the format of 1198621015840119894s ID119894is valid or not
If above holds 119878119894computes the following
1198724= ℎ(ID
119894 119883119878)
1198725= 1198722oplus1198724
(2) Verifies whether ℎ(1198725) = 119872
3
If it holds then computes1198726= 1198724oplus 119877119904
1198727= ℎ(119872
2 1198725)
1198728= ℎ(119877
119904)
(3)⟨1198727 1198726 1198728⟩larr997888997888997888997888997888997888997888997888997888997888
(4) Verifies whether1198727= ℎ(119872
2 119877119888)
(5) If above holds 119862119894computes
1198729= 1198726oplus1198721
Verifies whether ℎ(1198729) = 119872
8
If it does not hold 119878119894is rejected by 119862
119894
Otherwise if it holds then computes11987210
= ℎ(1198726 1198729)
(6)⟨11987210⟩997888997888997888997888997888rarr
(7) Verifies whether11987210
= ℎ(1198726 119877119904)
(8) If it holds 119878119894accepts 1198621015840
119894s login request
(9) Otherwise 119878119894rejects 1198621015840
119894s login request
Algorithm 3 Authentication phase of Dasrsquos scheme
Step 1 119878119894first checks the format of 119862
119894rsquos ID119894
Step 2 If the above format is valid 119878119894then computes 119872
4=
ℎ(ID119894 119883119904) 1198725
= 1198722oplus 1198724and then verifies whether
ℎ(1198725) = 119872
3 If it does not hold then 119878
119894rejects 119862
119894rsquos login
request In case the verification is successful then 119878119894computes
1198726= 1198724oplus 1198771199041198727= ℎ(119872
2 1198725) and119872
8= ℎ(119877
119904)
Step 3 119878119894then sends the message ⟨119872
711987261198728⟩ to 119862
119894
Step 4 After receiving the message in Step 3 119862119894verifies
whether 1198727
= ℎ(1198722
119877119888) Thus if the verification does
not pass 119862119894terminates the session Otherwise 119862
119894proceeds
as follows by computing1198729= 1198726oplus1198721(= 119877119904) and verifying
further whether ℎ(1198729) = 119872
8 If ℎ(119872
9) =1198728 119862119894terminates
the session On the other hand 119862119894computes 119872
10= ℎ(119872
6
1198729) and sends the message ⟨119872
10⟩ to the server 119878
119894
Step 5 After receiving119862119894rsquos message 119878
119894verifies whether119872
10=
ℎ(1198726 119877119904)
Step 6 If the abovementioned does not hold 119878119894rejects 119862
119894rsquos
login request
Step 7 In case the verification is successful then only 119878119894
accepts 119862119894rsquos login request
24 Password Change The password change phase of Dasrsquosscheme [21] has the following steps
4 International Journal of Distributed Sensor Networks
Step 1 It inserts the smart card into the card reader and offers119861119894
Step 2 It verifies whether the userrsquos personal biometrictemplate119861
119894matches against the template stored in the system
Step 3 If 119862119894passes the biometric verification then only
119862119894enters hisher old password PWold
119894and new changed
password PWnew119894
Step 4 The smart card then computes 1199031015840119894= ℎ(PWold
119894) oplus 119891119894
if 1199031015840119894
= 119903119894 the password change phase is terminated If 1199031015840
119894= 119903119894
then only smart card computes 11990310158401015840119894
= ℎ(PWnew119894
) oplus 119891119894 1198901015840119894=
119890119894oplus 119903119894(= ℎ(ID
119894 119883119904)) and 11989010158401015840
119894= 1198901015840119894oplus 119903119894
Step 5 Finally replace 119890119894with 11989010158401015840
119894and 119903119894with 11990310158401015840
119894on the smart
card
3 Cryptanalysis of Dasrsquos Scheme
This section demonstrates that Dasrsquos scheme [21] has somedrawbacks denial-of-service attack user impersonationattack replay attack and password change problem
31 Denial-of-Service Attack One of fundamental propertiesof a secure one-way hash function is that its outputs are verysensitive to small perturbations in their inputs The crypto-graphic hash function cannot be applied straightforwardlywhen the input data are with noise such as biometrics [22]Then the predetermined threshold for biometric verificationcannot be used to measure outputs of hash functions Inthe registration phase of Dasrsquos scheme the register center 119877
119894
computes 119891119894= ℎ(119861
119894) and 119903
119894= ℎ(PW
119894) oplus 119891119894and then stores
119891119894and 119903
119894in the smart card In the login phase 119862
119894inserts
hisher smart card into the card reader and provides hisherpersonal biometrics 119861
119894on a specific device to verify the users
biometrics by verifying whether ℎ(119861119894) = 119891119894or not In Step 4 of
login phase password verification is performed by verifyingwhether 1199031015840
119894= 119903119894However both the biometric verification and
password verification procedures may result in serious flawsbecause ℎ(119861
119894) = 119891
119894may never succeed since the inputted
biometrics belonging to the same person may differ slightlyfrom time to time [22] so the next login and authenticationprocedure will be terminated As a result this may causethe legal user to be unable to pass biometric verification atthe login phase of Dasrsquos scheme Therefore Dasrsquos scheme isvulnerable to the denial-of-service attack
32 User Impersonation Attack We see from the login andauthentication phase of Dasrsquos scheme that an attacker canimpersonate a legal user to access to the server In the loginphase of Dasrsquos scheme since the user 119862
119894sends the message
⟨ID11989411987221198723⟩ to the remote server 119878
119894where 119862
119894identity is
not masked this will result in user impersonation attack asfollows
When an attack denoted as119860119894wants to access the remote
server heshe can eavesdrop the message ⟨ID11989411987221198723⟩ by
tapping communication lines or wireless link between the
legal user 119862119894and the remote server 119878
119894 Once 119860
119894derives
the message ⟨ID11989411987221198723⟩ he can send the eavesdropped
message to the remote server 119878119894 Since the legal userrsquos ID is
not masked so the check of userrsquos validity can easily pass Wecan clearly see that when 119878
119894computes1198721015840
4= ℎ(ID
119894 119883119904) and
11987210158405= 1198722oplus11987210158404 the verification of ℎ(1198721015840
5) = 119872
3is successful
Then 119878119894computes 1198721015840
6= 1198724oplus 119877119904 11987210158407= ℎ(119872
2 11987210158405) and
11987210158408
= ℎ(119877119904) and then sends message ⟨1198721015840
71198721015840611987210158408⟩ to 119862
119894
The attack119860119894may eavesdrops themessage ⟨1198721015840
71198721015840611987210158408⟩ and
modifies the11987210158407 replaces it with11987210158401015840
7 and then sends a forged
message ⟨1198721015840101584071198721015840611987210158408⟩ to 119862
119894 Obviously 11987210158401015840
7= ℎ(1198722 119877119888)
so 119862119894terminates the session However the attacker 119860
119894will
pass the verification ⟨119872101584071198721015840611987210158408⟩ and 119860
119894computes 1198721015840
9=
11987210158406oplus 1198721= 11987210158406oplus 1198724 Since the attack 119860
119894can verify 1198721015840
9=
11987210158408 he proceeds as follows by computing 1198721015840
10= ℎ(1198721015840
6
11987210158409) and sends message ⟨1198721015840
10⟩ to the remote server 119878
119894 On
receiving themessage the remote server 119878119894will verifywhether
119872101584010
= ℎ(1198726
119877119904) or not We can see obviously that the
above equation holds so the remote 119878119894accepts the attackerrsquos
login request and the user impersonation attack will occursequentially
33 Replay Attack In Dasrsquos scheme the replay and man-in-the-middle attack is withstood by checking whether 119872
1015840
5(=
1198722oplus1198724) = 119872
5 where119872
5is equal to 119877
119888and is stored in the
database of remote server 119878119894 It is noted that119872
5= 1198722oplus1198724
=
1198721oplus 119877119888oplus1198724= 119877119888(1198721= 1198724) is disclosed to any user when
one breaks the remote server 119878119894 When the remote server 119878
119894
is compromised by an attacker heshe can change ⟨ID1198941198725⟩
in the database of the remote server 119878119894 Obviously once 119872
5
is changed the replayed message ⟨ID1198941198721015840211987210158403⟩ will not be
discarded and1198725will be replaced by1198721015840
5
34 Password Change In password change procedure ofDasrsquos scheme if remote user 119862
119894wants to change hisher pass-
word heshe must pass biometric verification by verifyingℎ(119861119894) = 119891119894 However the inputted biometrics belonging to the
same personmay differ slightly from time to time [22] so thepassword change procedure will be terminated In additionfor more time since ℎ(119861
119894) = 119891119894 then 1199031015840
119894= ℎ(PWold
119894) oplus 119891
119894
computed by smart card is not equal to 119903119894stored in the
smart card so the password change procedure will also beterminated According to the above analysis Dasrsquos schemecannot realize the password change freely
4 Proposed Scheme
In this section we propose an improvement of the Dasrsquosbiometric-based remote user authentication scheme [21]using smart cards in order to withstand the flaws discussed inSection 3 For convenience we use the same notations used asin Dasrsquos scheme shown in Table 1
41 Registration Phase In order to login to the system theremote user119862
119894needs to perform the following steps as shown
in Algorithm 4
International Journal of Distributed Sensor Networks 5
119862119894
119878119894
(1)ID119894 119861119894 PW119894997888997888997888997888997888997888997888rarr
(2) computes 119891119894 119892119894 119903119894and 119890
119894
119891119894= ℎ(119861
119894)
119892119894= ℎ(ID
119894)
119903119894= ℎ(PW
119894) oplus 119891119894
119890119894= ℎ(119892
119894 119883119904) oplus 119903119894
(3)Smart card(ℎ(sdot) 119891119894 119892119894 119890119894 119903119894 120591 119889(sdot))larr997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888
Algorithm 4 Registration phase of our scheme
Step 1 The user 119862119894inputs hisher personal biometric 119861
119894on
a specific device and offers hisher password PW119894and the
identity ID119894to the registration center 119877
119894in person
Step 2 The registration center 119877119894then computes 119891
119894= ℎ(119861
119894)
119892119894= ℎ(ID
119894) 119903119894= ℎ(PW
119894)oplus119891119894 and 119890
119894= ℎ(119892
119894 119883119904)oplus119903119894 Here119883
119904
is secret information generated by the serverWe note that119883119904
and passwords of the corresponding users are not disclosed toany others for all secure future communications
Step 3 Finally the registration center 119877119894
loads(ℎ(sdot) 119891
119894 119892119894 119890119894 119903119894 120591 119889(sdot)) on the userrsquos smart card and
sends this information to the user 119862119894via a secure channel
42 Login Phase In order to login to the system the remoteuser 119862
119894needs to perform the following stages as shown in
Algorithm 5
Step 1 119862119894first inserts hisher smart card into the card reader
of a terminal and offers hisher personal biometric template1198611015840
119894 on the specific device If 119889(119861
119894 1198611015840
119894) gt 120591 the remote
user authentication is terminated Otherwise 119862119894passes the
biometric verification and then inputs hisher password PW119894
to perform Step 2
Step 2The smart card computes 1199031015840119894= ℎ(PW
119894)oplus119891119894 If119889(1199031015840
119894 119903119894) gt
120591 then password verification fails and the system terminatesthe session otherwise the smart card computes119872
1= 119890119894oplus 1199031015840119894
which is equal to ℎ(119892119894 119883119904) 1198722= ℎ(119877
119888 119879) where 119877
119888is a
random number generated by the user119862119894and119879 is the current
timestamp of 119862119894rsquos system and119872
3= 1198721oplus1198722
Step 3 Finally the user 119862119894sends the message ⟨119892
11989411987221198723 119879⟩
to the remote server 119878119894
43 Authentication Phase When the remote server 119878119894
receives the login request ⟨11989211989411987221198723 119879⟩ at time 119879lowast it will
perform the following steps as shown in Algorithm 6 toauthenticate whether the user 119862
119894is legal or not
Step 1 Verify T If (119879lowast minus 119879) gt Δ119879 the authenticationphase aborts where Δ119879 is the expected time interval for the
transmission delay of the system On the contrary if (119879lowast minus119879) le Δ119879 the next step will be performed
Step 2 119878119894checks the format of 119862
119894rsquos ID119894 It computes 119872
4=
ℎ(119892119894 119883119904) using the secret value119883
119904maintained by the server
119878119894and then computes 119872
5= 1198724oplus 1198723and verifies whether
1198725= 1198722 If it does not hold then 119878
119894rejects119862
119894rsquos login request
In case the verification is successful the next step will beperformed
Step 3 119878119894computes 119872
6= ℎ(119877
119904 119879119904) and 119872
7= 1198724oplus 1198726
where 119879119904is the current timestamp of the server 119878
119894 and then
119878119894sends message ⟨119872
411987261198727 119879119904⟩ to the user 119862
119894
Step 4 After receiving the message ⟨119872411987261198727 119879119904⟩ at
time 119879lowastlowast 119862119894first checks the freshness of 119879
119904by verifying
(119879lowastlowast minus 119879119904) gt Δ119879 If it holds the following session is
terminated otherwise 119862119894computes 119872
8= 119872
4oplus 1198727
and then verifies whether 1198728
= 1198726 If it does not
hold 119862119894terminates the session Otherwise it goes to the
next step
Step 5119862119894computes119872
9= 1198724oplus1198726and then verifies whether
1198729= 1198727 If it does not hold 119878
119894is rejected by 119862
119894 otherwise
if it holds 119862119894computes 119872
10= ℎ(119877
119888 1198791015840) where 1198791015840 is the
current timestamp of the user 119862119894 and then computes 119872
11=
1198727oplus11987210and sends the message ⟨119872
11 119877119888 1198791015840⟩ to the remote
server 119878119894
Step 6 When 119878119894receives the message ⟨119872
11 119877119888 1198791015840⟩ at
time 119879lowastlowastlowast it verifies (119879lowastlowastlowast minus 1198791015840) gt Δ119879 If it holds theauthentication phase is terminated Otherwise if it does nothold 119878
119894computes 119872
12= ℎ(119877
119888 1198791015840) and then computes
11987213
= 1198724oplus1198726oplus11987212 After computing119872
13 then 119878
119894verifies
whether 11987213
= 11987211 If it holds 119878
119894accepts 119862
119894rsquos login request
otherwise 119878119894rejects the login request
44 Password Change In our scheme user 119862119894can freely
change the password PWold119894
to a new one PWnew119894
Thepassword change procedure is performed as follows
Step 1119862119894inserts the smart card into the card reader and offers
hisher personal biometrics 1198611015840119894 then the smart card computes
1198911015840119894= ℎ(1198611015840
119894) and verifies it by checking 119889(1198911015840
119894 119891119894) le 120591 where
119891119894= ℎ(119861
119894) is the information stored in the smart card
Step 2 If it holds 119862119894inserts old password PWold
119894and new
password PWnew119894
otherwise the password change procedureis terminated
Step 3 Smart card performs 1199031015840119894= ℎ(PWold
119894) oplus 1198911015840119894and checks
119889(1199031015840119894 119903119894) le 120591 where 119903
119894is the information stored in the smart
cardStep 4 If it holds the smart card computes 11990310158401015840
119894= ℎ(PWnew
119894) oplus
119891119894 1198901015840119894= 119890119894oplus 119903119894(= ℎ(ID
119894 119883119904)) and 11989010158401015840
119894= 1198901015840119894oplus 119903119894
Step 5 Finally replace 119890119894with 11989010158401015840
119894and 119903119894with 11990310158401015840
119894on the smart
card
6 International Journal of Distributed Sensor Networks
119862119894
119878119894
(1) Inserts the smart card and inputs 1198611015840119894
(2) Verifies whether 119889(119861119894 1198611015840
119894) lt 120591
(3) If it holds then 119862119894inputs hisher password PW
119894
(4) Computes 1199031015840119894= ℎ(PW
119894) oplus 119891119894and verifies whether 119889(119903
119894 1199031015840119894) lt 120591
(5) If it holds the smart card computes1198721= 119890119894oplus 1199031015840119894
1198722= ℎ(119877
119888 119879)
1198723= 1198721oplus1198722
(6)⟨119892119894 1198722 1198723 119879⟩997888997888997888997888997888997888997888997888997888997888997888rarr
Algorithm 5 Login phase of our scheme
119862119894
119878119894
(1) When receiving ⟨11989211989411987221198723 119879⟩
119878119894checks (119879lowast minus 119879) gt Δ119879
(2) 119878119894computes119872
4= ℎ (119892
119894 119883119904)
1198725= 1198724oplus1198723 and verifies whether119872
5= 1198722
(3) 119878119894computes119872
6= ℎ(119877
119904 119879119904)
1198727= 1198724oplus1198726
⟨1198724 1198726 1198727 119879119904 ⟩larr997888997888997888997888997888997888997888997888997888997888997888997888997888
(4) When receiving ⟨1198724 1198726 1198727 119879119904⟩
at 119879lowastlowast 119862119894checks (119879lowastlowast minus 119879) gt Δ119879
computes1198728= 1198724oplus1198727 then verifies119872
8= 1198726
(5) 119862119894computes119872
9= 1198724oplus1198726 then verifies119872
9= 1198727 computes119872
10= ℎ(119877
119888 1198791015840) and
then11987211
= 1198727oplus11987210
⟨11987211 119877119888 1198791015840⟩
997888997888997888997888997888997888997888997888997888997888rarr
(6) When receiving ⟨11987211 119877119888 1198791015840⟩ at 119879lowastlowastlowast 119878
119894verifies (119879lowastlowastlowast minus 119879) gt Δ119879
then computes11987212
= ℎ(119877119888 1198791015840)
11987213
= 1198724oplus1198726oplus11987212 then verifies119872
13= 11987211
If it holds 119878119894accepts 1198621015840
119894119904 login request
Algorithm 6 Authentication phase of our scheme
5 Security Analysis and Performance ofthe Proposed Scheme
51 Security Analysis If a legal user lost hisher smart cardit is extremely hard for an adversary to derive the userrsquossensitive information such as userrsquos identity password andbiometrics because the extraction of parameters from thesmart card is quite difficult Furthermore the adversarycannot change the password because heshe cannot pass thebiometric verification
511 Denial-of-Service Attack In our proposed protocolwe take into account hash functionrsquos sensitivity to smallperturbations in its inputs In the login phase userrsquos biometricverification is performed by checking 119889(119861
119894 1198611015840119894) gt 120591 instead
of checking ℎ(1198611015840119894) = 119891119894 Moreover the password verification
is performed by checking 119889(1199031015840119894 119903119894) gt 120591 instead of 1199031015840
119894= 119903119894 So
denial-of-service attack caused by hash functionrsquos fundamen-tal properties can be withstood
512 Stolen-Verifier Attack Our scheme can resist stolen-verifier attack because the scheme is free from the veri-fierpassword table In our protocol the remote server 119878
119894does
not keep password tables Therefore an attacker cannot stealuserrsquos password from 119878
119894 Moreover the password ismasked by
hash function in the procedure of message transfer betweenthe user 119862
119894and remote server 119878
119894
513 Many Logged-In Users Attack Most systems whichmaintain the password table to verify user login are vulner-able to this kind of threat Our scheme can resist the threatsince our scheme requires on-card computation for login tothe remote server 119878
119894 and once the smart card is removed the
login process will be aborted
International Journal of Distributed Sensor Networks 7
514 Guessing Attack Our protocol can resist guessingattack which is a critical concern in password-based systemssince the password in our protocol is transmitted as a digestof some other secret information The attacker cannot guessthe userrsquos password from the digest because of the one-waycharacteristic of the hash function even if the attacker mayget the digest which contains the password
515 ReplayAttack Replaying an interceptedmessage can beprevented in our proposed protocol If an attacker intercepts⟨ID11989411987221198723 119879⟩ and tries to login to the remote server
119878119894via replaying the same message heshe cannot pass the
verification of the login request due to (119879lowast minus 119879) gt Δ119879 where119879lowast is the system time when the remote server 119878
119894receives
the replayed message Moreover if an attacker intercepts⟨119872411987261198727 119879119904⟩ and tries to replay the message to the user
119862119894 this kind of attack also can be prevented due to (119879lowastlowastminus119879
119904) gt
Δ119879
516 User Impersonation Attack In the login phase ofour scheme the message sent to remote server 119878
119894is
⟨11989211989411987221198723 119879⟩ instead of ⟨ID
11989411987221198723 119879⟩ where the userrsquos
identity ID119894is masked by hash function Even though an
attacker eavesdrops the message ⟨11989211989411987221198723 119879⟩ he cannot
derive the userrsquos identity ID119894 due to the one-way charac-
teristic of hash function In the authentication phase whenthe remote server 119878
119894receives the login request message
⟨11989211989411987221198723 119879⟩ it will check the validity of userrsquos identity
Since the attacker cannot derive legal userrsquos identity thecheck of userrsquos identity cannot pass which will result inthe termination of authentication phase Through the aboveanalysis we can see that user impersonation attack can beavoided in our scheme
517 Server Masquerading Attack If an attack 119860119894attempts
to masquerade as the legitimate server 119878119894 heshe must make
the forged replay message to the user when receiving theuserrsquos login request message ⟨119892
11989411987221198723 119879⟩ However the
forged replay message is more difficult to fake since thetime-stamped message ⟨119872
411987261198727 119879119904⟩ is sent to the user
119862119894when the remote server 119878
119894is receiving 119862
119894rsquos login request
message ⟨11989211989411987221198723 119879⟩ Moreover the attacker 119860
119894cannot
masquerade as the server by forging the replay message⟨119872411987261198727 119879119904⟩ because 119860
119894cannot compute (119872
41198727)
sending to the user 119862119894without knowing the secret value
119883119904kept by the server 119878
119894 Hence the attacker 119860
119894cannot
masquerade as the legal server to the user by launching theserver masquerading attack
518 Insider Attack In the registration phase if the userrsquospassword PW
119894and the biometrics information119861
119894are revealed
to the server 119878119894 the insider of the server may directly obtain
PW119894and 119861
119894 and the insider impersonates as the user 119862
119894to
access the userrsquos other accounts in the server But in the loginphase of our scheme if the insider wants to access 119862
119894rsquos other
accounts heshe must input hisher smart card to the cardreader and provide his biometric information 119861
1015840
119894in order to
pass the verification 119889(119861119894 1198611015840119894) lt 120591 Since the insider cannot
provide the user 119862119894rsquos smart card the biometric verification
will be aborted So the insider attack can be prevented
519 Mutual Authentication As described above ourscheme can withstand the user impersonation attack andserver masquerading attack consequently our scheme canprovide mutual authentication between the user 119862
119894and
remote server 119878119894
5110 Man-in-the-Middle Attack Man-in-the-middle attackmeans that an active attacker intercepts the communicationline between a legal user and the server and uses somemeansto successfully masquerade as both the server to the user andthe user to the server Then the user will believe that he istalking to the intended server and vice versa In our schemewhen a user 119862
119894wants to login to the remote server 119878
119894 mutual
authentication between the user 119862119894and remote server 119878
119894is
performed so man-in-the-middle attack can be prevented
52 Performance of the Proposed Scheme In this subsectionwe compare the performances of our improved schemewith those for Li-Hwangrsquos scheme [11] and Dasrsquos scheme[21] It is worth recalling that the protocol of Li-Hwangrsquosscheme [11] has security weaknesses against denial-of-serviceattack replay attack user impersonation attack and man-in-the-middle attack It is noted that Dasrsquos scheme [21] hassecurity weaknesses against denial-of-service attack userimpersonation attack replay attack server masqueradingattack and insider attack The security comparisons betweenour scheme and the schemes proposed by Li and Hwang [11]and Das [21] are summarized in Table 2 For the convenienceof evaluating the efficiency of related scheme we define thenotation 119879
ℎ the time of executing a one-way hash function
The efficiency comparison with related schemes is shown inTable 3 From the table we can see that our scheme is moreefficient than Dasrsquos scheme [21] Though our scheme is lessefficient than Li-Hwangrsquos scheme [11] it can provide bettersecurity against most attacks
6 Conclusion
This paper presents a biometric-based user authenticationscheme for clientserver system The method employs bio-metric keys and resists the threats of stolen-verifier of whichmany are logged-in users with the same login identity denial-of-service attack guessing attack insider attack replay attackuser impersonation attack server masquerading attack andman-in-the-middle attack Moreover the improved schemecan realize mutual authentication between the user andremote server The proposed scheme uses only hash functionand XOR operation which is efficient compared with thatof related protocols In addition the userrsquos password can bechanged freely using the proposed scheme Our proposedscheme provides strong authentication with the help of ver-ifying biometrics passwords and random nonces generatedby the user and server as compared to that of related schemes
8 International Journal of Distributed Sensor Networks
Table 2 Security comparisons among related protocols
Item Our scheme Li-Hwangrsquos scheme [11] Dasrsquos scheme [21]Avoiding denial-of-service attack Yes No NoAvoiding stolen-verifier attack Yes Yes YesAvoiding many logged-in users attack Yes Yes YesAvoiding guessing attack Yes Yes NoAvoiding replay attack Yes No NoAvoiding user impersonation attack Yes No NoAvoiding server masquerading attack Yes No NoAvoiding man-in-the-middle attack Yes No YesAvoiding insider attack Yes No NoMutual authentication Yes No NoHaving flaws in password change No Yes Yes
Table 3 Efficiency comparison with related schemes
Different phase Li-HwangrsquosScheme [11]
Dasrsquosscheme [21] Our scheme
RegistrationUser computation cost 2119879
ℎmdash 4119879
ℎ
Server computation cost mdash 3119879ℎ
mdashLogin
User computation cost 3119879ℎ
3119879ℎ
3119879ℎ
Server computation cost mdash mdash mdashAuthentication
User computation cost 2119879ℎ
3119879ℎ
119879ℎ
Server computation cost 3119879ℎ
5119879ℎ
3119879ℎ
Conflict of Interests
The authors declare that there is no conflict of interestsregarding the publication of this paper
Acknowledgments
The authors would like to thank the valuable comments andsuggestions of the reviewersThiswork is supported in part byNational Natural Science Foundation of China (no 61370223)and by Science Research Project of Hubei Provincial Depart-ment of Education (XD2012374 and B2013024)
References
[1] M S Hwang and C Y Liu ldquoAuthenticated encryption schemescurrent status and key issuesrdquo International Journal of NetworkSecurity vol 1 no 2 pp 61ndash73 2005
[2] N-Y Lee and Y-C Chiu ldquoImproved remote authenticationscheme with smart cardrdquo Computer Standards and Interfacesvol 27 no 2 pp 177ndash180 2005
[3] C T Li ldquoAn enhanced remote user authentication schemeproviding mutual authen- tication and key agreement withSmart Cardsrdquo in Proceedings of the 5th International IEEEComputer Society Conference on Information Assurance andSecurity pp 517ndash520 Xirsquoan China 2009
[4] MKim andC K Koc ldquoA simple attack on a recently introducedhash-based strong-password authentication schemerdquo Interna-tional Journal of Network Security vol 1 no 2 pp 77ndash80 2005
[5] K H M Wong Z Yuan C Jiannong and W ShengweildquoA dynamic user authentication scheme for wireless sensornetworksrdquo in Proceedings of the IEEE International Conferenceon Sensor Networks Ubiquitous and Trustworthy Computing(SUTC rsquo06) pp 244ndash251 Taichung Taiwan June 2006
[6] H-R Tseng R-H Jan and W Yang ldquoAn improved dynamicuser authentication scheme for wireless sensor networksrdquo inProceedings of the 50th Annual IEEEGlobal TelecommunicationsConference (GLOBECOM rsquo07) pp 986ndash990 Washington DCUSA November 2007
[7] T H Lee ldquoSimple dynamic user authen- tication protocolsfor wireless sensor networksrdquo in Proceedings of the 2nd Inter-national Conference on Sensor Technologies and Application(SENSORCOMMrsquo08) pp 657ndash660CapEsterel FranceAugust2008
[8] L-C Ko ldquoA novel dynamic user authentication scheme forwireless sensor networksrdquo in Proceedings of the IEEE Interna-tional Symposium on Wireless Communication Systems (ISWCSrsquo08) pp 608ndash612 Reykjavik Iceland October 2008
[9] B Vaidya J J Rodrigues and J H Park ldquoUser authenticationschemes with pseudonymity for ubiquitous sensor network inNGNrdquo International Journal of Communication Systems vol 23no 9-10 pp 1201ndash1222 2010
[10] J Daemen and R V Rijndael ldquoThe advanced encryptionstandardrdquo Dr Dobbrsquos Journal vol 26 no 3 pp 137ndash139 2001
[11] C-T Li and M-S Hwang ldquoAn efficient biometrics-basedremote user authentication scheme using smart cardsrdquo Journalof Network and Computer Applications vol 33 no 1 pp 1ndash52010
[12] A K Jain A Ross and S Prabhakar ldquoAn introduction to bio-metric recognitionrdquo IEEE Transactions on Circuits and Systemsfor Video Technology vol 14 no 1 pp 4ndash20 2004
[13] D Maltoni D Maio A K Jain and S Prabhakar Handbook ofFingerprint Recognition Springer New York NY USA 2009
[14] S Prabhakar S Pankanti and A K Jain ldquoBiometric recogni-tion security and privacy concernsrdquo IEEE Security and Privacyvol 1 no 2 pp 33ndash42 2003
[15] A Prakash ldquoA biometric approach for continuous user authen-tication by fusing hard and soft traitsrdquo International Journal ofNetwork Security vol 16 no 1 pp 65ndash70 2014
International Journal of Distributed Sensor Networks 9
[16] C K Dimitriadis and S A Shaikh ldquoA biometric authenticationprotocol for 3G mobile systems modelled and validated usingCSP and rank functionsrdquo International Journal of NetworkSecurity vol 5 no 1 pp 99ndash111 2007
[17] A Yang ldquoSecurity weaknesses and improvements of afingerprint-based remote user authentication scheme usingsmart cardsrdquo International Journal of Advancements inComputing Technology vol 4 no 3 pp 21ndash28 2012
[18] A N Younghwa ldquoSecurity analysis and enhancements of aneffective biometric-based remote user authentication schemeusing smart cardsrdquo Journal of Biomedicine and Biotechnologyvol 2012 Article ID 519723 6 pages 2012
[19] C-H Lin and Y-Y Lai ldquoA flexible biometrics remote userauthentication schemerdquoComputer Standards and Interfaces vol27 no 1 pp 19ndash23 2004
[20] C-T Li and M-S Hwang ldquoAn efficient biometrics-basedremote user authentication scheme using smart cardsrdquo Journalof Network and Computer Applications vol 33 no 1 pp 1ndash52010
[21] A KDas ldquoAnalysis and improvement on an efficient biometric-based remote user authentication scheme using smart cardsrdquoIET Information Security vol 5 no 3 pp 145ndash151 2011
[22] J P Linnartz and P Tuyls ldquoNew shielding functions toenhance privacy and prevent misuse of biometric templatesrdquoin Proceedings of the Audio and Video-Based Biometric PersonAuthentication vol 2688 of Lecture Notes in Computer Sciencepp 393ndash402 2003
International Journal of
AerospaceEngineeringHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
RoboticsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Active and Passive Electronic Components
Control Scienceand Engineering
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of
RotatingMachinery
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporation httpwwwhindawicom
Journal ofEngineeringVolume 2014
Submit your manuscripts athttpwwwhindawicom
VLSI Design
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Shock and Vibration
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Civil EngineeringAdvances in
Acoustics and VibrationAdvances in
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Electrical and Computer Engineering
Journal of
Advances inOptoElectronics
Hindawi Publishing Corporation httpwwwhindawicom
Volume 2014
The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014
SensorsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Modelling amp Simulation in EngineeringHindawi Publishing Corporation httpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Chemical EngineeringInternational Journal of Antennas and
Propagation
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Navigation and Observation
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
DistributedSensor Networks
International Journal of
2 International Journal of Distributed Sensor Networks
Table 1 Notations used in the proposed scheme
Notation Description119862119894
Client119877119894
Trusted registration center119878119894
ServerPW119894
Password shared between 119862119894and 119878
119894
ID119894
Identity of the user 119862119894
119861119894
Biometric template of the user 119862119894
119889(∙) Symmetric parametric function120591 Predetermined threshold for biometric verificationℎ(∙) A secure one-way hash function119883119904
A secret information maintained by the server119877119888
A random number chosen by 119862119894
119877119904
A random number chosen by 119878119894
119860 119861 Data 119860 concatenates with data 119861119860 oplus 119861 XOR operation of 119860 and 119861
As a result biometric-based remote user authenticationsare inherently more reliable and secure than usual traditionalpassword-based remote user authentication schemes
In this paper we propose an improvement of Dasrsquosbiometric-based remote user authentication scheme usingsmart cards in order to withstand his design flaws Theremainder of this paper is organized as follows In Section 2we briefly review the Dasrsquos biometric-based remote userauthentication scheme using smart cards [21] In Section 3we analyze the design flaws in Dasrsquos scheme In Section 4 wepropose an improvement of the scheme in order to eliminatethe design flaws discussed in Section 3 Security analysis ofour scheme and performance comparison with other relatedschemes are implemented in Section 5 Finally we concludethe paper in Section 6
2 Review of DASrsquos Biometric-Based RemoteUser Authentication Scheme
In this section we review in brief Dasrsquos biometric-basedremote user authentication scheme [21] For describing theDasrsquos scheme [21] we use the notations shown in Table 1Dasrsquos scheme consists of the following four phases namelyregistration phase login phase authentication phase andchange password phase Details of each phase are given in thefollowing subsections
21 Registration Phase In order to login to the system theremote user 119862
119894needs to perform the following stages as
shown in Algorithm 1
Step 1The user inputs hisher personal biometric119861119894on a spe-
cific device and offers hisher password PW119894and the identity
ID119894of the user to the registration center 119877
119894in person
119862119894
119878119894
(1)ID119894 119861119894 PW119894997888997888997888997888997888997888997888rarr
(2) Computes 119903119894and 119890
119894
119891119894= ℎ(119861
119894)
119903119894= ℎ(PW
119894) oplus 119891119894
119890119894= ℎ(ID
119894 119883119904) oplus 119903119894
(3)Smart card(ID119894 ℎ(sdot) 119891119894 119903119894 119890119894)larr997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888
Algorithm 1 Registration phase of Dasrsquos scheme
Step 2 The registration center 119877119894then computes 119891
119894= ℎ(119861
119894)
119903119894= ℎ(PW
119894) oplus 119891119894 and 119890
119894= ℎ(ID
119894119883119904) oplus 119903119894 Here 119883
119904is secret
information generated by the server
Step 3 Finally the registration center 119877119894
loads(ID119894 ℎ(sdot) 119891
119894 119890119894 119903119894) on the userrsquos smart card and sends
the information to the user 119862119894via a secure channel
22 Login Phase In this phase if a user 119862119894wants to login to
the server 119878119894 heshe needs to perform the following steps as
shown in Algorithm 2
Step 1 119862119894first inserts hisher smart card into the smart card
reader of a terminal and offers hisher personal biometrictemplate119861
119894 on the specific device to verify hisher biometric
Step 2 Next the userrsquos personal biometric template 119861119894is
matched against the template stored in the system
Step 3 If the above verification does not hold then 119862119894does
not pass the biometric verification and as a result the remoteuser authentication is terminated Otherwise on the otherhand if the abovementioned verification holds 119862
119894passes the
biometric verification and 119862119894then inputs hisher password
PW119894to perform Step 4
Step 4 The smart card computes 1199031015840119894= ℎ(PW
119894) oplus 119891119894 If 1199031015840119894
= 119903119894
then password verification fails and the client terminates thesession
Step 5 If 1199031015840119894= 119903119894 the smart card computes 119872
1= 119890119894oplus 1199031015840119894
which is equal to ℎ(ID119894 119883119904)1198722= 1198721oplus 119877119888 which is equal
to ℎ(ID119894 119883119904) oplus 119877119888 and 119872
3= ℎ(119877
119888) where 119877
119888is a random
number generated by the user
Step 6 Finally 119862119894sends the message ⟨ID
11989411987221198723⟩ to the
remote server 119878119894
23 Authentication Phase After receiving the login requestmessage ⟨ID
11989411987221198723⟩ 119878119894performs the following steps as
shown in Algorithm 3 in order to authenticate whether theuser 119862
119894is legal or not
International Journal of Distributed Sensor Networks 3
119862119894
119878119894
(1) Inserts the smart card and 119861119894
(2) Verifies whether 119861119894matches with template stored in system
(3) If it holds then 119862119894inputs hisher password PW
119894
(4) Computes 1199031015840119894= ℎ(PW
119894) oplus 119891119894
(5) Checks if 1199031015840119894= 119903119894
(6) If it holds the smart card computes the following1198721= 119890119894oplus 1199031015840119894
1198722= 1198721oplus 119877119888
1198723= ℎ(119877
119888)
(7)⟨ID119894 1198722 1198723⟩997888997888997888997888997888997888997888997888997888997888rarr
Algorithm 2 Login phase of Dasrsquos scheme
119862119894
119878119894
(1) Checks whether the format of 1198621015840119894s ID119894is valid or not
If above holds 119878119894computes the following
1198724= ℎ(ID
119894 119883119878)
1198725= 1198722oplus1198724
(2) Verifies whether ℎ(1198725) = 119872
3
If it holds then computes1198726= 1198724oplus 119877119904
1198727= ℎ(119872
2 1198725)
1198728= ℎ(119877
119904)
(3)⟨1198727 1198726 1198728⟩larr997888997888997888997888997888997888997888997888997888997888
(4) Verifies whether1198727= ℎ(119872
2 119877119888)
(5) If above holds 119862119894computes
1198729= 1198726oplus1198721
Verifies whether ℎ(1198729) = 119872
8
If it does not hold 119878119894is rejected by 119862
119894
Otherwise if it holds then computes11987210
= ℎ(1198726 1198729)
(6)⟨11987210⟩997888997888997888997888997888rarr
(7) Verifies whether11987210
= ℎ(1198726 119877119904)
(8) If it holds 119878119894accepts 1198621015840
119894s login request
(9) Otherwise 119878119894rejects 1198621015840
119894s login request
Algorithm 3 Authentication phase of Dasrsquos scheme
Step 1 119878119894first checks the format of 119862
119894rsquos ID119894
Step 2 If the above format is valid 119878119894then computes 119872
4=
ℎ(ID119894 119883119904) 1198725
= 1198722oplus 1198724and then verifies whether
ℎ(1198725) = 119872
3 If it does not hold then 119878
119894rejects 119862
119894rsquos login
request In case the verification is successful then 119878119894computes
1198726= 1198724oplus 1198771199041198727= ℎ(119872
2 1198725) and119872
8= ℎ(119877
119904)
Step 3 119878119894then sends the message ⟨119872
711987261198728⟩ to 119862
119894
Step 4 After receiving the message in Step 3 119862119894verifies
whether 1198727
= ℎ(1198722
119877119888) Thus if the verification does
not pass 119862119894terminates the session Otherwise 119862
119894proceeds
as follows by computing1198729= 1198726oplus1198721(= 119877119904) and verifying
further whether ℎ(1198729) = 119872
8 If ℎ(119872
9) =1198728 119862119894terminates
the session On the other hand 119862119894computes 119872
10= ℎ(119872
6
1198729) and sends the message ⟨119872
10⟩ to the server 119878
119894
Step 5 After receiving119862119894rsquos message 119878
119894verifies whether119872
10=
ℎ(1198726 119877119904)
Step 6 If the abovementioned does not hold 119878119894rejects 119862
119894rsquos
login request
Step 7 In case the verification is successful then only 119878119894
accepts 119862119894rsquos login request
24 Password Change The password change phase of Dasrsquosscheme [21] has the following steps
4 International Journal of Distributed Sensor Networks
Step 1 It inserts the smart card into the card reader and offers119861119894
Step 2 It verifies whether the userrsquos personal biometrictemplate119861
119894matches against the template stored in the system
Step 3 If 119862119894passes the biometric verification then only
119862119894enters hisher old password PWold
119894and new changed
password PWnew119894
Step 4 The smart card then computes 1199031015840119894= ℎ(PWold
119894) oplus 119891119894
if 1199031015840119894
= 119903119894 the password change phase is terminated If 1199031015840
119894= 119903119894
then only smart card computes 11990310158401015840119894
= ℎ(PWnew119894
) oplus 119891119894 1198901015840119894=
119890119894oplus 119903119894(= ℎ(ID
119894 119883119904)) and 11989010158401015840
119894= 1198901015840119894oplus 119903119894
Step 5 Finally replace 119890119894with 11989010158401015840
119894and 119903119894with 11990310158401015840
119894on the smart
card
3 Cryptanalysis of Dasrsquos Scheme
This section demonstrates that Dasrsquos scheme [21] has somedrawbacks denial-of-service attack user impersonationattack replay attack and password change problem
31 Denial-of-Service Attack One of fundamental propertiesof a secure one-way hash function is that its outputs are verysensitive to small perturbations in their inputs The crypto-graphic hash function cannot be applied straightforwardlywhen the input data are with noise such as biometrics [22]Then the predetermined threshold for biometric verificationcannot be used to measure outputs of hash functions Inthe registration phase of Dasrsquos scheme the register center 119877
119894
computes 119891119894= ℎ(119861
119894) and 119903
119894= ℎ(PW
119894) oplus 119891119894and then stores
119891119894and 119903
119894in the smart card In the login phase 119862
119894inserts
hisher smart card into the card reader and provides hisherpersonal biometrics 119861
119894on a specific device to verify the users
biometrics by verifying whether ℎ(119861119894) = 119891119894or not In Step 4 of
login phase password verification is performed by verifyingwhether 1199031015840
119894= 119903119894However both the biometric verification and
password verification procedures may result in serious flawsbecause ℎ(119861
119894) = 119891
119894may never succeed since the inputted
biometrics belonging to the same person may differ slightlyfrom time to time [22] so the next login and authenticationprocedure will be terminated As a result this may causethe legal user to be unable to pass biometric verification atthe login phase of Dasrsquos scheme Therefore Dasrsquos scheme isvulnerable to the denial-of-service attack
32 User Impersonation Attack We see from the login andauthentication phase of Dasrsquos scheme that an attacker canimpersonate a legal user to access to the server In the loginphase of Dasrsquos scheme since the user 119862
119894sends the message
⟨ID11989411987221198723⟩ to the remote server 119878
119894where 119862
119894identity is
not masked this will result in user impersonation attack asfollows
When an attack denoted as119860119894wants to access the remote
server heshe can eavesdrop the message ⟨ID11989411987221198723⟩ by
tapping communication lines or wireless link between the
legal user 119862119894and the remote server 119878
119894 Once 119860
119894derives
the message ⟨ID11989411987221198723⟩ he can send the eavesdropped
message to the remote server 119878119894 Since the legal userrsquos ID is
not masked so the check of userrsquos validity can easily pass Wecan clearly see that when 119878
119894computes1198721015840
4= ℎ(ID
119894 119883119904) and
11987210158405= 1198722oplus11987210158404 the verification of ℎ(1198721015840
5) = 119872
3is successful
Then 119878119894computes 1198721015840
6= 1198724oplus 119877119904 11987210158407= ℎ(119872
2 11987210158405) and
11987210158408
= ℎ(119877119904) and then sends message ⟨1198721015840
71198721015840611987210158408⟩ to 119862
119894
The attack119860119894may eavesdrops themessage ⟨1198721015840
71198721015840611987210158408⟩ and
modifies the11987210158407 replaces it with11987210158401015840
7 and then sends a forged
message ⟨1198721015840101584071198721015840611987210158408⟩ to 119862
119894 Obviously 11987210158401015840
7= ℎ(1198722 119877119888)
so 119862119894terminates the session However the attacker 119860
119894will
pass the verification ⟨119872101584071198721015840611987210158408⟩ and 119860
119894computes 1198721015840
9=
11987210158406oplus 1198721= 11987210158406oplus 1198724 Since the attack 119860
119894can verify 1198721015840
9=
11987210158408 he proceeds as follows by computing 1198721015840
10= ℎ(1198721015840
6
11987210158409) and sends message ⟨1198721015840
10⟩ to the remote server 119878
119894 On
receiving themessage the remote server 119878119894will verifywhether
119872101584010
= ℎ(1198726
119877119904) or not We can see obviously that the
above equation holds so the remote 119878119894accepts the attackerrsquos
login request and the user impersonation attack will occursequentially
33 Replay Attack In Dasrsquos scheme the replay and man-in-the-middle attack is withstood by checking whether 119872
1015840
5(=
1198722oplus1198724) = 119872
5 where119872
5is equal to 119877
119888and is stored in the
database of remote server 119878119894 It is noted that119872
5= 1198722oplus1198724
=
1198721oplus 119877119888oplus1198724= 119877119888(1198721= 1198724) is disclosed to any user when
one breaks the remote server 119878119894 When the remote server 119878
119894
is compromised by an attacker heshe can change ⟨ID1198941198725⟩
in the database of the remote server 119878119894 Obviously once 119872
5
is changed the replayed message ⟨ID1198941198721015840211987210158403⟩ will not be
discarded and1198725will be replaced by1198721015840
5
34 Password Change In password change procedure ofDasrsquos scheme if remote user 119862
119894wants to change hisher pass-
word heshe must pass biometric verification by verifyingℎ(119861119894) = 119891119894 However the inputted biometrics belonging to the
same personmay differ slightly from time to time [22] so thepassword change procedure will be terminated In additionfor more time since ℎ(119861
119894) = 119891119894 then 1199031015840
119894= ℎ(PWold
119894) oplus 119891
119894
computed by smart card is not equal to 119903119894stored in the
smart card so the password change procedure will also beterminated According to the above analysis Dasrsquos schemecannot realize the password change freely
4 Proposed Scheme
In this section we propose an improvement of the Dasrsquosbiometric-based remote user authentication scheme [21]using smart cards in order to withstand the flaws discussed inSection 3 For convenience we use the same notations used asin Dasrsquos scheme shown in Table 1
41 Registration Phase In order to login to the system theremote user119862
119894needs to perform the following steps as shown
in Algorithm 4
International Journal of Distributed Sensor Networks 5
119862119894
119878119894
(1)ID119894 119861119894 PW119894997888997888997888997888997888997888997888rarr
(2) computes 119891119894 119892119894 119903119894and 119890
119894
119891119894= ℎ(119861
119894)
119892119894= ℎ(ID
119894)
119903119894= ℎ(PW
119894) oplus 119891119894
119890119894= ℎ(119892
119894 119883119904) oplus 119903119894
(3)Smart card(ℎ(sdot) 119891119894 119892119894 119890119894 119903119894 120591 119889(sdot))larr997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888
Algorithm 4 Registration phase of our scheme
Step 1 The user 119862119894inputs hisher personal biometric 119861
119894on
a specific device and offers hisher password PW119894and the
identity ID119894to the registration center 119877
119894in person
Step 2 The registration center 119877119894then computes 119891
119894= ℎ(119861
119894)
119892119894= ℎ(ID
119894) 119903119894= ℎ(PW
119894)oplus119891119894 and 119890
119894= ℎ(119892
119894 119883119904)oplus119903119894 Here119883
119904
is secret information generated by the serverWe note that119883119904
and passwords of the corresponding users are not disclosed toany others for all secure future communications
Step 3 Finally the registration center 119877119894
loads(ℎ(sdot) 119891
119894 119892119894 119890119894 119903119894 120591 119889(sdot)) on the userrsquos smart card and
sends this information to the user 119862119894via a secure channel
42 Login Phase In order to login to the system the remoteuser 119862
119894needs to perform the following stages as shown in
Algorithm 5
Step 1 119862119894first inserts hisher smart card into the card reader
of a terminal and offers hisher personal biometric template1198611015840
119894 on the specific device If 119889(119861
119894 1198611015840
119894) gt 120591 the remote
user authentication is terminated Otherwise 119862119894passes the
biometric verification and then inputs hisher password PW119894
to perform Step 2
Step 2The smart card computes 1199031015840119894= ℎ(PW
119894)oplus119891119894 If119889(1199031015840
119894 119903119894) gt
120591 then password verification fails and the system terminatesthe session otherwise the smart card computes119872
1= 119890119894oplus 1199031015840119894
which is equal to ℎ(119892119894 119883119904) 1198722= ℎ(119877
119888 119879) where 119877
119888is a
random number generated by the user119862119894and119879 is the current
timestamp of 119862119894rsquos system and119872
3= 1198721oplus1198722
Step 3 Finally the user 119862119894sends the message ⟨119892
11989411987221198723 119879⟩
to the remote server 119878119894
43 Authentication Phase When the remote server 119878119894
receives the login request ⟨11989211989411987221198723 119879⟩ at time 119879lowast it will
perform the following steps as shown in Algorithm 6 toauthenticate whether the user 119862
119894is legal or not
Step 1 Verify T If (119879lowast minus 119879) gt Δ119879 the authenticationphase aborts where Δ119879 is the expected time interval for the
transmission delay of the system On the contrary if (119879lowast minus119879) le Δ119879 the next step will be performed
Step 2 119878119894checks the format of 119862
119894rsquos ID119894 It computes 119872
4=
ℎ(119892119894 119883119904) using the secret value119883
119904maintained by the server
119878119894and then computes 119872
5= 1198724oplus 1198723and verifies whether
1198725= 1198722 If it does not hold then 119878
119894rejects119862
119894rsquos login request
In case the verification is successful the next step will beperformed
Step 3 119878119894computes 119872
6= ℎ(119877
119904 119879119904) and 119872
7= 1198724oplus 1198726
where 119879119904is the current timestamp of the server 119878
119894 and then
119878119894sends message ⟨119872
411987261198727 119879119904⟩ to the user 119862
119894
Step 4 After receiving the message ⟨119872411987261198727 119879119904⟩ at
time 119879lowastlowast 119862119894first checks the freshness of 119879
119904by verifying
(119879lowastlowast minus 119879119904) gt Δ119879 If it holds the following session is
terminated otherwise 119862119894computes 119872
8= 119872
4oplus 1198727
and then verifies whether 1198728
= 1198726 If it does not
hold 119862119894terminates the session Otherwise it goes to the
next step
Step 5119862119894computes119872
9= 1198724oplus1198726and then verifies whether
1198729= 1198727 If it does not hold 119878
119894is rejected by 119862
119894 otherwise
if it holds 119862119894computes 119872
10= ℎ(119877
119888 1198791015840) where 1198791015840 is the
current timestamp of the user 119862119894 and then computes 119872
11=
1198727oplus11987210and sends the message ⟨119872
11 119877119888 1198791015840⟩ to the remote
server 119878119894
Step 6 When 119878119894receives the message ⟨119872
11 119877119888 1198791015840⟩ at
time 119879lowastlowastlowast it verifies (119879lowastlowastlowast minus 1198791015840) gt Δ119879 If it holds theauthentication phase is terminated Otherwise if it does nothold 119878
119894computes 119872
12= ℎ(119877
119888 1198791015840) and then computes
11987213
= 1198724oplus1198726oplus11987212 After computing119872
13 then 119878
119894verifies
whether 11987213
= 11987211 If it holds 119878
119894accepts 119862
119894rsquos login request
otherwise 119878119894rejects the login request
44 Password Change In our scheme user 119862119894can freely
change the password PWold119894
to a new one PWnew119894
Thepassword change procedure is performed as follows
Step 1119862119894inserts the smart card into the card reader and offers
hisher personal biometrics 1198611015840119894 then the smart card computes
1198911015840119894= ℎ(1198611015840
119894) and verifies it by checking 119889(1198911015840
119894 119891119894) le 120591 where
119891119894= ℎ(119861
119894) is the information stored in the smart card
Step 2 If it holds 119862119894inserts old password PWold
119894and new
password PWnew119894
otherwise the password change procedureis terminated
Step 3 Smart card performs 1199031015840119894= ℎ(PWold
119894) oplus 1198911015840119894and checks
119889(1199031015840119894 119903119894) le 120591 where 119903
119894is the information stored in the smart
cardStep 4 If it holds the smart card computes 11990310158401015840
119894= ℎ(PWnew
119894) oplus
119891119894 1198901015840119894= 119890119894oplus 119903119894(= ℎ(ID
119894 119883119904)) and 11989010158401015840
119894= 1198901015840119894oplus 119903119894
Step 5 Finally replace 119890119894with 11989010158401015840
119894and 119903119894with 11990310158401015840
119894on the smart
card
6 International Journal of Distributed Sensor Networks
119862119894
119878119894
(1) Inserts the smart card and inputs 1198611015840119894
(2) Verifies whether 119889(119861119894 1198611015840
119894) lt 120591
(3) If it holds then 119862119894inputs hisher password PW
119894
(4) Computes 1199031015840119894= ℎ(PW
119894) oplus 119891119894and verifies whether 119889(119903
119894 1199031015840119894) lt 120591
(5) If it holds the smart card computes1198721= 119890119894oplus 1199031015840119894
1198722= ℎ(119877
119888 119879)
1198723= 1198721oplus1198722
(6)⟨119892119894 1198722 1198723 119879⟩997888997888997888997888997888997888997888997888997888997888997888rarr
Algorithm 5 Login phase of our scheme
119862119894
119878119894
(1) When receiving ⟨11989211989411987221198723 119879⟩
119878119894checks (119879lowast minus 119879) gt Δ119879
(2) 119878119894computes119872
4= ℎ (119892
119894 119883119904)
1198725= 1198724oplus1198723 and verifies whether119872
5= 1198722
(3) 119878119894computes119872
6= ℎ(119877
119904 119879119904)
1198727= 1198724oplus1198726
⟨1198724 1198726 1198727 119879119904 ⟩larr997888997888997888997888997888997888997888997888997888997888997888997888997888
(4) When receiving ⟨1198724 1198726 1198727 119879119904⟩
at 119879lowastlowast 119862119894checks (119879lowastlowast minus 119879) gt Δ119879
computes1198728= 1198724oplus1198727 then verifies119872
8= 1198726
(5) 119862119894computes119872
9= 1198724oplus1198726 then verifies119872
9= 1198727 computes119872
10= ℎ(119877
119888 1198791015840) and
then11987211
= 1198727oplus11987210
⟨11987211 119877119888 1198791015840⟩
997888997888997888997888997888997888997888997888997888997888rarr
(6) When receiving ⟨11987211 119877119888 1198791015840⟩ at 119879lowastlowastlowast 119878
119894verifies (119879lowastlowastlowast minus 119879) gt Δ119879
then computes11987212
= ℎ(119877119888 1198791015840)
11987213
= 1198724oplus1198726oplus11987212 then verifies119872
13= 11987211
If it holds 119878119894accepts 1198621015840
119894119904 login request
Algorithm 6 Authentication phase of our scheme
5 Security Analysis and Performance ofthe Proposed Scheme
51 Security Analysis If a legal user lost hisher smart cardit is extremely hard for an adversary to derive the userrsquossensitive information such as userrsquos identity password andbiometrics because the extraction of parameters from thesmart card is quite difficult Furthermore the adversarycannot change the password because heshe cannot pass thebiometric verification
511 Denial-of-Service Attack In our proposed protocolwe take into account hash functionrsquos sensitivity to smallperturbations in its inputs In the login phase userrsquos biometricverification is performed by checking 119889(119861
119894 1198611015840119894) gt 120591 instead
of checking ℎ(1198611015840119894) = 119891119894 Moreover the password verification
is performed by checking 119889(1199031015840119894 119903119894) gt 120591 instead of 1199031015840
119894= 119903119894 So
denial-of-service attack caused by hash functionrsquos fundamen-tal properties can be withstood
512 Stolen-Verifier Attack Our scheme can resist stolen-verifier attack because the scheme is free from the veri-fierpassword table In our protocol the remote server 119878
119894does
not keep password tables Therefore an attacker cannot stealuserrsquos password from 119878
119894 Moreover the password ismasked by
hash function in the procedure of message transfer betweenthe user 119862
119894and remote server 119878
119894
513 Many Logged-In Users Attack Most systems whichmaintain the password table to verify user login are vulner-able to this kind of threat Our scheme can resist the threatsince our scheme requires on-card computation for login tothe remote server 119878
119894 and once the smart card is removed the
login process will be aborted
International Journal of Distributed Sensor Networks 7
514 Guessing Attack Our protocol can resist guessingattack which is a critical concern in password-based systemssince the password in our protocol is transmitted as a digestof some other secret information The attacker cannot guessthe userrsquos password from the digest because of the one-waycharacteristic of the hash function even if the attacker mayget the digest which contains the password
515 ReplayAttack Replaying an interceptedmessage can beprevented in our proposed protocol If an attacker intercepts⟨ID11989411987221198723 119879⟩ and tries to login to the remote server
119878119894via replaying the same message heshe cannot pass the
verification of the login request due to (119879lowast minus 119879) gt Δ119879 where119879lowast is the system time when the remote server 119878
119894receives
the replayed message Moreover if an attacker intercepts⟨119872411987261198727 119879119904⟩ and tries to replay the message to the user
119862119894 this kind of attack also can be prevented due to (119879lowastlowastminus119879
119904) gt
Δ119879
516 User Impersonation Attack In the login phase ofour scheme the message sent to remote server 119878
119894is
⟨11989211989411987221198723 119879⟩ instead of ⟨ID
11989411987221198723 119879⟩ where the userrsquos
identity ID119894is masked by hash function Even though an
attacker eavesdrops the message ⟨11989211989411987221198723 119879⟩ he cannot
derive the userrsquos identity ID119894 due to the one-way charac-
teristic of hash function In the authentication phase whenthe remote server 119878
119894receives the login request message
⟨11989211989411987221198723 119879⟩ it will check the validity of userrsquos identity
Since the attacker cannot derive legal userrsquos identity thecheck of userrsquos identity cannot pass which will result inthe termination of authentication phase Through the aboveanalysis we can see that user impersonation attack can beavoided in our scheme
517 Server Masquerading Attack If an attack 119860119894attempts
to masquerade as the legitimate server 119878119894 heshe must make
the forged replay message to the user when receiving theuserrsquos login request message ⟨119892
11989411987221198723 119879⟩ However the
forged replay message is more difficult to fake since thetime-stamped message ⟨119872
411987261198727 119879119904⟩ is sent to the user
119862119894when the remote server 119878
119894is receiving 119862
119894rsquos login request
message ⟨11989211989411987221198723 119879⟩ Moreover the attacker 119860
119894cannot
masquerade as the server by forging the replay message⟨119872411987261198727 119879119904⟩ because 119860
119894cannot compute (119872
41198727)
sending to the user 119862119894without knowing the secret value
119883119904kept by the server 119878
119894 Hence the attacker 119860
119894cannot
masquerade as the legal server to the user by launching theserver masquerading attack
518 Insider Attack In the registration phase if the userrsquospassword PW
119894and the biometrics information119861
119894are revealed
to the server 119878119894 the insider of the server may directly obtain
PW119894and 119861
119894 and the insider impersonates as the user 119862
119894to
access the userrsquos other accounts in the server But in the loginphase of our scheme if the insider wants to access 119862
119894rsquos other
accounts heshe must input hisher smart card to the cardreader and provide his biometric information 119861
1015840
119894in order to
pass the verification 119889(119861119894 1198611015840119894) lt 120591 Since the insider cannot
provide the user 119862119894rsquos smart card the biometric verification
will be aborted So the insider attack can be prevented
519 Mutual Authentication As described above ourscheme can withstand the user impersonation attack andserver masquerading attack consequently our scheme canprovide mutual authentication between the user 119862
119894and
remote server 119878119894
5110 Man-in-the-Middle Attack Man-in-the-middle attackmeans that an active attacker intercepts the communicationline between a legal user and the server and uses somemeansto successfully masquerade as both the server to the user andthe user to the server Then the user will believe that he istalking to the intended server and vice versa In our schemewhen a user 119862
119894wants to login to the remote server 119878
119894 mutual
authentication between the user 119862119894and remote server 119878
119894is
performed so man-in-the-middle attack can be prevented
52 Performance of the Proposed Scheme In this subsectionwe compare the performances of our improved schemewith those for Li-Hwangrsquos scheme [11] and Dasrsquos scheme[21] It is worth recalling that the protocol of Li-Hwangrsquosscheme [11] has security weaknesses against denial-of-serviceattack replay attack user impersonation attack and man-in-the-middle attack It is noted that Dasrsquos scheme [21] hassecurity weaknesses against denial-of-service attack userimpersonation attack replay attack server masqueradingattack and insider attack The security comparisons betweenour scheme and the schemes proposed by Li and Hwang [11]and Das [21] are summarized in Table 2 For the convenienceof evaluating the efficiency of related scheme we define thenotation 119879
ℎ the time of executing a one-way hash function
The efficiency comparison with related schemes is shown inTable 3 From the table we can see that our scheme is moreefficient than Dasrsquos scheme [21] Though our scheme is lessefficient than Li-Hwangrsquos scheme [11] it can provide bettersecurity against most attacks
6 Conclusion
This paper presents a biometric-based user authenticationscheme for clientserver system The method employs bio-metric keys and resists the threats of stolen-verifier of whichmany are logged-in users with the same login identity denial-of-service attack guessing attack insider attack replay attackuser impersonation attack server masquerading attack andman-in-the-middle attack Moreover the improved schemecan realize mutual authentication between the user andremote server The proposed scheme uses only hash functionand XOR operation which is efficient compared with thatof related protocols In addition the userrsquos password can bechanged freely using the proposed scheme Our proposedscheme provides strong authentication with the help of ver-ifying biometrics passwords and random nonces generatedby the user and server as compared to that of related schemes
8 International Journal of Distributed Sensor Networks
Table 2 Security comparisons among related protocols
Item Our scheme Li-Hwangrsquos scheme [11] Dasrsquos scheme [21]Avoiding denial-of-service attack Yes No NoAvoiding stolen-verifier attack Yes Yes YesAvoiding many logged-in users attack Yes Yes YesAvoiding guessing attack Yes Yes NoAvoiding replay attack Yes No NoAvoiding user impersonation attack Yes No NoAvoiding server masquerading attack Yes No NoAvoiding man-in-the-middle attack Yes No YesAvoiding insider attack Yes No NoMutual authentication Yes No NoHaving flaws in password change No Yes Yes
Table 3 Efficiency comparison with related schemes
Different phase Li-HwangrsquosScheme [11]
Dasrsquosscheme [21] Our scheme
RegistrationUser computation cost 2119879
ℎmdash 4119879
ℎ
Server computation cost mdash 3119879ℎ
mdashLogin
User computation cost 3119879ℎ
3119879ℎ
3119879ℎ
Server computation cost mdash mdash mdashAuthentication
User computation cost 2119879ℎ
3119879ℎ
119879ℎ
Server computation cost 3119879ℎ
5119879ℎ
3119879ℎ
Conflict of Interests
The authors declare that there is no conflict of interestsregarding the publication of this paper
Acknowledgments
The authors would like to thank the valuable comments andsuggestions of the reviewersThiswork is supported in part byNational Natural Science Foundation of China (no 61370223)and by Science Research Project of Hubei Provincial Depart-ment of Education (XD2012374 and B2013024)
References
[1] M S Hwang and C Y Liu ldquoAuthenticated encryption schemescurrent status and key issuesrdquo International Journal of NetworkSecurity vol 1 no 2 pp 61ndash73 2005
[2] N-Y Lee and Y-C Chiu ldquoImproved remote authenticationscheme with smart cardrdquo Computer Standards and Interfacesvol 27 no 2 pp 177ndash180 2005
[3] C T Li ldquoAn enhanced remote user authentication schemeproviding mutual authen- tication and key agreement withSmart Cardsrdquo in Proceedings of the 5th International IEEEComputer Society Conference on Information Assurance andSecurity pp 517ndash520 Xirsquoan China 2009
[4] MKim andC K Koc ldquoA simple attack on a recently introducedhash-based strong-password authentication schemerdquo Interna-tional Journal of Network Security vol 1 no 2 pp 77ndash80 2005
[5] K H M Wong Z Yuan C Jiannong and W ShengweildquoA dynamic user authentication scheme for wireless sensornetworksrdquo in Proceedings of the IEEE International Conferenceon Sensor Networks Ubiquitous and Trustworthy Computing(SUTC rsquo06) pp 244ndash251 Taichung Taiwan June 2006
[6] H-R Tseng R-H Jan and W Yang ldquoAn improved dynamicuser authentication scheme for wireless sensor networksrdquo inProceedings of the 50th Annual IEEEGlobal TelecommunicationsConference (GLOBECOM rsquo07) pp 986ndash990 Washington DCUSA November 2007
[7] T H Lee ldquoSimple dynamic user authen- tication protocolsfor wireless sensor networksrdquo in Proceedings of the 2nd Inter-national Conference on Sensor Technologies and Application(SENSORCOMMrsquo08) pp 657ndash660CapEsterel FranceAugust2008
[8] L-C Ko ldquoA novel dynamic user authentication scheme forwireless sensor networksrdquo in Proceedings of the IEEE Interna-tional Symposium on Wireless Communication Systems (ISWCSrsquo08) pp 608ndash612 Reykjavik Iceland October 2008
[9] B Vaidya J J Rodrigues and J H Park ldquoUser authenticationschemes with pseudonymity for ubiquitous sensor network inNGNrdquo International Journal of Communication Systems vol 23no 9-10 pp 1201ndash1222 2010
[10] J Daemen and R V Rijndael ldquoThe advanced encryptionstandardrdquo Dr Dobbrsquos Journal vol 26 no 3 pp 137ndash139 2001
[11] C-T Li and M-S Hwang ldquoAn efficient biometrics-basedremote user authentication scheme using smart cardsrdquo Journalof Network and Computer Applications vol 33 no 1 pp 1ndash52010
[12] A K Jain A Ross and S Prabhakar ldquoAn introduction to bio-metric recognitionrdquo IEEE Transactions on Circuits and Systemsfor Video Technology vol 14 no 1 pp 4ndash20 2004
[13] D Maltoni D Maio A K Jain and S Prabhakar Handbook ofFingerprint Recognition Springer New York NY USA 2009
[14] S Prabhakar S Pankanti and A K Jain ldquoBiometric recogni-tion security and privacy concernsrdquo IEEE Security and Privacyvol 1 no 2 pp 33ndash42 2003
[15] A Prakash ldquoA biometric approach for continuous user authen-tication by fusing hard and soft traitsrdquo International Journal ofNetwork Security vol 16 no 1 pp 65ndash70 2014
International Journal of Distributed Sensor Networks 9
[16] C K Dimitriadis and S A Shaikh ldquoA biometric authenticationprotocol for 3G mobile systems modelled and validated usingCSP and rank functionsrdquo International Journal of NetworkSecurity vol 5 no 1 pp 99ndash111 2007
[17] A Yang ldquoSecurity weaknesses and improvements of afingerprint-based remote user authentication scheme usingsmart cardsrdquo International Journal of Advancements inComputing Technology vol 4 no 3 pp 21ndash28 2012
[18] A N Younghwa ldquoSecurity analysis and enhancements of aneffective biometric-based remote user authentication schemeusing smart cardsrdquo Journal of Biomedicine and Biotechnologyvol 2012 Article ID 519723 6 pages 2012
[19] C-H Lin and Y-Y Lai ldquoA flexible biometrics remote userauthentication schemerdquoComputer Standards and Interfaces vol27 no 1 pp 19ndash23 2004
[20] C-T Li and M-S Hwang ldquoAn efficient biometrics-basedremote user authentication scheme using smart cardsrdquo Journalof Network and Computer Applications vol 33 no 1 pp 1ndash52010
[21] A KDas ldquoAnalysis and improvement on an efficient biometric-based remote user authentication scheme using smart cardsrdquoIET Information Security vol 5 no 3 pp 145ndash151 2011
[22] J P Linnartz and P Tuyls ldquoNew shielding functions toenhance privacy and prevent misuse of biometric templatesrdquoin Proceedings of the Audio and Video-Based Biometric PersonAuthentication vol 2688 of Lecture Notes in Computer Sciencepp 393ndash402 2003
International Journal of
AerospaceEngineeringHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
RoboticsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Active and Passive Electronic Components
Control Scienceand Engineering
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of
RotatingMachinery
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporation httpwwwhindawicom
Journal ofEngineeringVolume 2014
Submit your manuscripts athttpwwwhindawicom
VLSI Design
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Shock and Vibration
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Civil EngineeringAdvances in
Acoustics and VibrationAdvances in
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Electrical and Computer Engineering
Journal of
Advances inOptoElectronics
Hindawi Publishing Corporation httpwwwhindawicom
Volume 2014
The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014
SensorsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Modelling amp Simulation in EngineeringHindawi Publishing Corporation httpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Chemical EngineeringInternational Journal of Antennas and
Propagation
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Navigation and Observation
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
DistributedSensor Networks
International Journal of
International Journal of Distributed Sensor Networks 3
119862119894
119878119894
(1) Inserts the smart card and 119861119894
(2) Verifies whether 119861119894matches with template stored in system
(3) If it holds then 119862119894inputs hisher password PW
119894
(4) Computes 1199031015840119894= ℎ(PW
119894) oplus 119891119894
(5) Checks if 1199031015840119894= 119903119894
(6) If it holds the smart card computes the following1198721= 119890119894oplus 1199031015840119894
1198722= 1198721oplus 119877119888
1198723= ℎ(119877
119888)
(7)⟨ID119894 1198722 1198723⟩997888997888997888997888997888997888997888997888997888997888rarr
Algorithm 2 Login phase of Dasrsquos scheme
119862119894
119878119894
(1) Checks whether the format of 1198621015840119894s ID119894is valid or not
If above holds 119878119894computes the following
1198724= ℎ(ID
119894 119883119878)
1198725= 1198722oplus1198724
(2) Verifies whether ℎ(1198725) = 119872
3
If it holds then computes1198726= 1198724oplus 119877119904
1198727= ℎ(119872
2 1198725)
1198728= ℎ(119877
119904)
(3)⟨1198727 1198726 1198728⟩larr997888997888997888997888997888997888997888997888997888997888
(4) Verifies whether1198727= ℎ(119872
2 119877119888)
(5) If above holds 119862119894computes
1198729= 1198726oplus1198721
Verifies whether ℎ(1198729) = 119872
8
If it does not hold 119878119894is rejected by 119862
119894
Otherwise if it holds then computes11987210
= ℎ(1198726 1198729)
(6)⟨11987210⟩997888997888997888997888997888rarr
(7) Verifies whether11987210
= ℎ(1198726 119877119904)
(8) If it holds 119878119894accepts 1198621015840
119894s login request
(9) Otherwise 119878119894rejects 1198621015840
119894s login request
Algorithm 3 Authentication phase of Dasrsquos scheme
Step 1 119878119894first checks the format of 119862
119894rsquos ID119894
Step 2 If the above format is valid 119878119894then computes 119872
4=
ℎ(ID119894 119883119904) 1198725
= 1198722oplus 1198724and then verifies whether
ℎ(1198725) = 119872
3 If it does not hold then 119878
119894rejects 119862
119894rsquos login
request In case the verification is successful then 119878119894computes
1198726= 1198724oplus 1198771199041198727= ℎ(119872
2 1198725) and119872
8= ℎ(119877
119904)
Step 3 119878119894then sends the message ⟨119872
711987261198728⟩ to 119862
119894
Step 4 After receiving the message in Step 3 119862119894verifies
whether 1198727
= ℎ(1198722
119877119888) Thus if the verification does
not pass 119862119894terminates the session Otherwise 119862
119894proceeds
as follows by computing1198729= 1198726oplus1198721(= 119877119904) and verifying
further whether ℎ(1198729) = 119872
8 If ℎ(119872
9) =1198728 119862119894terminates
the session On the other hand 119862119894computes 119872
10= ℎ(119872
6
1198729) and sends the message ⟨119872
10⟩ to the server 119878
119894
Step 5 After receiving119862119894rsquos message 119878
119894verifies whether119872
10=
ℎ(1198726 119877119904)
Step 6 If the abovementioned does not hold 119878119894rejects 119862
119894rsquos
login request
Step 7 In case the verification is successful then only 119878119894
accepts 119862119894rsquos login request
24 Password Change The password change phase of Dasrsquosscheme [21] has the following steps
4 International Journal of Distributed Sensor Networks
Step 1 It inserts the smart card into the card reader and offers119861119894
Step 2 It verifies whether the userrsquos personal biometrictemplate119861
119894matches against the template stored in the system
Step 3 If 119862119894passes the biometric verification then only
119862119894enters hisher old password PWold
119894and new changed
password PWnew119894
Step 4 The smart card then computes 1199031015840119894= ℎ(PWold
119894) oplus 119891119894
if 1199031015840119894
= 119903119894 the password change phase is terminated If 1199031015840
119894= 119903119894
then only smart card computes 11990310158401015840119894
= ℎ(PWnew119894
) oplus 119891119894 1198901015840119894=
119890119894oplus 119903119894(= ℎ(ID
119894 119883119904)) and 11989010158401015840
119894= 1198901015840119894oplus 119903119894
Step 5 Finally replace 119890119894with 11989010158401015840
119894and 119903119894with 11990310158401015840
119894on the smart
card
3 Cryptanalysis of Dasrsquos Scheme
This section demonstrates that Dasrsquos scheme [21] has somedrawbacks denial-of-service attack user impersonationattack replay attack and password change problem
31 Denial-of-Service Attack One of fundamental propertiesof a secure one-way hash function is that its outputs are verysensitive to small perturbations in their inputs The crypto-graphic hash function cannot be applied straightforwardlywhen the input data are with noise such as biometrics [22]Then the predetermined threshold for biometric verificationcannot be used to measure outputs of hash functions Inthe registration phase of Dasrsquos scheme the register center 119877
119894
computes 119891119894= ℎ(119861
119894) and 119903
119894= ℎ(PW
119894) oplus 119891119894and then stores
119891119894and 119903
119894in the smart card In the login phase 119862
119894inserts
hisher smart card into the card reader and provides hisherpersonal biometrics 119861
119894on a specific device to verify the users
biometrics by verifying whether ℎ(119861119894) = 119891119894or not In Step 4 of
login phase password verification is performed by verifyingwhether 1199031015840
119894= 119903119894However both the biometric verification and
password verification procedures may result in serious flawsbecause ℎ(119861
119894) = 119891
119894may never succeed since the inputted
biometrics belonging to the same person may differ slightlyfrom time to time [22] so the next login and authenticationprocedure will be terminated As a result this may causethe legal user to be unable to pass biometric verification atthe login phase of Dasrsquos scheme Therefore Dasrsquos scheme isvulnerable to the denial-of-service attack
32 User Impersonation Attack We see from the login andauthentication phase of Dasrsquos scheme that an attacker canimpersonate a legal user to access to the server In the loginphase of Dasrsquos scheme since the user 119862
119894sends the message
⟨ID11989411987221198723⟩ to the remote server 119878
119894where 119862
119894identity is
not masked this will result in user impersonation attack asfollows
When an attack denoted as119860119894wants to access the remote
server heshe can eavesdrop the message ⟨ID11989411987221198723⟩ by
tapping communication lines or wireless link between the
legal user 119862119894and the remote server 119878
119894 Once 119860
119894derives
the message ⟨ID11989411987221198723⟩ he can send the eavesdropped
message to the remote server 119878119894 Since the legal userrsquos ID is
not masked so the check of userrsquos validity can easily pass Wecan clearly see that when 119878
119894computes1198721015840
4= ℎ(ID
119894 119883119904) and
11987210158405= 1198722oplus11987210158404 the verification of ℎ(1198721015840
5) = 119872
3is successful
Then 119878119894computes 1198721015840
6= 1198724oplus 119877119904 11987210158407= ℎ(119872
2 11987210158405) and
11987210158408
= ℎ(119877119904) and then sends message ⟨1198721015840
71198721015840611987210158408⟩ to 119862
119894
The attack119860119894may eavesdrops themessage ⟨1198721015840
71198721015840611987210158408⟩ and
modifies the11987210158407 replaces it with11987210158401015840
7 and then sends a forged
message ⟨1198721015840101584071198721015840611987210158408⟩ to 119862
119894 Obviously 11987210158401015840
7= ℎ(1198722 119877119888)
so 119862119894terminates the session However the attacker 119860
119894will
pass the verification ⟨119872101584071198721015840611987210158408⟩ and 119860
119894computes 1198721015840
9=
11987210158406oplus 1198721= 11987210158406oplus 1198724 Since the attack 119860
119894can verify 1198721015840
9=
11987210158408 he proceeds as follows by computing 1198721015840
10= ℎ(1198721015840
6
11987210158409) and sends message ⟨1198721015840
10⟩ to the remote server 119878
119894 On
receiving themessage the remote server 119878119894will verifywhether
119872101584010
= ℎ(1198726
119877119904) or not We can see obviously that the
above equation holds so the remote 119878119894accepts the attackerrsquos
login request and the user impersonation attack will occursequentially
33 Replay Attack In Dasrsquos scheme the replay and man-in-the-middle attack is withstood by checking whether 119872
1015840
5(=
1198722oplus1198724) = 119872
5 where119872
5is equal to 119877
119888and is stored in the
database of remote server 119878119894 It is noted that119872
5= 1198722oplus1198724
=
1198721oplus 119877119888oplus1198724= 119877119888(1198721= 1198724) is disclosed to any user when
one breaks the remote server 119878119894 When the remote server 119878
119894
is compromised by an attacker heshe can change ⟨ID1198941198725⟩
in the database of the remote server 119878119894 Obviously once 119872
5
is changed the replayed message ⟨ID1198941198721015840211987210158403⟩ will not be
discarded and1198725will be replaced by1198721015840
5
34 Password Change In password change procedure ofDasrsquos scheme if remote user 119862
119894wants to change hisher pass-
word heshe must pass biometric verification by verifyingℎ(119861119894) = 119891119894 However the inputted biometrics belonging to the
same personmay differ slightly from time to time [22] so thepassword change procedure will be terminated In additionfor more time since ℎ(119861
119894) = 119891119894 then 1199031015840
119894= ℎ(PWold
119894) oplus 119891
119894
computed by smart card is not equal to 119903119894stored in the
smart card so the password change procedure will also beterminated According to the above analysis Dasrsquos schemecannot realize the password change freely
4 Proposed Scheme
In this section we propose an improvement of the Dasrsquosbiometric-based remote user authentication scheme [21]using smart cards in order to withstand the flaws discussed inSection 3 For convenience we use the same notations used asin Dasrsquos scheme shown in Table 1
41 Registration Phase In order to login to the system theremote user119862
119894needs to perform the following steps as shown
in Algorithm 4
International Journal of Distributed Sensor Networks 5
119862119894
119878119894
(1)ID119894 119861119894 PW119894997888997888997888997888997888997888997888rarr
(2) computes 119891119894 119892119894 119903119894and 119890
119894
119891119894= ℎ(119861
119894)
119892119894= ℎ(ID
119894)
119903119894= ℎ(PW
119894) oplus 119891119894
119890119894= ℎ(119892
119894 119883119904) oplus 119903119894
(3)Smart card(ℎ(sdot) 119891119894 119892119894 119890119894 119903119894 120591 119889(sdot))larr997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888
Algorithm 4 Registration phase of our scheme
Step 1 The user 119862119894inputs hisher personal biometric 119861
119894on
a specific device and offers hisher password PW119894and the
identity ID119894to the registration center 119877
119894in person
Step 2 The registration center 119877119894then computes 119891
119894= ℎ(119861
119894)
119892119894= ℎ(ID
119894) 119903119894= ℎ(PW
119894)oplus119891119894 and 119890
119894= ℎ(119892
119894 119883119904)oplus119903119894 Here119883
119904
is secret information generated by the serverWe note that119883119904
and passwords of the corresponding users are not disclosed toany others for all secure future communications
Step 3 Finally the registration center 119877119894
loads(ℎ(sdot) 119891
119894 119892119894 119890119894 119903119894 120591 119889(sdot)) on the userrsquos smart card and
sends this information to the user 119862119894via a secure channel
42 Login Phase In order to login to the system the remoteuser 119862
119894needs to perform the following stages as shown in
Algorithm 5
Step 1 119862119894first inserts hisher smart card into the card reader
of a terminal and offers hisher personal biometric template1198611015840
119894 on the specific device If 119889(119861
119894 1198611015840
119894) gt 120591 the remote
user authentication is terminated Otherwise 119862119894passes the
biometric verification and then inputs hisher password PW119894
to perform Step 2
Step 2The smart card computes 1199031015840119894= ℎ(PW
119894)oplus119891119894 If119889(1199031015840
119894 119903119894) gt
120591 then password verification fails and the system terminatesthe session otherwise the smart card computes119872
1= 119890119894oplus 1199031015840119894
which is equal to ℎ(119892119894 119883119904) 1198722= ℎ(119877
119888 119879) where 119877
119888is a
random number generated by the user119862119894and119879 is the current
timestamp of 119862119894rsquos system and119872
3= 1198721oplus1198722
Step 3 Finally the user 119862119894sends the message ⟨119892
11989411987221198723 119879⟩
to the remote server 119878119894
43 Authentication Phase When the remote server 119878119894
receives the login request ⟨11989211989411987221198723 119879⟩ at time 119879lowast it will
perform the following steps as shown in Algorithm 6 toauthenticate whether the user 119862
119894is legal or not
Step 1 Verify T If (119879lowast minus 119879) gt Δ119879 the authenticationphase aborts where Δ119879 is the expected time interval for the
transmission delay of the system On the contrary if (119879lowast minus119879) le Δ119879 the next step will be performed
Step 2 119878119894checks the format of 119862
119894rsquos ID119894 It computes 119872
4=
ℎ(119892119894 119883119904) using the secret value119883
119904maintained by the server
119878119894and then computes 119872
5= 1198724oplus 1198723and verifies whether
1198725= 1198722 If it does not hold then 119878
119894rejects119862
119894rsquos login request
In case the verification is successful the next step will beperformed
Step 3 119878119894computes 119872
6= ℎ(119877
119904 119879119904) and 119872
7= 1198724oplus 1198726
where 119879119904is the current timestamp of the server 119878
119894 and then
119878119894sends message ⟨119872
411987261198727 119879119904⟩ to the user 119862
119894
Step 4 After receiving the message ⟨119872411987261198727 119879119904⟩ at
time 119879lowastlowast 119862119894first checks the freshness of 119879
119904by verifying
(119879lowastlowast minus 119879119904) gt Δ119879 If it holds the following session is
terminated otherwise 119862119894computes 119872
8= 119872
4oplus 1198727
and then verifies whether 1198728
= 1198726 If it does not
hold 119862119894terminates the session Otherwise it goes to the
next step
Step 5119862119894computes119872
9= 1198724oplus1198726and then verifies whether
1198729= 1198727 If it does not hold 119878
119894is rejected by 119862
119894 otherwise
if it holds 119862119894computes 119872
10= ℎ(119877
119888 1198791015840) where 1198791015840 is the
current timestamp of the user 119862119894 and then computes 119872
11=
1198727oplus11987210and sends the message ⟨119872
11 119877119888 1198791015840⟩ to the remote
server 119878119894
Step 6 When 119878119894receives the message ⟨119872
11 119877119888 1198791015840⟩ at
time 119879lowastlowastlowast it verifies (119879lowastlowastlowast minus 1198791015840) gt Δ119879 If it holds theauthentication phase is terminated Otherwise if it does nothold 119878
119894computes 119872
12= ℎ(119877
119888 1198791015840) and then computes
11987213
= 1198724oplus1198726oplus11987212 After computing119872
13 then 119878
119894verifies
whether 11987213
= 11987211 If it holds 119878
119894accepts 119862
119894rsquos login request
otherwise 119878119894rejects the login request
44 Password Change In our scheme user 119862119894can freely
change the password PWold119894
to a new one PWnew119894
Thepassword change procedure is performed as follows
Step 1119862119894inserts the smart card into the card reader and offers
hisher personal biometrics 1198611015840119894 then the smart card computes
1198911015840119894= ℎ(1198611015840
119894) and verifies it by checking 119889(1198911015840
119894 119891119894) le 120591 where
119891119894= ℎ(119861
119894) is the information stored in the smart card
Step 2 If it holds 119862119894inserts old password PWold
119894and new
password PWnew119894
otherwise the password change procedureis terminated
Step 3 Smart card performs 1199031015840119894= ℎ(PWold
119894) oplus 1198911015840119894and checks
119889(1199031015840119894 119903119894) le 120591 where 119903
119894is the information stored in the smart
cardStep 4 If it holds the smart card computes 11990310158401015840
119894= ℎ(PWnew
119894) oplus
119891119894 1198901015840119894= 119890119894oplus 119903119894(= ℎ(ID
119894 119883119904)) and 11989010158401015840
119894= 1198901015840119894oplus 119903119894
Step 5 Finally replace 119890119894with 11989010158401015840
119894and 119903119894with 11990310158401015840
119894on the smart
card
6 International Journal of Distributed Sensor Networks
119862119894
119878119894
(1) Inserts the smart card and inputs 1198611015840119894
(2) Verifies whether 119889(119861119894 1198611015840
119894) lt 120591
(3) If it holds then 119862119894inputs hisher password PW
119894
(4) Computes 1199031015840119894= ℎ(PW
119894) oplus 119891119894and verifies whether 119889(119903
119894 1199031015840119894) lt 120591
(5) If it holds the smart card computes1198721= 119890119894oplus 1199031015840119894
1198722= ℎ(119877
119888 119879)
1198723= 1198721oplus1198722
(6)⟨119892119894 1198722 1198723 119879⟩997888997888997888997888997888997888997888997888997888997888997888rarr
Algorithm 5 Login phase of our scheme
119862119894
119878119894
(1) When receiving ⟨11989211989411987221198723 119879⟩
119878119894checks (119879lowast minus 119879) gt Δ119879
(2) 119878119894computes119872
4= ℎ (119892
119894 119883119904)
1198725= 1198724oplus1198723 and verifies whether119872
5= 1198722
(3) 119878119894computes119872
6= ℎ(119877
119904 119879119904)
1198727= 1198724oplus1198726
⟨1198724 1198726 1198727 119879119904 ⟩larr997888997888997888997888997888997888997888997888997888997888997888997888997888
(4) When receiving ⟨1198724 1198726 1198727 119879119904⟩
at 119879lowastlowast 119862119894checks (119879lowastlowast minus 119879) gt Δ119879
computes1198728= 1198724oplus1198727 then verifies119872
8= 1198726
(5) 119862119894computes119872
9= 1198724oplus1198726 then verifies119872
9= 1198727 computes119872
10= ℎ(119877
119888 1198791015840) and
then11987211
= 1198727oplus11987210
⟨11987211 119877119888 1198791015840⟩
997888997888997888997888997888997888997888997888997888997888rarr
(6) When receiving ⟨11987211 119877119888 1198791015840⟩ at 119879lowastlowastlowast 119878
119894verifies (119879lowastlowastlowast minus 119879) gt Δ119879
then computes11987212
= ℎ(119877119888 1198791015840)
11987213
= 1198724oplus1198726oplus11987212 then verifies119872
13= 11987211
If it holds 119878119894accepts 1198621015840
119894119904 login request
Algorithm 6 Authentication phase of our scheme
5 Security Analysis and Performance ofthe Proposed Scheme
51 Security Analysis If a legal user lost hisher smart cardit is extremely hard for an adversary to derive the userrsquossensitive information such as userrsquos identity password andbiometrics because the extraction of parameters from thesmart card is quite difficult Furthermore the adversarycannot change the password because heshe cannot pass thebiometric verification
511 Denial-of-Service Attack In our proposed protocolwe take into account hash functionrsquos sensitivity to smallperturbations in its inputs In the login phase userrsquos biometricverification is performed by checking 119889(119861
119894 1198611015840119894) gt 120591 instead
of checking ℎ(1198611015840119894) = 119891119894 Moreover the password verification
is performed by checking 119889(1199031015840119894 119903119894) gt 120591 instead of 1199031015840
119894= 119903119894 So
denial-of-service attack caused by hash functionrsquos fundamen-tal properties can be withstood
512 Stolen-Verifier Attack Our scheme can resist stolen-verifier attack because the scheme is free from the veri-fierpassword table In our protocol the remote server 119878
119894does
not keep password tables Therefore an attacker cannot stealuserrsquos password from 119878
119894 Moreover the password ismasked by
hash function in the procedure of message transfer betweenthe user 119862
119894and remote server 119878
119894
513 Many Logged-In Users Attack Most systems whichmaintain the password table to verify user login are vulner-able to this kind of threat Our scheme can resist the threatsince our scheme requires on-card computation for login tothe remote server 119878
119894 and once the smart card is removed the
login process will be aborted
International Journal of Distributed Sensor Networks 7
514 Guessing Attack Our protocol can resist guessingattack which is a critical concern in password-based systemssince the password in our protocol is transmitted as a digestof some other secret information The attacker cannot guessthe userrsquos password from the digest because of the one-waycharacteristic of the hash function even if the attacker mayget the digest which contains the password
515 ReplayAttack Replaying an interceptedmessage can beprevented in our proposed protocol If an attacker intercepts⟨ID11989411987221198723 119879⟩ and tries to login to the remote server
119878119894via replaying the same message heshe cannot pass the
verification of the login request due to (119879lowast minus 119879) gt Δ119879 where119879lowast is the system time when the remote server 119878
119894receives
the replayed message Moreover if an attacker intercepts⟨119872411987261198727 119879119904⟩ and tries to replay the message to the user
119862119894 this kind of attack also can be prevented due to (119879lowastlowastminus119879
119904) gt
Δ119879
516 User Impersonation Attack In the login phase ofour scheme the message sent to remote server 119878
119894is
⟨11989211989411987221198723 119879⟩ instead of ⟨ID
11989411987221198723 119879⟩ where the userrsquos
identity ID119894is masked by hash function Even though an
attacker eavesdrops the message ⟨11989211989411987221198723 119879⟩ he cannot
derive the userrsquos identity ID119894 due to the one-way charac-
teristic of hash function In the authentication phase whenthe remote server 119878
119894receives the login request message
⟨11989211989411987221198723 119879⟩ it will check the validity of userrsquos identity
Since the attacker cannot derive legal userrsquos identity thecheck of userrsquos identity cannot pass which will result inthe termination of authentication phase Through the aboveanalysis we can see that user impersonation attack can beavoided in our scheme
517 Server Masquerading Attack If an attack 119860119894attempts
to masquerade as the legitimate server 119878119894 heshe must make
the forged replay message to the user when receiving theuserrsquos login request message ⟨119892
11989411987221198723 119879⟩ However the
forged replay message is more difficult to fake since thetime-stamped message ⟨119872
411987261198727 119879119904⟩ is sent to the user
119862119894when the remote server 119878
119894is receiving 119862
119894rsquos login request
message ⟨11989211989411987221198723 119879⟩ Moreover the attacker 119860
119894cannot
masquerade as the server by forging the replay message⟨119872411987261198727 119879119904⟩ because 119860
119894cannot compute (119872
41198727)
sending to the user 119862119894without knowing the secret value
119883119904kept by the server 119878
119894 Hence the attacker 119860
119894cannot
masquerade as the legal server to the user by launching theserver masquerading attack
518 Insider Attack In the registration phase if the userrsquospassword PW
119894and the biometrics information119861
119894are revealed
to the server 119878119894 the insider of the server may directly obtain
PW119894and 119861
119894 and the insider impersonates as the user 119862
119894to
access the userrsquos other accounts in the server But in the loginphase of our scheme if the insider wants to access 119862
119894rsquos other
accounts heshe must input hisher smart card to the cardreader and provide his biometric information 119861
1015840
119894in order to
pass the verification 119889(119861119894 1198611015840119894) lt 120591 Since the insider cannot
provide the user 119862119894rsquos smart card the biometric verification
will be aborted So the insider attack can be prevented
519 Mutual Authentication As described above ourscheme can withstand the user impersonation attack andserver masquerading attack consequently our scheme canprovide mutual authentication between the user 119862
119894and
remote server 119878119894
5110 Man-in-the-Middle Attack Man-in-the-middle attackmeans that an active attacker intercepts the communicationline between a legal user and the server and uses somemeansto successfully masquerade as both the server to the user andthe user to the server Then the user will believe that he istalking to the intended server and vice versa In our schemewhen a user 119862
119894wants to login to the remote server 119878
119894 mutual
authentication between the user 119862119894and remote server 119878
119894is
performed so man-in-the-middle attack can be prevented
52 Performance of the Proposed Scheme In this subsectionwe compare the performances of our improved schemewith those for Li-Hwangrsquos scheme [11] and Dasrsquos scheme[21] It is worth recalling that the protocol of Li-Hwangrsquosscheme [11] has security weaknesses against denial-of-serviceattack replay attack user impersonation attack and man-in-the-middle attack It is noted that Dasrsquos scheme [21] hassecurity weaknesses against denial-of-service attack userimpersonation attack replay attack server masqueradingattack and insider attack The security comparisons betweenour scheme and the schemes proposed by Li and Hwang [11]and Das [21] are summarized in Table 2 For the convenienceof evaluating the efficiency of related scheme we define thenotation 119879
ℎ the time of executing a one-way hash function
The efficiency comparison with related schemes is shown inTable 3 From the table we can see that our scheme is moreefficient than Dasrsquos scheme [21] Though our scheme is lessefficient than Li-Hwangrsquos scheme [11] it can provide bettersecurity against most attacks
6 Conclusion
This paper presents a biometric-based user authenticationscheme for clientserver system The method employs bio-metric keys and resists the threats of stolen-verifier of whichmany are logged-in users with the same login identity denial-of-service attack guessing attack insider attack replay attackuser impersonation attack server masquerading attack andman-in-the-middle attack Moreover the improved schemecan realize mutual authentication between the user andremote server The proposed scheme uses only hash functionand XOR operation which is efficient compared with thatof related protocols In addition the userrsquos password can bechanged freely using the proposed scheme Our proposedscheme provides strong authentication with the help of ver-ifying biometrics passwords and random nonces generatedby the user and server as compared to that of related schemes
8 International Journal of Distributed Sensor Networks
Table 2 Security comparisons among related protocols
Item Our scheme Li-Hwangrsquos scheme [11] Dasrsquos scheme [21]Avoiding denial-of-service attack Yes No NoAvoiding stolen-verifier attack Yes Yes YesAvoiding many logged-in users attack Yes Yes YesAvoiding guessing attack Yes Yes NoAvoiding replay attack Yes No NoAvoiding user impersonation attack Yes No NoAvoiding server masquerading attack Yes No NoAvoiding man-in-the-middle attack Yes No YesAvoiding insider attack Yes No NoMutual authentication Yes No NoHaving flaws in password change No Yes Yes
Table 3 Efficiency comparison with related schemes
Different phase Li-HwangrsquosScheme [11]
Dasrsquosscheme [21] Our scheme
RegistrationUser computation cost 2119879
ℎmdash 4119879
ℎ
Server computation cost mdash 3119879ℎ
mdashLogin
User computation cost 3119879ℎ
3119879ℎ
3119879ℎ
Server computation cost mdash mdash mdashAuthentication
User computation cost 2119879ℎ
3119879ℎ
119879ℎ
Server computation cost 3119879ℎ
5119879ℎ
3119879ℎ
Conflict of Interests
The authors declare that there is no conflict of interestsregarding the publication of this paper
Acknowledgments
The authors would like to thank the valuable comments andsuggestions of the reviewersThiswork is supported in part byNational Natural Science Foundation of China (no 61370223)and by Science Research Project of Hubei Provincial Depart-ment of Education (XD2012374 and B2013024)
References
[1] M S Hwang and C Y Liu ldquoAuthenticated encryption schemescurrent status and key issuesrdquo International Journal of NetworkSecurity vol 1 no 2 pp 61ndash73 2005
[2] N-Y Lee and Y-C Chiu ldquoImproved remote authenticationscheme with smart cardrdquo Computer Standards and Interfacesvol 27 no 2 pp 177ndash180 2005
[3] C T Li ldquoAn enhanced remote user authentication schemeproviding mutual authen- tication and key agreement withSmart Cardsrdquo in Proceedings of the 5th International IEEEComputer Society Conference on Information Assurance andSecurity pp 517ndash520 Xirsquoan China 2009
[4] MKim andC K Koc ldquoA simple attack on a recently introducedhash-based strong-password authentication schemerdquo Interna-tional Journal of Network Security vol 1 no 2 pp 77ndash80 2005
[5] K H M Wong Z Yuan C Jiannong and W ShengweildquoA dynamic user authentication scheme for wireless sensornetworksrdquo in Proceedings of the IEEE International Conferenceon Sensor Networks Ubiquitous and Trustworthy Computing(SUTC rsquo06) pp 244ndash251 Taichung Taiwan June 2006
[6] H-R Tseng R-H Jan and W Yang ldquoAn improved dynamicuser authentication scheme for wireless sensor networksrdquo inProceedings of the 50th Annual IEEEGlobal TelecommunicationsConference (GLOBECOM rsquo07) pp 986ndash990 Washington DCUSA November 2007
[7] T H Lee ldquoSimple dynamic user authen- tication protocolsfor wireless sensor networksrdquo in Proceedings of the 2nd Inter-national Conference on Sensor Technologies and Application(SENSORCOMMrsquo08) pp 657ndash660CapEsterel FranceAugust2008
[8] L-C Ko ldquoA novel dynamic user authentication scheme forwireless sensor networksrdquo in Proceedings of the IEEE Interna-tional Symposium on Wireless Communication Systems (ISWCSrsquo08) pp 608ndash612 Reykjavik Iceland October 2008
[9] B Vaidya J J Rodrigues and J H Park ldquoUser authenticationschemes with pseudonymity for ubiquitous sensor network inNGNrdquo International Journal of Communication Systems vol 23no 9-10 pp 1201ndash1222 2010
[10] J Daemen and R V Rijndael ldquoThe advanced encryptionstandardrdquo Dr Dobbrsquos Journal vol 26 no 3 pp 137ndash139 2001
[11] C-T Li and M-S Hwang ldquoAn efficient biometrics-basedremote user authentication scheme using smart cardsrdquo Journalof Network and Computer Applications vol 33 no 1 pp 1ndash52010
[12] A K Jain A Ross and S Prabhakar ldquoAn introduction to bio-metric recognitionrdquo IEEE Transactions on Circuits and Systemsfor Video Technology vol 14 no 1 pp 4ndash20 2004
[13] D Maltoni D Maio A K Jain and S Prabhakar Handbook ofFingerprint Recognition Springer New York NY USA 2009
[14] S Prabhakar S Pankanti and A K Jain ldquoBiometric recogni-tion security and privacy concernsrdquo IEEE Security and Privacyvol 1 no 2 pp 33ndash42 2003
[15] A Prakash ldquoA biometric approach for continuous user authen-tication by fusing hard and soft traitsrdquo International Journal ofNetwork Security vol 16 no 1 pp 65ndash70 2014
International Journal of Distributed Sensor Networks 9
[16] C K Dimitriadis and S A Shaikh ldquoA biometric authenticationprotocol for 3G mobile systems modelled and validated usingCSP and rank functionsrdquo International Journal of NetworkSecurity vol 5 no 1 pp 99ndash111 2007
[17] A Yang ldquoSecurity weaknesses and improvements of afingerprint-based remote user authentication scheme usingsmart cardsrdquo International Journal of Advancements inComputing Technology vol 4 no 3 pp 21ndash28 2012
[18] A N Younghwa ldquoSecurity analysis and enhancements of aneffective biometric-based remote user authentication schemeusing smart cardsrdquo Journal of Biomedicine and Biotechnologyvol 2012 Article ID 519723 6 pages 2012
[19] C-H Lin and Y-Y Lai ldquoA flexible biometrics remote userauthentication schemerdquoComputer Standards and Interfaces vol27 no 1 pp 19ndash23 2004
[20] C-T Li and M-S Hwang ldquoAn efficient biometrics-basedremote user authentication scheme using smart cardsrdquo Journalof Network and Computer Applications vol 33 no 1 pp 1ndash52010
[21] A KDas ldquoAnalysis and improvement on an efficient biometric-based remote user authentication scheme using smart cardsrdquoIET Information Security vol 5 no 3 pp 145ndash151 2011
[22] J P Linnartz and P Tuyls ldquoNew shielding functions toenhance privacy and prevent misuse of biometric templatesrdquoin Proceedings of the Audio and Video-Based Biometric PersonAuthentication vol 2688 of Lecture Notes in Computer Sciencepp 393ndash402 2003
International Journal of
AerospaceEngineeringHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
RoboticsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Active and Passive Electronic Components
Control Scienceand Engineering
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of
RotatingMachinery
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporation httpwwwhindawicom
Journal ofEngineeringVolume 2014
Submit your manuscripts athttpwwwhindawicom
VLSI Design
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Shock and Vibration
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Civil EngineeringAdvances in
Acoustics and VibrationAdvances in
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Electrical and Computer Engineering
Journal of
Advances inOptoElectronics
Hindawi Publishing Corporation httpwwwhindawicom
Volume 2014
The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014
SensorsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Modelling amp Simulation in EngineeringHindawi Publishing Corporation httpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Chemical EngineeringInternational Journal of Antennas and
Propagation
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Navigation and Observation
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
DistributedSensor Networks
International Journal of
4 International Journal of Distributed Sensor Networks
Step 1 It inserts the smart card into the card reader and offers119861119894
Step 2 It verifies whether the userrsquos personal biometrictemplate119861
119894matches against the template stored in the system
Step 3 If 119862119894passes the biometric verification then only
119862119894enters hisher old password PWold
119894and new changed
password PWnew119894
Step 4 The smart card then computes 1199031015840119894= ℎ(PWold
119894) oplus 119891119894
if 1199031015840119894
= 119903119894 the password change phase is terminated If 1199031015840
119894= 119903119894
then only smart card computes 11990310158401015840119894
= ℎ(PWnew119894
) oplus 119891119894 1198901015840119894=
119890119894oplus 119903119894(= ℎ(ID
119894 119883119904)) and 11989010158401015840
119894= 1198901015840119894oplus 119903119894
Step 5 Finally replace 119890119894with 11989010158401015840
119894and 119903119894with 11990310158401015840
119894on the smart
card
3 Cryptanalysis of Dasrsquos Scheme
This section demonstrates that Dasrsquos scheme [21] has somedrawbacks denial-of-service attack user impersonationattack replay attack and password change problem
31 Denial-of-Service Attack One of fundamental propertiesof a secure one-way hash function is that its outputs are verysensitive to small perturbations in their inputs The crypto-graphic hash function cannot be applied straightforwardlywhen the input data are with noise such as biometrics [22]Then the predetermined threshold for biometric verificationcannot be used to measure outputs of hash functions Inthe registration phase of Dasrsquos scheme the register center 119877
119894
computes 119891119894= ℎ(119861
119894) and 119903
119894= ℎ(PW
119894) oplus 119891119894and then stores
119891119894and 119903
119894in the smart card In the login phase 119862
119894inserts
hisher smart card into the card reader and provides hisherpersonal biometrics 119861
119894on a specific device to verify the users
biometrics by verifying whether ℎ(119861119894) = 119891119894or not In Step 4 of
login phase password verification is performed by verifyingwhether 1199031015840
119894= 119903119894However both the biometric verification and
password verification procedures may result in serious flawsbecause ℎ(119861
119894) = 119891
119894may never succeed since the inputted
biometrics belonging to the same person may differ slightlyfrom time to time [22] so the next login and authenticationprocedure will be terminated As a result this may causethe legal user to be unable to pass biometric verification atthe login phase of Dasrsquos scheme Therefore Dasrsquos scheme isvulnerable to the denial-of-service attack
32 User Impersonation Attack We see from the login andauthentication phase of Dasrsquos scheme that an attacker canimpersonate a legal user to access to the server In the loginphase of Dasrsquos scheme since the user 119862
119894sends the message
⟨ID11989411987221198723⟩ to the remote server 119878
119894where 119862
119894identity is
not masked this will result in user impersonation attack asfollows
When an attack denoted as119860119894wants to access the remote
server heshe can eavesdrop the message ⟨ID11989411987221198723⟩ by
tapping communication lines or wireless link between the
legal user 119862119894and the remote server 119878
119894 Once 119860
119894derives
the message ⟨ID11989411987221198723⟩ he can send the eavesdropped
message to the remote server 119878119894 Since the legal userrsquos ID is
not masked so the check of userrsquos validity can easily pass Wecan clearly see that when 119878
119894computes1198721015840
4= ℎ(ID
119894 119883119904) and
11987210158405= 1198722oplus11987210158404 the verification of ℎ(1198721015840
5) = 119872
3is successful
Then 119878119894computes 1198721015840
6= 1198724oplus 119877119904 11987210158407= ℎ(119872
2 11987210158405) and
11987210158408
= ℎ(119877119904) and then sends message ⟨1198721015840
71198721015840611987210158408⟩ to 119862
119894
The attack119860119894may eavesdrops themessage ⟨1198721015840
71198721015840611987210158408⟩ and
modifies the11987210158407 replaces it with11987210158401015840
7 and then sends a forged
message ⟨1198721015840101584071198721015840611987210158408⟩ to 119862
119894 Obviously 11987210158401015840
7= ℎ(1198722 119877119888)
so 119862119894terminates the session However the attacker 119860
119894will
pass the verification ⟨119872101584071198721015840611987210158408⟩ and 119860
119894computes 1198721015840
9=
11987210158406oplus 1198721= 11987210158406oplus 1198724 Since the attack 119860
119894can verify 1198721015840
9=
11987210158408 he proceeds as follows by computing 1198721015840
10= ℎ(1198721015840
6
11987210158409) and sends message ⟨1198721015840
10⟩ to the remote server 119878
119894 On
receiving themessage the remote server 119878119894will verifywhether
119872101584010
= ℎ(1198726
119877119904) or not We can see obviously that the
above equation holds so the remote 119878119894accepts the attackerrsquos
login request and the user impersonation attack will occursequentially
33 Replay Attack In Dasrsquos scheme the replay and man-in-the-middle attack is withstood by checking whether 119872
1015840
5(=
1198722oplus1198724) = 119872
5 where119872
5is equal to 119877
119888and is stored in the
database of remote server 119878119894 It is noted that119872
5= 1198722oplus1198724
=
1198721oplus 119877119888oplus1198724= 119877119888(1198721= 1198724) is disclosed to any user when
one breaks the remote server 119878119894 When the remote server 119878
119894
is compromised by an attacker heshe can change ⟨ID1198941198725⟩
in the database of the remote server 119878119894 Obviously once 119872
5
is changed the replayed message ⟨ID1198941198721015840211987210158403⟩ will not be
discarded and1198725will be replaced by1198721015840
5
34 Password Change In password change procedure ofDasrsquos scheme if remote user 119862
119894wants to change hisher pass-
word heshe must pass biometric verification by verifyingℎ(119861119894) = 119891119894 However the inputted biometrics belonging to the
same personmay differ slightly from time to time [22] so thepassword change procedure will be terminated In additionfor more time since ℎ(119861
119894) = 119891119894 then 1199031015840
119894= ℎ(PWold
119894) oplus 119891
119894
computed by smart card is not equal to 119903119894stored in the
smart card so the password change procedure will also beterminated According to the above analysis Dasrsquos schemecannot realize the password change freely
4 Proposed Scheme
In this section we propose an improvement of the Dasrsquosbiometric-based remote user authentication scheme [21]using smart cards in order to withstand the flaws discussed inSection 3 For convenience we use the same notations used asin Dasrsquos scheme shown in Table 1
41 Registration Phase In order to login to the system theremote user119862
119894needs to perform the following steps as shown
in Algorithm 4
International Journal of Distributed Sensor Networks 5
119862119894
119878119894
(1)ID119894 119861119894 PW119894997888997888997888997888997888997888997888rarr
(2) computes 119891119894 119892119894 119903119894and 119890
119894
119891119894= ℎ(119861
119894)
119892119894= ℎ(ID
119894)
119903119894= ℎ(PW
119894) oplus 119891119894
119890119894= ℎ(119892
119894 119883119904) oplus 119903119894
(3)Smart card(ℎ(sdot) 119891119894 119892119894 119890119894 119903119894 120591 119889(sdot))larr997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888
Algorithm 4 Registration phase of our scheme
Step 1 The user 119862119894inputs hisher personal biometric 119861
119894on
a specific device and offers hisher password PW119894and the
identity ID119894to the registration center 119877
119894in person
Step 2 The registration center 119877119894then computes 119891
119894= ℎ(119861
119894)
119892119894= ℎ(ID
119894) 119903119894= ℎ(PW
119894)oplus119891119894 and 119890
119894= ℎ(119892
119894 119883119904)oplus119903119894 Here119883
119904
is secret information generated by the serverWe note that119883119904
and passwords of the corresponding users are not disclosed toany others for all secure future communications
Step 3 Finally the registration center 119877119894
loads(ℎ(sdot) 119891
119894 119892119894 119890119894 119903119894 120591 119889(sdot)) on the userrsquos smart card and
sends this information to the user 119862119894via a secure channel
42 Login Phase In order to login to the system the remoteuser 119862
119894needs to perform the following stages as shown in
Algorithm 5
Step 1 119862119894first inserts hisher smart card into the card reader
of a terminal and offers hisher personal biometric template1198611015840
119894 on the specific device If 119889(119861
119894 1198611015840
119894) gt 120591 the remote
user authentication is terminated Otherwise 119862119894passes the
biometric verification and then inputs hisher password PW119894
to perform Step 2
Step 2The smart card computes 1199031015840119894= ℎ(PW
119894)oplus119891119894 If119889(1199031015840
119894 119903119894) gt
120591 then password verification fails and the system terminatesthe session otherwise the smart card computes119872
1= 119890119894oplus 1199031015840119894
which is equal to ℎ(119892119894 119883119904) 1198722= ℎ(119877
119888 119879) where 119877
119888is a
random number generated by the user119862119894and119879 is the current
timestamp of 119862119894rsquos system and119872
3= 1198721oplus1198722
Step 3 Finally the user 119862119894sends the message ⟨119892
11989411987221198723 119879⟩
to the remote server 119878119894
43 Authentication Phase When the remote server 119878119894
receives the login request ⟨11989211989411987221198723 119879⟩ at time 119879lowast it will
perform the following steps as shown in Algorithm 6 toauthenticate whether the user 119862
119894is legal or not
Step 1 Verify T If (119879lowast minus 119879) gt Δ119879 the authenticationphase aborts where Δ119879 is the expected time interval for the
transmission delay of the system On the contrary if (119879lowast minus119879) le Δ119879 the next step will be performed
Step 2 119878119894checks the format of 119862
119894rsquos ID119894 It computes 119872
4=
ℎ(119892119894 119883119904) using the secret value119883
119904maintained by the server
119878119894and then computes 119872
5= 1198724oplus 1198723and verifies whether
1198725= 1198722 If it does not hold then 119878
119894rejects119862
119894rsquos login request
In case the verification is successful the next step will beperformed
Step 3 119878119894computes 119872
6= ℎ(119877
119904 119879119904) and 119872
7= 1198724oplus 1198726
where 119879119904is the current timestamp of the server 119878
119894 and then
119878119894sends message ⟨119872
411987261198727 119879119904⟩ to the user 119862
119894
Step 4 After receiving the message ⟨119872411987261198727 119879119904⟩ at
time 119879lowastlowast 119862119894first checks the freshness of 119879
119904by verifying
(119879lowastlowast minus 119879119904) gt Δ119879 If it holds the following session is
terminated otherwise 119862119894computes 119872
8= 119872
4oplus 1198727
and then verifies whether 1198728
= 1198726 If it does not
hold 119862119894terminates the session Otherwise it goes to the
next step
Step 5119862119894computes119872
9= 1198724oplus1198726and then verifies whether
1198729= 1198727 If it does not hold 119878
119894is rejected by 119862
119894 otherwise
if it holds 119862119894computes 119872
10= ℎ(119877
119888 1198791015840) where 1198791015840 is the
current timestamp of the user 119862119894 and then computes 119872
11=
1198727oplus11987210and sends the message ⟨119872
11 119877119888 1198791015840⟩ to the remote
server 119878119894
Step 6 When 119878119894receives the message ⟨119872
11 119877119888 1198791015840⟩ at
time 119879lowastlowastlowast it verifies (119879lowastlowastlowast minus 1198791015840) gt Δ119879 If it holds theauthentication phase is terminated Otherwise if it does nothold 119878
119894computes 119872
12= ℎ(119877
119888 1198791015840) and then computes
11987213
= 1198724oplus1198726oplus11987212 After computing119872
13 then 119878
119894verifies
whether 11987213
= 11987211 If it holds 119878
119894accepts 119862
119894rsquos login request
otherwise 119878119894rejects the login request
44 Password Change In our scheme user 119862119894can freely
change the password PWold119894
to a new one PWnew119894
Thepassword change procedure is performed as follows
Step 1119862119894inserts the smart card into the card reader and offers
hisher personal biometrics 1198611015840119894 then the smart card computes
1198911015840119894= ℎ(1198611015840
119894) and verifies it by checking 119889(1198911015840
119894 119891119894) le 120591 where
119891119894= ℎ(119861
119894) is the information stored in the smart card
Step 2 If it holds 119862119894inserts old password PWold
119894and new
password PWnew119894
otherwise the password change procedureis terminated
Step 3 Smart card performs 1199031015840119894= ℎ(PWold
119894) oplus 1198911015840119894and checks
119889(1199031015840119894 119903119894) le 120591 where 119903
119894is the information stored in the smart
cardStep 4 If it holds the smart card computes 11990310158401015840
119894= ℎ(PWnew
119894) oplus
119891119894 1198901015840119894= 119890119894oplus 119903119894(= ℎ(ID
119894 119883119904)) and 11989010158401015840
119894= 1198901015840119894oplus 119903119894
Step 5 Finally replace 119890119894with 11989010158401015840
119894and 119903119894with 11990310158401015840
119894on the smart
card
6 International Journal of Distributed Sensor Networks
119862119894
119878119894
(1) Inserts the smart card and inputs 1198611015840119894
(2) Verifies whether 119889(119861119894 1198611015840
119894) lt 120591
(3) If it holds then 119862119894inputs hisher password PW
119894
(4) Computes 1199031015840119894= ℎ(PW
119894) oplus 119891119894and verifies whether 119889(119903
119894 1199031015840119894) lt 120591
(5) If it holds the smart card computes1198721= 119890119894oplus 1199031015840119894
1198722= ℎ(119877
119888 119879)
1198723= 1198721oplus1198722
(6)⟨119892119894 1198722 1198723 119879⟩997888997888997888997888997888997888997888997888997888997888997888rarr
Algorithm 5 Login phase of our scheme
119862119894
119878119894
(1) When receiving ⟨11989211989411987221198723 119879⟩
119878119894checks (119879lowast minus 119879) gt Δ119879
(2) 119878119894computes119872
4= ℎ (119892
119894 119883119904)
1198725= 1198724oplus1198723 and verifies whether119872
5= 1198722
(3) 119878119894computes119872
6= ℎ(119877
119904 119879119904)
1198727= 1198724oplus1198726
⟨1198724 1198726 1198727 119879119904 ⟩larr997888997888997888997888997888997888997888997888997888997888997888997888997888
(4) When receiving ⟨1198724 1198726 1198727 119879119904⟩
at 119879lowastlowast 119862119894checks (119879lowastlowast minus 119879) gt Δ119879
computes1198728= 1198724oplus1198727 then verifies119872
8= 1198726
(5) 119862119894computes119872
9= 1198724oplus1198726 then verifies119872
9= 1198727 computes119872
10= ℎ(119877
119888 1198791015840) and
then11987211
= 1198727oplus11987210
⟨11987211 119877119888 1198791015840⟩
997888997888997888997888997888997888997888997888997888997888rarr
(6) When receiving ⟨11987211 119877119888 1198791015840⟩ at 119879lowastlowastlowast 119878
119894verifies (119879lowastlowastlowast minus 119879) gt Δ119879
then computes11987212
= ℎ(119877119888 1198791015840)
11987213
= 1198724oplus1198726oplus11987212 then verifies119872
13= 11987211
If it holds 119878119894accepts 1198621015840
119894119904 login request
Algorithm 6 Authentication phase of our scheme
5 Security Analysis and Performance ofthe Proposed Scheme
51 Security Analysis If a legal user lost hisher smart cardit is extremely hard for an adversary to derive the userrsquossensitive information such as userrsquos identity password andbiometrics because the extraction of parameters from thesmart card is quite difficult Furthermore the adversarycannot change the password because heshe cannot pass thebiometric verification
511 Denial-of-Service Attack In our proposed protocolwe take into account hash functionrsquos sensitivity to smallperturbations in its inputs In the login phase userrsquos biometricverification is performed by checking 119889(119861
119894 1198611015840119894) gt 120591 instead
of checking ℎ(1198611015840119894) = 119891119894 Moreover the password verification
is performed by checking 119889(1199031015840119894 119903119894) gt 120591 instead of 1199031015840
119894= 119903119894 So
denial-of-service attack caused by hash functionrsquos fundamen-tal properties can be withstood
512 Stolen-Verifier Attack Our scheme can resist stolen-verifier attack because the scheme is free from the veri-fierpassword table In our protocol the remote server 119878
119894does
not keep password tables Therefore an attacker cannot stealuserrsquos password from 119878
119894 Moreover the password ismasked by
hash function in the procedure of message transfer betweenthe user 119862
119894and remote server 119878
119894
513 Many Logged-In Users Attack Most systems whichmaintain the password table to verify user login are vulner-able to this kind of threat Our scheme can resist the threatsince our scheme requires on-card computation for login tothe remote server 119878
119894 and once the smart card is removed the
login process will be aborted
International Journal of Distributed Sensor Networks 7
514 Guessing Attack Our protocol can resist guessingattack which is a critical concern in password-based systemssince the password in our protocol is transmitted as a digestof some other secret information The attacker cannot guessthe userrsquos password from the digest because of the one-waycharacteristic of the hash function even if the attacker mayget the digest which contains the password
515 ReplayAttack Replaying an interceptedmessage can beprevented in our proposed protocol If an attacker intercepts⟨ID11989411987221198723 119879⟩ and tries to login to the remote server
119878119894via replaying the same message heshe cannot pass the
verification of the login request due to (119879lowast minus 119879) gt Δ119879 where119879lowast is the system time when the remote server 119878
119894receives
the replayed message Moreover if an attacker intercepts⟨119872411987261198727 119879119904⟩ and tries to replay the message to the user
119862119894 this kind of attack also can be prevented due to (119879lowastlowastminus119879
119904) gt
Δ119879
516 User Impersonation Attack In the login phase ofour scheme the message sent to remote server 119878
119894is
⟨11989211989411987221198723 119879⟩ instead of ⟨ID
11989411987221198723 119879⟩ where the userrsquos
identity ID119894is masked by hash function Even though an
attacker eavesdrops the message ⟨11989211989411987221198723 119879⟩ he cannot
derive the userrsquos identity ID119894 due to the one-way charac-
teristic of hash function In the authentication phase whenthe remote server 119878
119894receives the login request message
⟨11989211989411987221198723 119879⟩ it will check the validity of userrsquos identity
Since the attacker cannot derive legal userrsquos identity thecheck of userrsquos identity cannot pass which will result inthe termination of authentication phase Through the aboveanalysis we can see that user impersonation attack can beavoided in our scheme
517 Server Masquerading Attack If an attack 119860119894attempts
to masquerade as the legitimate server 119878119894 heshe must make
the forged replay message to the user when receiving theuserrsquos login request message ⟨119892
11989411987221198723 119879⟩ However the
forged replay message is more difficult to fake since thetime-stamped message ⟨119872
411987261198727 119879119904⟩ is sent to the user
119862119894when the remote server 119878
119894is receiving 119862
119894rsquos login request
message ⟨11989211989411987221198723 119879⟩ Moreover the attacker 119860
119894cannot
masquerade as the server by forging the replay message⟨119872411987261198727 119879119904⟩ because 119860
119894cannot compute (119872
41198727)
sending to the user 119862119894without knowing the secret value
119883119904kept by the server 119878
119894 Hence the attacker 119860
119894cannot
masquerade as the legal server to the user by launching theserver masquerading attack
518 Insider Attack In the registration phase if the userrsquospassword PW
119894and the biometrics information119861
119894are revealed
to the server 119878119894 the insider of the server may directly obtain
PW119894and 119861
119894 and the insider impersonates as the user 119862
119894to
access the userrsquos other accounts in the server But in the loginphase of our scheme if the insider wants to access 119862
119894rsquos other
accounts heshe must input hisher smart card to the cardreader and provide his biometric information 119861
1015840
119894in order to
pass the verification 119889(119861119894 1198611015840119894) lt 120591 Since the insider cannot
provide the user 119862119894rsquos smart card the biometric verification
will be aborted So the insider attack can be prevented
519 Mutual Authentication As described above ourscheme can withstand the user impersonation attack andserver masquerading attack consequently our scheme canprovide mutual authentication between the user 119862
119894and
remote server 119878119894
5110 Man-in-the-Middle Attack Man-in-the-middle attackmeans that an active attacker intercepts the communicationline between a legal user and the server and uses somemeansto successfully masquerade as both the server to the user andthe user to the server Then the user will believe that he istalking to the intended server and vice versa In our schemewhen a user 119862
119894wants to login to the remote server 119878
119894 mutual
authentication between the user 119862119894and remote server 119878
119894is
performed so man-in-the-middle attack can be prevented
52 Performance of the Proposed Scheme In this subsectionwe compare the performances of our improved schemewith those for Li-Hwangrsquos scheme [11] and Dasrsquos scheme[21] It is worth recalling that the protocol of Li-Hwangrsquosscheme [11] has security weaknesses against denial-of-serviceattack replay attack user impersonation attack and man-in-the-middle attack It is noted that Dasrsquos scheme [21] hassecurity weaknesses against denial-of-service attack userimpersonation attack replay attack server masqueradingattack and insider attack The security comparisons betweenour scheme and the schemes proposed by Li and Hwang [11]and Das [21] are summarized in Table 2 For the convenienceof evaluating the efficiency of related scheme we define thenotation 119879
ℎ the time of executing a one-way hash function
The efficiency comparison with related schemes is shown inTable 3 From the table we can see that our scheme is moreefficient than Dasrsquos scheme [21] Though our scheme is lessefficient than Li-Hwangrsquos scheme [11] it can provide bettersecurity against most attacks
6 Conclusion
This paper presents a biometric-based user authenticationscheme for clientserver system The method employs bio-metric keys and resists the threats of stolen-verifier of whichmany are logged-in users with the same login identity denial-of-service attack guessing attack insider attack replay attackuser impersonation attack server masquerading attack andman-in-the-middle attack Moreover the improved schemecan realize mutual authentication between the user andremote server The proposed scheme uses only hash functionand XOR operation which is efficient compared with thatof related protocols In addition the userrsquos password can bechanged freely using the proposed scheme Our proposedscheme provides strong authentication with the help of ver-ifying biometrics passwords and random nonces generatedby the user and server as compared to that of related schemes
8 International Journal of Distributed Sensor Networks
Table 2 Security comparisons among related protocols
Item Our scheme Li-Hwangrsquos scheme [11] Dasrsquos scheme [21]Avoiding denial-of-service attack Yes No NoAvoiding stolen-verifier attack Yes Yes YesAvoiding many logged-in users attack Yes Yes YesAvoiding guessing attack Yes Yes NoAvoiding replay attack Yes No NoAvoiding user impersonation attack Yes No NoAvoiding server masquerading attack Yes No NoAvoiding man-in-the-middle attack Yes No YesAvoiding insider attack Yes No NoMutual authentication Yes No NoHaving flaws in password change No Yes Yes
Table 3 Efficiency comparison with related schemes
Different phase Li-HwangrsquosScheme [11]
Dasrsquosscheme [21] Our scheme
RegistrationUser computation cost 2119879
ℎmdash 4119879
ℎ
Server computation cost mdash 3119879ℎ
mdashLogin
User computation cost 3119879ℎ
3119879ℎ
3119879ℎ
Server computation cost mdash mdash mdashAuthentication
User computation cost 2119879ℎ
3119879ℎ
119879ℎ
Server computation cost 3119879ℎ
5119879ℎ
3119879ℎ
Conflict of Interests
The authors declare that there is no conflict of interestsregarding the publication of this paper
Acknowledgments
The authors would like to thank the valuable comments andsuggestions of the reviewersThiswork is supported in part byNational Natural Science Foundation of China (no 61370223)and by Science Research Project of Hubei Provincial Depart-ment of Education (XD2012374 and B2013024)
References
[1] M S Hwang and C Y Liu ldquoAuthenticated encryption schemescurrent status and key issuesrdquo International Journal of NetworkSecurity vol 1 no 2 pp 61ndash73 2005
[2] N-Y Lee and Y-C Chiu ldquoImproved remote authenticationscheme with smart cardrdquo Computer Standards and Interfacesvol 27 no 2 pp 177ndash180 2005
[3] C T Li ldquoAn enhanced remote user authentication schemeproviding mutual authen- tication and key agreement withSmart Cardsrdquo in Proceedings of the 5th International IEEEComputer Society Conference on Information Assurance andSecurity pp 517ndash520 Xirsquoan China 2009
[4] MKim andC K Koc ldquoA simple attack on a recently introducedhash-based strong-password authentication schemerdquo Interna-tional Journal of Network Security vol 1 no 2 pp 77ndash80 2005
[5] K H M Wong Z Yuan C Jiannong and W ShengweildquoA dynamic user authentication scheme for wireless sensornetworksrdquo in Proceedings of the IEEE International Conferenceon Sensor Networks Ubiquitous and Trustworthy Computing(SUTC rsquo06) pp 244ndash251 Taichung Taiwan June 2006
[6] H-R Tseng R-H Jan and W Yang ldquoAn improved dynamicuser authentication scheme for wireless sensor networksrdquo inProceedings of the 50th Annual IEEEGlobal TelecommunicationsConference (GLOBECOM rsquo07) pp 986ndash990 Washington DCUSA November 2007
[7] T H Lee ldquoSimple dynamic user authen- tication protocolsfor wireless sensor networksrdquo in Proceedings of the 2nd Inter-national Conference on Sensor Technologies and Application(SENSORCOMMrsquo08) pp 657ndash660CapEsterel FranceAugust2008
[8] L-C Ko ldquoA novel dynamic user authentication scheme forwireless sensor networksrdquo in Proceedings of the IEEE Interna-tional Symposium on Wireless Communication Systems (ISWCSrsquo08) pp 608ndash612 Reykjavik Iceland October 2008
[9] B Vaidya J J Rodrigues and J H Park ldquoUser authenticationschemes with pseudonymity for ubiquitous sensor network inNGNrdquo International Journal of Communication Systems vol 23no 9-10 pp 1201ndash1222 2010
[10] J Daemen and R V Rijndael ldquoThe advanced encryptionstandardrdquo Dr Dobbrsquos Journal vol 26 no 3 pp 137ndash139 2001
[11] C-T Li and M-S Hwang ldquoAn efficient biometrics-basedremote user authentication scheme using smart cardsrdquo Journalof Network and Computer Applications vol 33 no 1 pp 1ndash52010
[12] A K Jain A Ross and S Prabhakar ldquoAn introduction to bio-metric recognitionrdquo IEEE Transactions on Circuits and Systemsfor Video Technology vol 14 no 1 pp 4ndash20 2004
[13] D Maltoni D Maio A K Jain and S Prabhakar Handbook ofFingerprint Recognition Springer New York NY USA 2009
[14] S Prabhakar S Pankanti and A K Jain ldquoBiometric recogni-tion security and privacy concernsrdquo IEEE Security and Privacyvol 1 no 2 pp 33ndash42 2003
[15] A Prakash ldquoA biometric approach for continuous user authen-tication by fusing hard and soft traitsrdquo International Journal ofNetwork Security vol 16 no 1 pp 65ndash70 2014
International Journal of Distributed Sensor Networks 9
[16] C K Dimitriadis and S A Shaikh ldquoA biometric authenticationprotocol for 3G mobile systems modelled and validated usingCSP and rank functionsrdquo International Journal of NetworkSecurity vol 5 no 1 pp 99ndash111 2007
[17] A Yang ldquoSecurity weaknesses and improvements of afingerprint-based remote user authentication scheme usingsmart cardsrdquo International Journal of Advancements inComputing Technology vol 4 no 3 pp 21ndash28 2012
[18] A N Younghwa ldquoSecurity analysis and enhancements of aneffective biometric-based remote user authentication schemeusing smart cardsrdquo Journal of Biomedicine and Biotechnologyvol 2012 Article ID 519723 6 pages 2012
[19] C-H Lin and Y-Y Lai ldquoA flexible biometrics remote userauthentication schemerdquoComputer Standards and Interfaces vol27 no 1 pp 19ndash23 2004
[20] C-T Li and M-S Hwang ldquoAn efficient biometrics-basedremote user authentication scheme using smart cardsrdquo Journalof Network and Computer Applications vol 33 no 1 pp 1ndash52010
[21] A KDas ldquoAnalysis and improvement on an efficient biometric-based remote user authentication scheme using smart cardsrdquoIET Information Security vol 5 no 3 pp 145ndash151 2011
[22] J P Linnartz and P Tuyls ldquoNew shielding functions toenhance privacy and prevent misuse of biometric templatesrdquoin Proceedings of the Audio and Video-Based Biometric PersonAuthentication vol 2688 of Lecture Notes in Computer Sciencepp 393ndash402 2003
International Journal of
AerospaceEngineeringHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
RoboticsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Active and Passive Electronic Components
Control Scienceand Engineering
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of
RotatingMachinery
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporation httpwwwhindawicom
Journal ofEngineeringVolume 2014
Submit your manuscripts athttpwwwhindawicom
VLSI Design
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Shock and Vibration
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Civil EngineeringAdvances in
Acoustics and VibrationAdvances in
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Electrical and Computer Engineering
Journal of
Advances inOptoElectronics
Hindawi Publishing Corporation httpwwwhindawicom
Volume 2014
The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014
SensorsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Modelling amp Simulation in EngineeringHindawi Publishing Corporation httpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Chemical EngineeringInternational Journal of Antennas and
Propagation
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Navigation and Observation
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
DistributedSensor Networks
International Journal of
International Journal of Distributed Sensor Networks 5
119862119894
119878119894
(1)ID119894 119861119894 PW119894997888997888997888997888997888997888997888rarr
(2) computes 119891119894 119892119894 119903119894and 119890
119894
119891119894= ℎ(119861
119894)
119892119894= ℎ(ID
119894)
119903119894= ℎ(PW
119894) oplus 119891119894
119890119894= ℎ(119892
119894 119883119904) oplus 119903119894
(3)Smart card(ℎ(sdot) 119891119894 119892119894 119890119894 119903119894 120591 119889(sdot))larr997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888
Algorithm 4 Registration phase of our scheme
Step 1 The user 119862119894inputs hisher personal biometric 119861
119894on
a specific device and offers hisher password PW119894and the
identity ID119894to the registration center 119877
119894in person
Step 2 The registration center 119877119894then computes 119891
119894= ℎ(119861
119894)
119892119894= ℎ(ID
119894) 119903119894= ℎ(PW
119894)oplus119891119894 and 119890
119894= ℎ(119892
119894 119883119904)oplus119903119894 Here119883
119904
is secret information generated by the serverWe note that119883119904
and passwords of the corresponding users are not disclosed toany others for all secure future communications
Step 3 Finally the registration center 119877119894
loads(ℎ(sdot) 119891
119894 119892119894 119890119894 119903119894 120591 119889(sdot)) on the userrsquos smart card and
sends this information to the user 119862119894via a secure channel
42 Login Phase In order to login to the system the remoteuser 119862
119894needs to perform the following stages as shown in
Algorithm 5
Step 1 119862119894first inserts hisher smart card into the card reader
of a terminal and offers hisher personal biometric template1198611015840
119894 on the specific device If 119889(119861
119894 1198611015840
119894) gt 120591 the remote
user authentication is terminated Otherwise 119862119894passes the
biometric verification and then inputs hisher password PW119894
to perform Step 2
Step 2The smart card computes 1199031015840119894= ℎ(PW
119894)oplus119891119894 If119889(1199031015840
119894 119903119894) gt
120591 then password verification fails and the system terminatesthe session otherwise the smart card computes119872
1= 119890119894oplus 1199031015840119894
which is equal to ℎ(119892119894 119883119904) 1198722= ℎ(119877
119888 119879) where 119877
119888is a
random number generated by the user119862119894and119879 is the current
timestamp of 119862119894rsquos system and119872
3= 1198721oplus1198722
Step 3 Finally the user 119862119894sends the message ⟨119892
11989411987221198723 119879⟩
to the remote server 119878119894
43 Authentication Phase When the remote server 119878119894
receives the login request ⟨11989211989411987221198723 119879⟩ at time 119879lowast it will
perform the following steps as shown in Algorithm 6 toauthenticate whether the user 119862
119894is legal or not
Step 1 Verify T If (119879lowast minus 119879) gt Δ119879 the authenticationphase aborts where Δ119879 is the expected time interval for the
transmission delay of the system On the contrary if (119879lowast minus119879) le Δ119879 the next step will be performed
Step 2 119878119894checks the format of 119862
119894rsquos ID119894 It computes 119872
4=
ℎ(119892119894 119883119904) using the secret value119883
119904maintained by the server
119878119894and then computes 119872
5= 1198724oplus 1198723and verifies whether
1198725= 1198722 If it does not hold then 119878
119894rejects119862
119894rsquos login request
In case the verification is successful the next step will beperformed
Step 3 119878119894computes 119872
6= ℎ(119877
119904 119879119904) and 119872
7= 1198724oplus 1198726
where 119879119904is the current timestamp of the server 119878
119894 and then
119878119894sends message ⟨119872
411987261198727 119879119904⟩ to the user 119862
119894
Step 4 After receiving the message ⟨119872411987261198727 119879119904⟩ at
time 119879lowastlowast 119862119894first checks the freshness of 119879
119904by verifying
(119879lowastlowast minus 119879119904) gt Δ119879 If it holds the following session is
terminated otherwise 119862119894computes 119872
8= 119872
4oplus 1198727
and then verifies whether 1198728
= 1198726 If it does not
hold 119862119894terminates the session Otherwise it goes to the
next step
Step 5119862119894computes119872
9= 1198724oplus1198726and then verifies whether
1198729= 1198727 If it does not hold 119878
119894is rejected by 119862
119894 otherwise
if it holds 119862119894computes 119872
10= ℎ(119877
119888 1198791015840) where 1198791015840 is the
current timestamp of the user 119862119894 and then computes 119872
11=
1198727oplus11987210and sends the message ⟨119872
11 119877119888 1198791015840⟩ to the remote
server 119878119894
Step 6 When 119878119894receives the message ⟨119872
11 119877119888 1198791015840⟩ at
time 119879lowastlowastlowast it verifies (119879lowastlowastlowast minus 1198791015840) gt Δ119879 If it holds theauthentication phase is terminated Otherwise if it does nothold 119878
119894computes 119872
12= ℎ(119877
119888 1198791015840) and then computes
11987213
= 1198724oplus1198726oplus11987212 After computing119872
13 then 119878
119894verifies
whether 11987213
= 11987211 If it holds 119878
119894accepts 119862
119894rsquos login request
otherwise 119878119894rejects the login request
44 Password Change In our scheme user 119862119894can freely
change the password PWold119894
to a new one PWnew119894
Thepassword change procedure is performed as follows
Step 1119862119894inserts the smart card into the card reader and offers
hisher personal biometrics 1198611015840119894 then the smart card computes
1198911015840119894= ℎ(1198611015840
119894) and verifies it by checking 119889(1198911015840
119894 119891119894) le 120591 where
119891119894= ℎ(119861
119894) is the information stored in the smart card
Step 2 If it holds 119862119894inserts old password PWold
119894and new
password PWnew119894
otherwise the password change procedureis terminated
Step 3 Smart card performs 1199031015840119894= ℎ(PWold
119894) oplus 1198911015840119894and checks
119889(1199031015840119894 119903119894) le 120591 where 119903
119894is the information stored in the smart
cardStep 4 If it holds the smart card computes 11990310158401015840
119894= ℎ(PWnew
119894) oplus
119891119894 1198901015840119894= 119890119894oplus 119903119894(= ℎ(ID
119894 119883119904)) and 11989010158401015840
119894= 1198901015840119894oplus 119903119894
Step 5 Finally replace 119890119894with 11989010158401015840
119894and 119903119894with 11990310158401015840
119894on the smart
card
6 International Journal of Distributed Sensor Networks
119862119894
119878119894
(1) Inserts the smart card and inputs 1198611015840119894
(2) Verifies whether 119889(119861119894 1198611015840
119894) lt 120591
(3) If it holds then 119862119894inputs hisher password PW
119894
(4) Computes 1199031015840119894= ℎ(PW
119894) oplus 119891119894and verifies whether 119889(119903
119894 1199031015840119894) lt 120591
(5) If it holds the smart card computes1198721= 119890119894oplus 1199031015840119894
1198722= ℎ(119877
119888 119879)
1198723= 1198721oplus1198722
(6)⟨119892119894 1198722 1198723 119879⟩997888997888997888997888997888997888997888997888997888997888997888rarr
Algorithm 5 Login phase of our scheme
119862119894
119878119894
(1) When receiving ⟨11989211989411987221198723 119879⟩
119878119894checks (119879lowast minus 119879) gt Δ119879
(2) 119878119894computes119872
4= ℎ (119892
119894 119883119904)
1198725= 1198724oplus1198723 and verifies whether119872
5= 1198722
(3) 119878119894computes119872
6= ℎ(119877
119904 119879119904)
1198727= 1198724oplus1198726
⟨1198724 1198726 1198727 119879119904 ⟩larr997888997888997888997888997888997888997888997888997888997888997888997888997888
(4) When receiving ⟨1198724 1198726 1198727 119879119904⟩
at 119879lowastlowast 119862119894checks (119879lowastlowast minus 119879) gt Δ119879
computes1198728= 1198724oplus1198727 then verifies119872
8= 1198726
(5) 119862119894computes119872
9= 1198724oplus1198726 then verifies119872
9= 1198727 computes119872
10= ℎ(119877
119888 1198791015840) and
then11987211
= 1198727oplus11987210
⟨11987211 119877119888 1198791015840⟩
997888997888997888997888997888997888997888997888997888997888rarr
(6) When receiving ⟨11987211 119877119888 1198791015840⟩ at 119879lowastlowastlowast 119878
119894verifies (119879lowastlowastlowast minus 119879) gt Δ119879
then computes11987212
= ℎ(119877119888 1198791015840)
11987213
= 1198724oplus1198726oplus11987212 then verifies119872
13= 11987211
If it holds 119878119894accepts 1198621015840
119894119904 login request
Algorithm 6 Authentication phase of our scheme
5 Security Analysis and Performance ofthe Proposed Scheme
51 Security Analysis If a legal user lost hisher smart cardit is extremely hard for an adversary to derive the userrsquossensitive information such as userrsquos identity password andbiometrics because the extraction of parameters from thesmart card is quite difficult Furthermore the adversarycannot change the password because heshe cannot pass thebiometric verification
511 Denial-of-Service Attack In our proposed protocolwe take into account hash functionrsquos sensitivity to smallperturbations in its inputs In the login phase userrsquos biometricverification is performed by checking 119889(119861
119894 1198611015840119894) gt 120591 instead
of checking ℎ(1198611015840119894) = 119891119894 Moreover the password verification
is performed by checking 119889(1199031015840119894 119903119894) gt 120591 instead of 1199031015840
119894= 119903119894 So
denial-of-service attack caused by hash functionrsquos fundamen-tal properties can be withstood
512 Stolen-Verifier Attack Our scheme can resist stolen-verifier attack because the scheme is free from the veri-fierpassword table In our protocol the remote server 119878
119894does
not keep password tables Therefore an attacker cannot stealuserrsquos password from 119878
119894 Moreover the password ismasked by
hash function in the procedure of message transfer betweenthe user 119862
119894and remote server 119878
119894
513 Many Logged-In Users Attack Most systems whichmaintain the password table to verify user login are vulner-able to this kind of threat Our scheme can resist the threatsince our scheme requires on-card computation for login tothe remote server 119878
119894 and once the smart card is removed the
login process will be aborted
International Journal of Distributed Sensor Networks 7
514 Guessing Attack Our protocol can resist guessingattack which is a critical concern in password-based systemssince the password in our protocol is transmitted as a digestof some other secret information The attacker cannot guessthe userrsquos password from the digest because of the one-waycharacteristic of the hash function even if the attacker mayget the digest which contains the password
515 ReplayAttack Replaying an interceptedmessage can beprevented in our proposed protocol If an attacker intercepts⟨ID11989411987221198723 119879⟩ and tries to login to the remote server
119878119894via replaying the same message heshe cannot pass the
verification of the login request due to (119879lowast minus 119879) gt Δ119879 where119879lowast is the system time when the remote server 119878
119894receives
the replayed message Moreover if an attacker intercepts⟨119872411987261198727 119879119904⟩ and tries to replay the message to the user
119862119894 this kind of attack also can be prevented due to (119879lowastlowastminus119879
119904) gt
Δ119879
516 User Impersonation Attack In the login phase ofour scheme the message sent to remote server 119878
119894is
⟨11989211989411987221198723 119879⟩ instead of ⟨ID
11989411987221198723 119879⟩ where the userrsquos
identity ID119894is masked by hash function Even though an
attacker eavesdrops the message ⟨11989211989411987221198723 119879⟩ he cannot
derive the userrsquos identity ID119894 due to the one-way charac-
teristic of hash function In the authentication phase whenthe remote server 119878
119894receives the login request message
⟨11989211989411987221198723 119879⟩ it will check the validity of userrsquos identity
Since the attacker cannot derive legal userrsquos identity thecheck of userrsquos identity cannot pass which will result inthe termination of authentication phase Through the aboveanalysis we can see that user impersonation attack can beavoided in our scheme
517 Server Masquerading Attack If an attack 119860119894attempts
to masquerade as the legitimate server 119878119894 heshe must make
the forged replay message to the user when receiving theuserrsquos login request message ⟨119892
11989411987221198723 119879⟩ However the
forged replay message is more difficult to fake since thetime-stamped message ⟨119872
411987261198727 119879119904⟩ is sent to the user
119862119894when the remote server 119878
119894is receiving 119862
119894rsquos login request
message ⟨11989211989411987221198723 119879⟩ Moreover the attacker 119860
119894cannot
masquerade as the server by forging the replay message⟨119872411987261198727 119879119904⟩ because 119860
119894cannot compute (119872
41198727)
sending to the user 119862119894without knowing the secret value
119883119904kept by the server 119878
119894 Hence the attacker 119860
119894cannot
masquerade as the legal server to the user by launching theserver masquerading attack
518 Insider Attack In the registration phase if the userrsquospassword PW
119894and the biometrics information119861
119894are revealed
to the server 119878119894 the insider of the server may directly obtain
PW119894and 119861
119894 and the insider impersonates as the user 119862
119894to
access the userrsquos other accounts in the server But in the loginphase of our scheme if the insider wants to access 119862
119894rsquos other
accounts heshe must input hisher smart card to the cardreader and provide his biometric information 119861
1015840
119894in order to
pass the verification 119889(119861119894 1198611015840119894) lt 120591 Since the insider cannot
provide the user 119862119894rsquos smart card the biometric verification
will be aborted So the insider attack can be prevented
519 Mutual Authentication As described above ourscheme can withstand the user impersonation attack andserver masquerading attack consequently our scheme canprovide mutual authentication between the user 119862
119894and
remote server 119878119894
5110 Man-in-the-Middle Attack Man-in-the-middle attackmeans that an active attacker intercepts the communicationline between a legal user and the server and uses somemeansto successfully masquerade as both the server to the user andthe user to the server Then the user will believe that he istalking to the intended server and vice versa In our schemewhen a user 119862
119894wants to login to the remote server 119878
119894 mutual
authentication between the user 119862119894and remote server 119878
119894is
performed so man-in-the-middle attack can be prevented
52 Performance of the Proposed Scheme In this subsectionwe compare the performances of our improved schemewith those for Li-Hwangrsquos scheme [11] and Dasrsquos scheme[21] It is worth recalling that the protocol of Li-Hwangrsquosscheme [11] has security weaknesses against denial-of-serviceattack replay attack user impersonation attack and man-in-the-middle attack It is noted that Dasrsquos scheme [21] hassecurity weaknesses against denial-of-service attack userimpersonation attack replay attack server masqueradingattack and insider attack The security comparisons betweenour scheme and the schemes proposed by Li and Hwang [11]and Das [21] are summarized in Table 2 For the convenienceof evaluating the efficiency of related scheme we define thenotation 119879
ℎ the time of executing a one-way hash function
The efficiency comparison with related schemes is shown inTable 3 From the table we can see that our scheme is moreefficient than Dasrsquos scheme [21] Though our scheme is lessefficient than Li-Hwangrsquos scheme [11] it can provide bettersecurity against most attacks
6 Conclusion
This paper presents a biometric-based user authenticationscheme for clientserver system The method employs bio-metric keys and resists the threats of stolen-verifier of whichmany are logged-in users with the same login identity denial-of-service attack guessing attack insider attack replay attackuser impersonation attack server masquerading attack andman-in-the-middle attack Moreover the improved schemecan realize mutual authentication between the user andremote server The proposed scheme uses only hash functionand XOR operation which is efficient compared with thatof related protocols In addition the userrsquos password can bechanged freely using the proposed scheme Our proposedscheme provides strong authentication with the help of ver-ifying biometrics passwords and random nonces generatedby the user and server as compared to that of related schemes
8 International Journal of Distributed Sensor Networks
Table 2 Security comparisons among related protocols
Item Our scheme Li-Hwangrsquos scheme [11] Dasrsquos scheme [21]Avoiding denial-of-service attack Yes No NoAvoiding stolen-verifier attack Yes Yes YesAvoiding many logged-in users attack Yes Yes YesAvoiding guessing attack Yes Yes NoAvoiding replay attack Yes No NoAvoiding user impersonation attack Yes No NoAvoiding server masquerading attack Yes No NoAvoiding man-in-the-middle attack Yes No YesAvoiding insider attack Yes No NoMutual authentication Yes No NoHaving flaws in password change No Yes Yes
Table 3 Efficiency comparison with related schemes
Different phase Li-HwangrsquosScheme [11]
Dasrsquosscheme [21] Our scheme
RegistrationUser computation cost 2119879
ℎmdash 4119879
ℎ
Server computation cost mdash 3119879ℎ
mdashLogin
User computation cost 3119879ℎ
3119879ℎ
3119879ℎ
Server computation cost mdash mdash mdashAuthentication
User computation cost 2119879ℎ
3119879ℎ
119879ℎ
Server computation cost 3119879ℎ
5119879ℎ
3119879ℎ
Conflict of Interests
The authors declare that there is no conflict of interestsregarding the publication of this paper
Acknowledgments
The authors would like to thank the valuable comments andsuggestions of the reviewersThiswork is supported in part byNational Natural Science Foundation of China (no 61370223)and by Science Research Project of Hubei Provincial Depart-ment of Education (XD2012374 and B2013024)
References
[1] M S Hwang and C Y Liu ldquoAuthenticated encryption schemescurrent status and key issuesrdquo International Journal of NetworkSecurity vol 1 no 2 pp 61ndash73 2005
[2] N-Y Lee and Y-C Chiu ldquoImproved remote authenticationscheme with smart cardrdquo Computer Standards and Interfacesvol 27 no 2 pp 177ndash180 2005
[3] C T Li ldquoAn enhanced remote user authentication schemeproviding mutual authen- tication and key agreement withSmart Cardsrdquo in Proceedings of the 5th International IEEEComputer Society Conference on Information Assurance andSecurity pp 517ndash520 Xirsquoan China 2009
[4] MKim andC K Koc ldquoA simple attack on a recently introducedhash-based strong-password authentication schemerdquo Interna-tional Journal of Network Security vol 1 no 2 pp 77ndash80 2005
[5] K H M Wong Z Yuan C Jiannong and W ShengweildquoA dynamic user authentication scheme for wireless sensornetworksrdquo in Proceedings of the IEEE International Conferenceon Sensor Networks Ubiquitous and Trustworthy Computing(SUTC rsquo06) pp 244ndash251 Taichung Taiwan June 2006
[6] H-R Tseng R-H Jan and W Yang ldquoAn improved dynamicuser authentication scheme for wireless sensor networksrdquo inProceedings of the 50th Annual IEEEGlobal TelecommunicationsConference (GLOBECOM rsquo07) pp 986ndash990 Washington DCUSA November 2007
[7] T H Lee ldquoSimple dynamic user authen- tication protocolsfor wireless sensor networksrdquo in Proceedings of the 2nd Inter-national Conference on Sensor Technologies and Application(SENSORCOMMrsquo08) pp 657ndash660CapEsterel FranceAugust2008
[8] L-C Ko ldquoA novel dynamic user authentication scheme forwireless sensor networksrdquo in Proceedings of the IEEE Interna-tional Symposium on Wireless Communication Systems (ISWCSrsquo08) pp 608ndash612 Reykjavik Iceland October 2008
[9] B Vaidya J J Rodrigues and J H Park ldquoUser authenticationschemes with pseudonymity for ubiquitous sensor network inNGNrdquo International Journal of Communication Systems vol 23no 9-10 pp 1201ndash1222 2010
[10] J Daemen and R V Rijndael ldquoThe advanced encryptionstandardrdquo Dr Dobbrsquos Journal vol 26 no 3 pp 137ndash139 2001
[11] C-T Li and M-S Hwang ldquoAn efficient biometrics-basedremote user authentication scheme using smart cardsrdquo Journalof Network and Computer Applications vol 33 no 1 pp 1ndash52010
[12] A K Jain A Ross and S Prabhakar ldquoAn introduction to bio-metric recognitionrdquo IEEE Transactions on Circuits and Systemsfor Video Technology vol 14 no 1 pp 4ndash20 2004
[13] D Maltoni D Maio A K Jain and S Prabhakar Handbook ofFingerprint Recognition Springer New York NY USA 2009
[14] S Prabhakar S Pankanti and A K Jain ldquoBiometric recogni-tion security and privacy concernsrdquo IEEE Security and Privacyvol 1 no 2 pp 33ndash42 2003
[15] A Prakash ldquoA biometric approach for continuous user authen-tication by fusing hard and soft traitsrdquo International Journal ofNetwork Security vol 16 no 1 pp 65ndash70 2014
International Journal of Distributed Sensor Networks 9
[16] C K Dimitriadis and S A Shaikh ldquoA biometric authenticationprotocol for 3G mobile systems modelled and validated usingCSP and rank functionsrdquo International Journal of NetworkSecurity vol 5 no 1 pp 99ndash111 2007
[17] A Yang ldquoSecurity weaknesses and improvements of afingerprint-based remote user authentication scheme usingsmart cardsrdquo International Journal of Advancements inComputing Technology vol 4 no 3 pp 21ndash28 2012
[18] A N Younghwa ldquoSecurity analysis and enhancements of aneffective biometric-based remote user authentication schemeusing smart cardsrdquo Journal of Biomedicine and Biotechnologyvol 2012 Article ID 519723 6 pages 2012
[19] C-H Lin and Y-Y Lai ldquoA flexible biometrics remote userauthentication schemerdquoComputer Standards and Interfaces vol27 no 1 pp 19ndash23 2004
[20] C-T Li and M-S Hwang ldquoAn efficient biometrics-basedremote user authentication scheme using smart cardsrdquo Journalof Network and Computer Applications vol 33 no 1 pp 1ndash52010
[21] A KDas ldquoAnalysis and improvement on an efficient biometric-based remote user authentication scheme using smart cardsrdquoIET Information Security vol 5 no 3 pp 145ndash151 2011
[22] J P Linnartz and P Tuyls ldquoNew shielding functions toenhance privacy and prevent misuse of biometric templatesrdquoin Proceedings of the Audio and Video-Based Biometric PersonAuthentication vol 2688 of Lecture Notes in Computer Sciencepp 393ndash402 2003
International Journal of
AerospaceEngineeringHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
RoboticsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Active and Passive Electronic Components
Control Scienceand Engineering
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of
RotatingMachinery
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporation httpwwwhindawicom
Journal ofEngineeringVolume 2014
Submit your manuscripts athttpwwwhindawicom
VLSI Design
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Shock and Vibration
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Civil EngineeringAdvances in
Acoustics and VibrationAdvances in
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Electrical and Computer Engineering
Journal of
Advances inOptoElectronics
Hindawi Publishing Corporation httpwwwhindawicom
Volume 2014
The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014
SensorsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Modelling amp Simulation in EngineeringHindawi Publishing Corporation httpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Chemical EngineeringInternational Journal of Antennas and
Propagation
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Navigation and Observation
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
DistributedSensor Networks
International Journal of
6 International Journal of Distributed Sensor Networks
119862119894
119878119894
(1) Inserts the smart card and inputs 1198611015840119894
(2) Verifies whether 119889(119861119894 1198611015840
119894) lt 120591
(3) If it holds then 119862119894inputs hisher password PW
119894
(4) Computes 1199031015840119894= ℎ(PW
119894) oplus 119891119894and verifies whether 119889(119903
119894 1199031015840119894) lt 120591
(5) If it holds the smart card computes1198721= 119890119894oplus 1199031015840119894
1198722= ℎ(119877
119888 119879)
1198723= 1198721oplus1198722
(6)⟨119892119894 1198722 1198723 119879⟩997888997888997888997888997888997888997888997888997888997888997888rarr
Algorithm 5 Login phase of our scheme
119862119894
119878119894
(1) When receiving ⟨11989211989411987221198723 119879⟩
119878119894checks (119879lowast minus 119879) gt Δ119879
(2) 119878119894computes119872
4= ℎ (119892
119894 119883119904)
1198725= 1198724oplus1198723 and verifies whether119872
5= 1198722
(3) 119878119894computes119872
6= ℎ(119877
119904 119879119904)
1198727= 1198724oplus1198726
⟨1198724 1198726 1198727 119879119904 ⟩larr997888997888997888997888997888997888997888997888997888997888997888997888997888
(4) When receiving ⟨1198724 1198726 1198727 119879119904⟩
at 119879lowastlowast 119862119894checks (119879lowastlowast minus 119879) gt Δ119879
computes1198728= 1198724oplus1198727 then verifies119872
8= 1198726
(5) 119862119894computes119872
9= 1198724oplus1198726 then verifies119872
9= 1198727 computes119872
10= ℎ(119877
119888 1198791015840) and
then11987211
= 1198727oplus11987210
⟨11987211 119877119888 1198791015840⟩
997888997888997888997888997888997888997888997888997888997888rarr
(6) When receiving ⟨11987211 119877119888 1198791015840⟩ at 119879lowastlowastlowast 119878
119894verifies (119879lowastlowastlowast minus 119879) gt Δ119879
then computes11987212
= ℎ(119877119888 1198791015840)
11987213
= 1198724oplus1198726oplus11987212 then verifies119872
13= 11987211
If it holds 119878119894accepts 1198621015840
119894119904 login request
Algorithm 6 Authentication phase of our scheme
5 Security Analysis and Performance ofthe Proposed Scheme
51 Security Analysis If a legal user lost hisher smart cardit is extremely hard for an adversary to derive the userrsquossensitive information such as userrsquos identity password andbiometrics because the extraction of parameters from thesmart card is quite difficult Furthermore the adversarycannot change the password because heshe cannot pass thebiometric verification
511 Denial-of-Service Attack In our proposed protocolwe take into account hash functionrsquos sensitivity to smallperturbations in its inputs In the login phase userrsquos biometricverification is performed by checking 119889(119861
119894 1198611015840119894) gt 120591 instead
of checking ℎ(1198611015840119894) = 119891119894 Moreover the password verification
is performed by checking 119889(1199031015840119894 119903119894) gt 120591 instead of 1199031015840
119894= 119903119894 So
denial-of-service attack caused by hash functionrsquos fundamen-tal properties can be withstood
512 Stolen-Verifier Attack Our scheme can resist stolen-verifier attack because the scheme is free from the veri-fierpassword table In our protocol the remote server 119878
119894does
not keep password tables Therefore an attacker cannot stealuserrsquos password from 119878
119894 Moreover the password ismasked by
hash function in the procedure of message transfer betweenthe user 119862
119894and remote server 119878
119894
513 Many Logged-In Users Attack Most systems whichmaintain the password table to verify user login are vulner-able to this kind of threat Our scheme can resist the threatsince our scheme requires on-card computation for login tothe remote server 119878
119894 and once the smart card is removed the
login process will be aborted
International Journal of Distributed Sensor Networks 7
514 Guessing Attack Our protocol can resist guessingattack which is a critical concern in password-based systemssince the password in our protocol is transmitted as a digestof some other secret information The attacker cannot guessthe userrsquos password from the digest because of the one-waycharacteristic of the hash function even if the attacker mayget the digest which contains the password
515 ReplayAttack Replaying an interceptedmessage can beprevented in our proposed protocol If an attacker intercepts⟨ID11989411987221198723 119879⟩ and tries to login to the remote server
119878119894via replaying the same message heshe cannot pass the
verification of the login request due to (119879lowast minus 119879) gt Δ119879 where119879lowast is the system time when the remote server 119878
119894receives
the replayed message Moreover if an attacker intercepts⟨119872411987261198727 119879119904⟩ and tries to replay the message to the user
119862119894 this kind of attack also can be prevented due to (119879lowastlowastminus119879
119904) gt
Δ119879
516 User Impersonation Attack In the login phase ofour scheme the message sent to remote server 119878
119894is
⟨11989211989411987221198723 119879⟩ instead of ⟨ID
11989411987221198723 119879⟩ where the userrsquos
identity ID119894is masked by hash function Even though an
attacker eavesdrops the message ⟨11989211989411987221198723 119879⟩ he cannot
derive the userrsquos identity ID119894 due to the one-way charac-
teristic of hash function In the authentication phase whenthe remote server 119878
119894receives the login request message
⟨11989211989411987221198723 119879⟩ it will check the validity of userrsquos identity
Since the attacker cannot derive legal userrsquos identity thecheck of userrsquos identity cannot pass which will result inthe termination of authentication phase Through the aboveanalysis we can see that user impersonation attack can beavoided in our scheme
517 Server Masquerading Attack If an attack 119860119894attempts
to masquerade as the legitimate server 119878119894 heshe must make
the forged replay message to the user when receiving theuserrsquos login request message ⟨119892
11989411987221198723 119879⟩ However the
forged replay message is more difficult to fake since thetime-stamped message ⟨119872
411987261198727 119879119904⟩ is sent to the user
119862119894when the remote server 119878
119894is receiving 119862
119894rsquos login request
message ⟨11989211989411987221198723 119879⟩ Moreover the attacker 119860
119894cannot
masquerade as the server by forging the replay message⟨119872411987261198727 119879119904⟩ because 119860
119894cannot compute (119872
41198727)
sending to the user 119862119894without knowing the secret value
119883119904kept by the server 119878
119894 Hence the attacker 119860
119894cannot
masquerade as the legal server to the user by launching theserver masquerading attack
518 Insider Attack In the registration phase if the userrsquospassword PW
119894and the biometrics information119861
119894are revealed
to the server 119878119894 the insider of the server may directly obtain
PW119894and 119861
119894 and the insider impersonates as the user 119862
119894to
access the userrsquos other accounts in the server But in the loginphase of our scheme if the insider wants to access 119862
119894rsquos other
accounts heshe must input hisher smart card to the cardreader and provide his biometric information 119861
1015840
119894in order to
pass the verification 119889(119861119894 1198611015840119894) lt 120591 Since the insider cannot
provide the user 119862119894rsquos smart card the biometric verification
will be aborted So the insider attack can be prevented
519 Mutual Authentication As described above ourscheme can withstand the user impersonation attack andserver masquerading attack consequently our scheme canprovide mutual authentication between the user 119862
119894and
remote server 119878119894
5110 Man-in-the-Middle Attack Man-in-the-middle attackmeans that an active attacker intercepts the communicationline between a legal user and the server and uses somemeansto successfully masquerade as both the server to the user andthe user to the server Then the user will believe that he istalking to the intended server and vice versa In our schemewhen a user 119862
119894wants to login to the remote server 119878
119894 mutual
authentication between the user 119862119894and remote server 119878
119894is
performed so man-in-the-middle attack can be prevented
52 Performance of the Proposed Scheme In this subsectionwe compare the performances of our improved schemewith those for Li-Hwangrsquos scheme [11] and Dasrsquos scheme[21] It is worth recalling that the protocol of Li-Hwangrsquosscheme [11] has security weaknesses against denial-of-serviceattack replay attack user impersonation attack and man-in-the-middle attack It is noted that Dasrsquos scheme [21] hassecurity weaknesses against denial-of-service attack userimpersonation attack replay attack server masqueradingattack and insider attack The security comparisons betweenour scheme and the schemes proposed by Li and Hwang [11]and Das [21] are summarized in Table 2 For the convenienceof evaluating the efficiency of related scheme we define thenotation 119879
ℎ the time of executing a one-way hash function
The efficiency comparison with related schemes is shown inTable 3 From the table we can see that our scheme is moreefficient than Dasrsquos scheme [21] Though our scheme is lessefficient than Li-Hwangrsquos scheme [11] it can provide bettersecurity against most attacks
6 Conclusion
This paper presents a biometric-based user authenticationscheme for clientserver system The method employs bio-metric keys and resists the threats of stolen-verifier of whichmany are logged-in users with the same login identity denial-of-service attack guessing attack insider attack replay attackuser impersonation attack server masquerading attack andman-in-the-middle attack Moreover the improved schemecan realize mutual authentication between the user andremote server The proposed scheme uses only hash functionand XOR operation which is efficient compared with thatof related protocols In addition the userrsquos password can bechanged freely using the proposed scheme Our proposedscheme provides strong authentication with the help of ver-ifying biometrics passwords and random nonces generatedby the user and server as compared to that of related schemes
8 International Journal of Distributed Sensor Networks
Table 2 Security comparisons among related protocols
Item Our scheme Li-Hwangrsquos scheme [11] Dasrsquos scheme [21]Avoiding denial-of-service attack Yes No NoAvoiding stolen-verifier attack Yes Yes YesAvoiding many logged-in users attack Yes Yes YesAvoiding guessing attack Yes Yes NoAvoiding replay attack Yes No NoAvoiding user impersonation attack Yes No NoAvoiding server masquerading attack Yes No NoAvoiding man-in-the-middle attack Yes No YesAvoiding insider attack Yes No NoMutual authentication Yes No NoHaving flaws in password change No Yes Yes
Table 3 Efficiency comparison with related schemes
Different phase Li-HwangrsquosScheme [11]
Dasrsquosscheme [21] Our scheme
RegistrationUser computation cost 2119879
ℎmdash 4119879
ℎ
Server computation cost mdash 3119879ℎ
mdashLogin
User computation cost 3119879ℎ
3119879ℎ
3119879ℎ
Server computation cost mdash mdash mdashAuthentication
User computation cost 2119879ℎ
3119879ℎ
119879ℎ
Server computation cost 3119879ℎ
5119879ℎ
3119879ℎ
Conflict of Interests
The authors declare that there is no conflict of interestsregarding the publication of this paper
Acknowledgments
The authors would like to thank the valuable comments andsuggestions of the reviewersThiswork is supported in part byNational Natural Science Foundation of China (no 61370223)and by Science Research Project of Hubei Provincial Depart-ment of Education (XD2012374 and B2013024)
References
[1] M S Hwang and C Y Liu ldquoAuthenticated encryption schemescurrent status and key issuesrdquo International Journal of NetworkSecurity vol 1 no 2 pp 61ndash73 2005
[2] N-Y Lee and Y-C Chiu ldquoImproved remote authenticationscheme with smart cardrdquo Computer Standards and Interfacesvol 27 no 2 pp 177ndash180 2005
[3] C T Li ldquoAn enhanced remote user authentication schemeproviding mutual authen- tication and key agreement withSmart Cardsrdquo in Proceedings of the 5th International IEEEComputer Society Conference on Information Assurance andSecurity pp 517ndash520 Xirsquoan China 2009
[4] MKim andC K Koc ldquoA simple attack on a recently introducedhash-based strong-password authentication schemerdquo Interna-tional Journal of Network Security vol 1 no 2 pp 77ndash80 2005
[5] K H M Wong Z Yuan C Jiannong and W ShengweildquoA dynamic user authentication scheme for wireless sensornetworksrdquo in Proceedings of the IEEE International Conferenceon Sensor Networks Ubiquitous and Trustworthy Computing(SUTC rsquo06) pp 244ndash251 Taichung Taiwan June 2006
[6] H-R Tseng R-H Jan and W Yang ldquoAn improved dynamicuser authentication scheme for wireless sensor networksrdquo inProceedings of the 50th Annual IEEEGlobal TelecommunicationsConference (GLOBECOM rsquo07) pp 986ndash990 Washington DCUSA November 2007
[7] T H Lee ldquoSimple dynamic user authen- tication protocolsfor wireless sensor networksrdquo in Proceedings of the 2nd Inter-national Conference on Sensor Technologies and Application(SENSORCOMMrsquo08) pp 657ndash660CapEsterel FranceAugust2008
[8] L-C Ko ldquoA novel dynamic user authentication scheme forwireless sensor networksrdquo in Proceedings of the IEEE Interna-tional Symposium on Wireless Communication Systems (ISWCSrsquo08) pp 608ndash612 Reykjavik Iceland October 2008
[9] B Vaidya J J Rodrigues and J H Park ldquoUser authenticationschemes with pseudonymity for ubiquitous sensor network inNGNrdquo International Journal of Communication Systems vol 23no 9-10 pp 1201ndash1222 2010
[10] J Daemen and R V Rijndael ldquoThe advanced encryptionstandardrdquo Dr Dobbrsquos Journal vol 26 no 3 pp 137ndash139 2001
[11] C-T Li and M-S Hwang ldquoAn efficient biometrics-basedremote user authentication scheme using smart cardsrdquo Journalof Network and Computer Applications vol 33 no 1 pp 1ndash52010
[12] A K Jain A Ross and S Prabhakar ldquoAn introduction to bio-metric recognitionrdquo IEEE Transactions on Circuits and Systemsfor Video Technology vol 14 no 1 pp 4ndash20 2004
[13] D Maltoni D Maio A K Jain and S Prabhakar Handbook ofFingerprint Recognition Springer New York NY USA 2009
[14] S Prabhakar S Pankanti and A K Jain ldquoBiometric recogni-tion security and privacy concernsrdquo IEEE Security and Privacyvol 1 no 2 pp 33ndash42 2003
[15] A Prakash ldquoA biometric approach for continuous user authen-tication by fusing hard and soft traitsrdquo International Journal ofNetwork Security vol 16 no 1 pp 65ndash70 2014
International Journal of Distributed Sensor Networks 9
[16] C K Dimitriadis and S A Shaikh ldquoA biometric authenticationprotocol for 3G mobile systems modelled and validated usingCSP and rank functionsrdquo International Journal of NetworkSecurity vol 5 no 1 pp 99ndash111 2007
[17] A Yang ldquoSecurity weaknesses and improvements of afingerprint-based remote user authentication scheme usingsmart cardsrdquo International Journal of Advancements inComputing Technology vol 4 no 3 pp 21ndash28 2012
[18] A N Younghwa ldquoSecurity analysis and enhancements of aneffective biometric-based remote user authentication schemeusing smart cardsrdquo Journal of Biomedicine and Biotechnologyvol 2012 Article ID 519723 6 pages 2012
[19] C-H Lin and Y-Y Lai ldquoA flexible biometrics remote userauthentication schemerdquoComputer Standards and Interfaces vol27 no 1 pp 19ndash23 2004
[20] C-T Li and M-S Hwang ldquoAn efficient biometrics-basedremote user authentication scheme using smart cardsrdquo Journalof Network and Computer Applications vol 33 no 1 pp 1ndash52010
[21] A KDas ldquoAnalysis and improvement on an efficient biometric-based remote user authentication scheme using smart cardsrdquoIET Information Security vol 5 no 3 pp 145ndash151 2011
[22] J P Linnartz and P Tuyls ldquoNew shielding functions toenhance privacy and prevent misuse of biometric templatesrdquoin Proceedings of the Audio and Video-Based Biometric PersonAuthentication vol 2688 of Lecture Notes in Computer Sciencepp 393ndash402 2003
International Journal of
AerospaceEngineeringHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
RoboticsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Active and Passive Electronic Components
Control Scienceand Engineering
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of
RotatingMachinery
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporation httpwwwhindawicom
Journal ofEngineeringVolume 2014
Submit your manuscripts athttpwwwhindawicom
VLSI Design
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Shock and Vibration
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Civil EngineeringAdvances in
Acoustics and VibrationAdvances in
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Electrical and Computer Engineering
Journal of
Advances inOptoElectronics
Hindawi Publishing Corporation httpwwwhindawicom
Volume 2014
The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014
SensorsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Modelling amp Simulation in EngineeringHindawi Publishing Corporation httpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Chemical EngineeringInternational Journal of Antennas and
Propagation
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Navigation and Observation
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
DistributedSensor Networks
International Journal of
International Journal of Distributed Sensor Networks 7
514 Guessing Attack Our protocol can resist guessingattack which is a critical concern in password-based systemssince the password in our protocol is transmitted as a digestof some other secret information The attacker cannot guessthe userrsquos password from the digest because of the one-waycharacteristic of the hash function even if the attacker mayget the digest which contains the password
515 ReplayAttack Replaying an interceptedmessage can beprevented in our proposed protocol If an attacker intercepts⟨ID11989411987221198723 119879⟩ and tries to login to the remote server
119878119894via replaying the same message heshe cannot pass the
verification of the login request due to (119879lowast minus 119879) gt Δ119879 where119879lowast is the system time when the remote server 119878
119894receives
the replayed message Moreover if an attacker intercepts⟨119872411987261198727 119879119904⟩ and tries to replay the message to the user
119862119894 this kind of attack also can be prevented due to (119879lowastlowastminus119879
119904) gt
Δ119879
516 User Impersonation Attack In the login phase ofour scheme the message sent to remote server 119878
119894is
⟨11989211989411987221198723 119879⟩ instead of ⟨ID
11989411987221198723 119879⟩ where the userrsquos
identity ID119894is masked by hash function Even though an
attacker eavesdrops the message ⟨11989211989411987221198723 119879⟩ he cannot
derive the userrsquos identity ID119894 due to the one-way charac-
teristic of hash function In the authentication phase whenthe remote server 119878
119894receives the login request message
⟨11989211989411987221198723 119879⟩ it will check the validity of userrsquos identity
Since the attacker cannot derive legal userrsquos identity thecheck of userrsquos identity cannot pass which will result inthe termination of authentication phase Through the aboveanalysis we can see that user impersonation attack can beavoided in our scheme
517 Server Masquerading Attack If an attack 119860119894attempts
to masquerade as the legitimate server 119878119894 heshe must make
the forged replay message to the user when receiving theuserrsquos login request message ⟨119892
11989411987221198723 119879⟩ However the
forged replay message is more difficult to fake since thetime-stamped message ⟨119872
411987261198727 119879119904⟩ is sent to the user
119862119894when the remote server 119878
119894is receiving 119862
119894rsquos login request
message ⟨11989211989411987221198723 119879⟩ Moreover the attacker 119860
119894cannot
masquerade as the server by forging the replay message⟨119872411987261198727 119879119904⟩ because 119860
119894cannot compute (119872
41198727)
sending to the user 119862119894without knowing the secret value
119883119904kept by the server 119878
119894 Hence the attacker 119860
119894cannot
masquerade as the legal server to the user by launching theserver masquerading attack
518 Insider Attack In the registration phase if the userrsquospassword PW
119894and the biometrics information119861
119894are revealed
to the server 119878119894 the insider of the server may directly obtain
PW119894and 119861
119894 and the insider impersonates as the user 119862
119894to
access the userrsquos other accounts in the server But in the loginphase of our scheme if the insider wants to access 119862
119894rsquos other
accounts heshe must input hisher smart card to the cardreader and provide his biometric information 119861
1015840
119894in order to
pass the verification 119889(119861119894 1198611015840119894) lt 120591 Since the insider cannot
provide the user 119862119894rsquos smart card the biometric verification
will be aborted So the insider attack can be prevented
519 Mutual Authentication As described above ourscheme can withstand the user impersonation attack andserver masquerading attack consequently our scheme canprovide mutual authentication between the user 119862
119894and
remote server 119878119894
5110 Man-in-the-Middle Attack Man-in-the-middle attackmeans that an active attacker intercepts the communicationline between a legal user and the server and uses somemeansto successfully masquerade as both the server to the user andthe user to the server Then the user will believe that he istalking to the intended server and vice versa In our schemewhen a user 119862
119894wants to login to the remote server 119878
119894 mutual
authentication between the user 119862119894and remote server 119878
119894is
performed so man-in-the-middle attack can be prevented
52 Performance of the Proposed Scheme In this subsectionwe compare the performances of our improved schemewith those for Li-Hwangrsquos scheme [11] and Dasrsquos scheme[21] It is worth recalling that the protocol of Li-Hwangrsquosscheme [11] has security weaknesses against denial-of-serviceattack replay attack user impersonation attack and man-in-the-middle attack It is noted that Dasrsquos scheme [21] hassecurity weaknesses against denial-of-service attack userimpersonation attack replay attack server masqueradingattack and insider attack The security comparisons betweenour scheme and the schemes proposed by Li and Hwang [11]and Das [21] are summarized in Table 2 For the convenienceof evaluating the efficiency of related scheme we define thenotation 119879
ℎ the time of executing a one-way hash function
The efficiency comparison with related schemes is shown inTable 3 From the table we can see that our scheme is moreefficient than Dasrsquos scheme [21] Though our scheme is lessefficient than Li-Hwangrsquos scheme [11] it can provide bettersecurity against most attacks
6 Conclusion
This paper presents a biometric-based user authenticationscheme for clientserver system The method employs bio-metric keys and resists the threats of stolen-verifier of whichmany are logged-in users with the same login identity denial-of-service attack guessing attack insider attack replay attackuser impersonation attack server masquerading attack andman-in-the-middle attack Moreover the improved schemecan realize mutual authentication between the user andremote server The proposed scheme uses only hash functionand XOR operation which is efficient compared with thatof related protocols In addition the userrsquos password can bechanged freely using the proposed scheme Our proposedscheme provides strong authentication with the help of ver-ifying biometrics passwords and random nonces generatedby the user and server as compared to that of related schemes
8 International Journal of Distributed Sensor Networks
Table 2 Security comparisons among related protocols
Item Our scheme Li-Hwangrsquos scheme [11] Dasrsquos scheme [21]Avoiding denial-of-service attack Yes No NoAvoiding stolen-verifier attack Yes Yes YesAvoiding many logged-in users attack Yes Yes YesAvoiding guessing attack Yes Yes NoAvoiding replay attack Yes No NoAvoiding user impersonation attack Yes No NoAvoiding server masquerading attack Yes No NoAvoiding man-in-the-middle attack Yes No YesAvoiding insider attack Yes No NoMutual authentication Yes No NoHaving flaws in password change No Yes Yes
Table 3 Efficiency comparison with related schemes
Different phase Li-HwangrsquosScheme [11]
Dasrsquosscheme [21] Our scheme
RegistrationUser computation cost 2119879
ℎmdash 4119879
ℎ
Server computation cost mdash 3119879ℎ
mdashLogin
User computation cost 3119879ℎ
3119879ℎ
3119879ℎ
Server computation cost mdash mdash mdashAuthentication
User computation cost 2119879ℎ
3119879ℎ
119879ℎ
Server computation cost 3119879ℎ
5119879ℎ
3119879ℎ
Conflict of Interests
The authors declare that there is no conflict of interestsregarding the publication of this paper
Acknowledgments
The authors would like to thank the valuable comments andsuggestions of the reviewersThiswork is supported in part byNational Natural Science Foundation of China (no 61370223)and by Science Research Project of Hubei Provincial Depart-ment of Education (XD2012374 and B2013024)
References
[1] M S Hwang and C Y Liu ldquoAuthenticated encryption schemescurrent status and key issuesrdquo International Journal of NetworkSecurity vol 1 no 2 pp 61ndash73 2005
[2] N-Y Lee and Y-C Chiu ldquoImproved remote authenticationscheme with smart cardrdquo Computer Standards and Interfacesvol 27 no 2 pp 177ndash180 2005
[3] C T Li ldquoAn enhanced remote user authentication schemeproviding mutual authen- tication and key agreement withSmart Cardsrdquo in Proceedings of the 5th International IEEEComputer Society Conference on Information Assurance andSecurity pp 517ndash520 Xirsquoan China 2009
[4] MKim andC K Koc ldquoA simple attack on a recently introducedhash-based strong-password authentication schemerdquo Interna-tional Journal of Network Security vol 1 no 2 pp 77ndash80 2005
[5] K H M Wong Z Yuan C Jiannong and W ShengweildquoA dynamic user authentication scheme for wireless sensornetworksrdquo in Proceedings of the IEEE International Conferenceon Sensor Networks Ubiquitous and Trustworthy Computing(SUTC rsquo06) pp 244ndash251 Taichung Taiwan June 2006
[6] H-R Tseng R-H Jan and W Yang ldquoAn improved dynamicuser authentication scheme for wireless sensor networksrdquo inProceedings of the 50th Annual IEEEGlobal TelecommunicationsConference (GLOBECOM rsquo07) pp 986ndash990 Washington DCUSA November 2007
[7] T H Lee ldquoSimple dynamic user authen- tication protocolsfor wireless sensor networksrdquo in Proceedings of the 2nd Inter-national Conference on Sensor Technologies and Application(SENSORCOMMrsquo08) pp 657ndash660CapEsterel FranceAugust2008
[8] L-C Ko ldquoA novel dynamic user authentication scheme forwireless sensor networksrdquo in Proceedings of the IEEE Interna-tional Symposium on Wireless Communication Systems (ISWCSrsquo08) pp 608ndash612 Reykjavik Iceland October 2008
[9] B Vaidya J J Rodrigues and J H Park ldquoUser authenticationschemes with pseudonymity for ubiquitous sensor network inNGNrdquo International Journal of Communication Systems vol 23no 9-10 pp 1201ndash1222 2010
[10] J Daemen and R V Rijndael ldquoThe advanced encryptionstandardrdquo Dr Dobbrsquos Journal vol 26 no 3 pp 137ndash139 2001
[11] C-T Li and M-S Hwang ldquoAn efficient biometrics-basedremote user authentication scheme using smart cardsrdquo Journalof Network and Computer Applications vol 33 no 1 pp 1ndash52010
[12] A K Jain A Ross and S Prabhakar ldquoAn introduction to bio-metric recognitionrdquo IEEE Transactions on Circuits and Systemsfor Video Technology vol 14 no 1 pp 4ndash20 2004
[13] D Maltoni D Maio A K Jain and S Prabhakar Handbook ofFingerprint Recognition Springer New York NY USA 2009
[14] S Prabhakar S Pankanti and A K Jain ldquoBiometric recogni-tion security and privacy concernsrdquo IEEE Security and Privacyvol 1 no 2 pp 33ndash42 2003
[15] A Prakash ldquoA biometric approach for continuous user authen-tication by fusing hard and soft traitsrdquo International Journal ofNetwork Security vol 16 no 1 pp 65ndash70 2014
International Journal of Distributed Sensor Networks 9
[16] C K Dimitriadis and S A Shaikh ldquoA biometric authenticationprotocol for 3G mobile systems modelled and validated usingCSP and rank functionsrdquo International Journal of NetworkSecurity vol 5 no 1 pp 99ndash111 2007
[17] A Yang ldquoSecurity weaknesses and improvements of afingerprint-based remote user authentication scheme usingsmart cardsrdquo International Journal of Advancements inComputing Technology vol 4 no 3 pp 21ndash28 2012
[18] A N Younghwa ldquoSecurity analysis and enhancements of aneffective biometric-based remote user authentication schemeusing smart cardsrdquo Journal of Biomedicine and Biotechnologyvol 2012 Article ID 519723 6 pages 2012
[19] C-H Lin and Y-Y Lai ldquoA flexible biometrics remote userauthentication schemerdquoComputer Standards and Interfaces vol27 no 1 pp 19ndash23 2004
[20] C-T Li and M-S Hwang ldquoAn efficient biometrics-basedremote user authentication scheme using smart cardsrdquo Journalof Network and Computer Applications vol 33 no 1 pp 1ndash52010
[21] A KDas ldquoAnalysis and improvement on an efficient biometric-based remote user authentication scheme using smart cardsrdquoIET Information Security vol 5 no 3 pp 145ndash151 2011
[22] J P Linnartz and P Tuyls ldquoNew shielding functions toenhance privacy and prevent misuse of biometric templatesrdquoin Proceedings of the Audio and Video-Based Biometric PersonAuthentication vol 2688 of Lecture Notes in Computer Sciencepp 393ndash402 2003
International Journal of
AerospaceEngineeringHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
RoboticsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Active and Passive Electronic Components
Control Scienceand Engineering
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of
RotatingMachinery
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporation httpwwwhindawicom
Journal ofEngineeringVolume 2014
Submit your manuscripts athttpwwwhindawicom
VLSI Design
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Shock and Vibration
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Civil EngineeringAdvances in
Acoustics and VibrationAdvances in
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Electrical and Computer Engineering
Journal of
Advances inOptoElectronics
Hindawi Publishing Corporation httpwwwhindawicom
Volume 2014
The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014
SensorsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Modelling amp Simulation in EngineeringHindawi Publishing Corporation httpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Chemical EngineeringInternational Journal of Antennas and
Propagation
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Navigation and Observation
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
DistributedSensor Networks
International Journal of
8 International Journal of Distributed Sensor Networks
Table 2 Security comparisons among related protocols
Item Our scheme Li-Hwangrsquos scheme [11] Dasrsquos scheme [21]Avoiding denial-of-service attack Yes No NoAvoiding stolen-verifier attack Yes Yes YesAvoiding many logged-in users attack Yes Yes YesAvoiding guessing attack Yes Yes NoAvoiding replay attack Yes No NoAvoiding user impersonation attack Yes No NoAvoiding server masquerading attack Yes No NoAvoiding man-in-the-middle attack Yes No YesAvoiding insider attack Yes No NoMutual authentication Yes No NoHaving flaws in password change No Yes Yes
Table 3 Efficiency comparison with related schemes
Different phase Li-HwangrsquosScheme [11]
Dasrsquosscheme [21] Our scheme
RegistrationUser computation cost 2119879
ℎmdash 4119879
ℎ
Server computation cost mdash 3119879ℎ
mdashLogin
User computation cost 3119879ℎ
3119879ℎ
3119879ℎ
Server computation cost mdash mdash mdashAuthentication
User computation cost 2119879ℎ
3119879ℎ
119879ℎ
Server computation cost 3119879ℎ
5119879ℎ
3119879ℎ
Conflict of Interests
The authors declare that there is no conflict of interestsregarding the publication of this paper
Acknowledgments
The authors would like to thank the valuable comments andsuggestions of the reviewersThiswork is supported in part byNational Natural Science Foundation of China (no 61370223)and by Science Research Project of Hubei Provincial Depart-ment of Education (XD2012374 and B2013024)
References
[1] M S Hwang and C Y Liu ldquoAuthenticated encryption schemescurrent status and key issuesrdquo International Journal of NetworkSecurity vol 1 no 2 pp 61ndash73 2005
[2] N-Y Lee and Y-C Chiu ldquoImproved remote authenticationscheme with smart cardrdquo Computer Standards and Interfacesvol 27 no 2 pp 177ndash180 2005
[3] C T Li ldquoAn enhanced remote user authentication schemeproviding mutual authen- tication and key agreement withSmart Cardsrdquo in Proceedings of the 5th International IEEEComputer Society Conference on Information Assurance andSecurity pp 517ndash520 Xirsquoan China 2009
[4] MKim andC K Koc ldquoA simple attack on a recently introducedhash-based strong-password authentication schemerdquo Interna-tional Journal of Network Security vol 1 no 2 pp 77ndash80 2005
[5] K H M Wong Z Yuan C Jiannong and W ShengweildquoA dynamic user authentication scheme for wireless sensornetworksrdquo in Proceedings of the IEEE International Conferenceon Sensor Networks Ubiquitous and Trustworthy Computing(SUTC rsquo06) pp 244ndash251 Taichung Taiwan June 2006
[6] H-R Tseng R-H Jan and W Yang ldquoAn improved dynamicuser authentication scheme for wireless sensor networksrdquo inProceedings of the 50th Annual IEEEGlobal TelecommunicationsConference (GLOBECOM rsquo07) pp 986ndash990 Washington DCUSA November 2007
[7] T H Lee ldquoSimple dynamic user authen- tication protocolsfor wireless sensor networksrdquo in Proceedings of the 2nd Inter-national Conference on Sensor Technologies and Application(SENSORCOMMrsquo08) pp 657ndash660CapEsterel FranceAugust2008
[8] L-C Ko ldquoA novel dynamic user authentication scheme forwireless sensor networksrdquo in Proceedings of the IEEE Interna-tional Symposium on Wireless Communication Systems (ISWCSrsquo08) pp 608ndash612 Reykjavik Iceland October 2008
[9] B Vaidya J J Rodrigues and J H Park ldquoUser authenticationschemes with pseudonymity for ubiquitous sensor network inNGNrdquo International Journal of Communication Systems vol 23no 9-10 pp 1201ndash1222 2010
[10] J Daemen and R V Rijndael ldquoThe advanced encryptionstandardrdquo Dr Dobbrsquos Journal vol 26 no 3 pp 137ndash139 2001
[11] C-T Li and M-S Hwang ldquoAn efficient biometrics-basedremote user authentication scheme using smart cardsrdquo Journalof Network and Computer Applications vol 33 no 1 pp 1ndash52010
[12] A K Jain A Ross and S Prabhakar ldquoAn introduction to bio-metric recognitionrdquo IEEE Transactions on Circuits and Systemsfor Video Technology vol 14 no 1 pp 4ndash20 2004
[13] D Maltoni D Maio A K Jain and S Prabhakar Handbook ofFingerprint Recognition Springer New York NY USA 2009
[14] S Prabhakar S Pankanti and A K Jain ldquoBiometric recogni-tion security and privacy concernsrdquo IEEE Security and Privacyvol 1 no 2 pp 33ndash42 2003
[15] A Prakash ldquoA biometric approach for continuous user authen-tication by fusing hard and soft traitsrdquo International Journal ofNetwork Security vol 16 no 1 pp 65ndash70 2014
International Journal of Distributed Sensor Networks 9
[16] C K Dimitriadis and S A Shaikh ldquoA biometric authenticationprotocol for 3G mobile systems modelled and validated usingCSP and rank functionsrdquo International Journal of NetworkSecurity vol 5 no 1 pp 99ndash111 2007
[17] A Yang ldquoSecurity weaknesses and improvements of afingerprint-based remote user authentication scheme usingsmart cardsrdquo International Journal of Advancements inComputing Technology vol 4 no 3 pp 21ndash28 2012
[18] A N Younghwa ldquoSecurity analysis and enhancements of aneffective biometric-based remote user authentication schemeusing smart cardsrdquo Journal of Biomedicine and Biotechnologyvol 2012 Article ID 519723 6 pages 2012
[19] C-H Lin and Y-Y Lai ldquoA flexible biometrics remote userauthentication schemerdquoComputer Standards and Interfaces vol27 no 1 pp 19ndash23 2004
[20] C-T Li and M-S Hwang ldquoAn efficient biometrics-basedremote user authentication scheme using smart cardsrdquo Journalof Network and Computer Applications vol 33 no 1 pp 1ndash52010
[21] A KDas ldquoAnalysis and improvement on an efficient biometric-based remote user authentication scheme using smart cardsrdquoIET Information Security vol 5 no 3 pp 145ndash151 2011
[22] J P Linnartz and P Tuyls ldquoNew shielding functions toenhance privacy and prevent misuse of biometric templatesrdquoin Proceedings of the Audio and Video-Based Biometric PersonAuthentication vol 2688 of Lecture Notes in Computer Sciencepp 393ndash402 2003
International Journal of
AerospaceEngineeringHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
RoboticsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Active and Passive Electronic Components
Control Scienceand Engineering
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of
RotatingMachinery
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporation httpwwwhindawicom
Journal ofEngineeringVolume 2014
Submit your manuscripts athttpwwwhindawicom
VLSI Design
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Shock and Vibration
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Civil EngineeringAdvances in
Acoustics and VibrationAdvances in
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Electrical and Computer Engineering
Journal of
Advances inOptoElectronics
Hindawi Publishing Corporation httpwwwhindawicom
Volume 2014
The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014
SensorsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Modelling amp Simulation in EngineeringHindawi Publishing Corporation httpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Chemical EngineeringInternational Journal of Antennas and
Propagation
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Navigation and Observation
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
DistributedSensor Networks
International Journal of
International Journal of Distributed Sensor Networks 9
[16] C K Dimitriadis and S A Shaikh ldquoA biometric authenticationprotocol for 3G mobile systems modelled and validated usingCSP and rank functionsrdquo International Journal of NetworkSecurity vol 5 no 1 pp 99ndash111 2007
[17] A Yang ldquoSecurity weaknesses and improvements of afingerprint-based remote user authentication scheme usingsmart cardsrdquo International Journal of Advancements inComputing Technology vol 4 no 3 pp 21ndash28 2012
[18] A N Younghwa ldquoSecurity analysis and enhancements of aneffective biometric-based remote user authentication schemeusing smart cardsrdquo Journal of Biomedicine and Biotechnologyvol 2012 Article ID 519723 6 pages 2012
[19] C-H Lin and Y-Y Lai ldquoA flexible biometrics remote userauthentication schemerdquoComputer Standards and Interfaces vol27 no 1 pp 19ndash23 2004
[20] C-T Li and M-S Hwang ldquoAn efficient biometrics-basedremote user authentication scheme using smart cardsrdquo Journalof Network and Computer Applications vol 33 no 1 pp 1ndash52010
[21] A KDas ldquoAnalysis and improvement on an efficient biometric-based remote user authentication scheme using smart cardsrdquoIET Information Security vol 5 no 3 pp 145ndash151 2011
[22] J P Linnartz and P Tuyls ldquoNew shielding functions toenhance privacy and prevent misuse of biometric templatesrdquoin Proceedings of the Audio and Video-Based Biometric PersonAuthentication vol 2688 of Lecture Notes in Computer Sciencepp 393ndash402 2003
International Journal of
AerospaceEngineeringHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
RoboticsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Active and Passive Electronic Components
Control Scienceand Engineering
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of
RotatingMachinery
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporation httpwwwhindawicom
Journal ofEngineeringVolume 2014
Submit your manuscripts athttpwwwhindawicom
VLSI Design
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Shock and Vibration
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Civil EngineeringAdvances in
Acoustics and VibrationAdvances in
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Electrical and Computer Engineering
Journal of
Advances inOptoElectronics
Hindawi Publishing Corporation httpwwwhindawicom
Volume 2014
The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014
SensorsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Modelling amp Simulation in EngineeringHindawi Publishing Corporation httpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Chemical EngineeringInternational Journal of Antennas and
Propagation
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Navigation and Observation
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
DistributedSensor Networks
International Journal of
International Journal of
AerospaceEngineeringHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
RoboticsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Active and Passive Electronic Components
Control Scienceand Engineering
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of
RotatingMachinery
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporation httpwwwhindawicom
Journal ofEngineeringVolume 2014
Submit your manuscripts athttpwwwhindawicom
VLSI Design
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Shock and Vibration
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Civil EngineeringAdvances in
Acoustics and VibrationAdvances in
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Electrical and Computer Engineering
Journal of
Advances inOptoElectronics
Hindawi Publishing Corporation httpwwwhindawicom
Volume 2014
The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014
SensorsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Modelling amp Simulation in EngineeringHindawi Publishing Corporation httpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Chemical EngineeringInternational Journal of Antennas and
Propagation
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Navigation and Observation
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
DistributedSensor Networks
International Journal of