275341.pdf
-
Upload
deebak-rose -
Category
Documents
-
view
216 -
download
0
Transcript of 275341.pdf
-
Research ArticleAn Improved Biometric-Based User Authentication Scheme forC/S System
Li Jiping,1 Ding Yaoming,1 Xiong Zenggang,1 and Liu Shouyin2
1 School of Computer and Information Science, Hubei Engineering University, Xiaogan 432000, China2 College of Physical and Technology, Central China Normal University, Wuhan 430079, China
Correspondence should be addressed to Ding Yaoming; [email protected]
Received 24 August 2013; Revised 18 February 2014; Accepted 27 February 2014; Published 27 April 2014
Academic Editor: Chuan-Ming Liu
Copyright 2014 Li Jiping et al.This is an open access article distributed under the Creative Commons Attribution License, whichpermits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.
The authors first review the recently proposed Dass biometric-based remote user authentication scheme, and then show that Dassscheme is still insecure against some attacks and has some problems in password change phase. In order to overcome the designflaws in Dass scheme, an improvement of the scheme is further proposed. Cryptanalysis shows that our scheme is more efficientand secure against most of attacks; moreover, our scheme can provide strong mutual authentication by using verifying biometric,password as well as random nonces generated by the user and server.
1. Introduction
In a client/server system, the validity of remote user is neces-sary to assure the security of the system. Traditional remoteidentity-based authentication schemes [19] are based onpasswords only.However, simple passwords are always easy tobreak by using simple dictionary attacks since they have lowentropy. To overcome this problem, cryptographic secret keysand passwords are used in the remote user authenticationschemes. But the long and random cryptographic keys aredifficult to memorize and hence they must be stored some-where [10]; it is expensive to maintain the long cryptographickeys. Furthermore, both passwords and cryptographic keysare unable to provide nonrepudiation because they can beforgotten or lost or when they are shared with other people,there is no-way to know who the actual user is [11]. Abiometric system operates by acquiring biometric data froman individual, extracting a feature set from the acquired dataand comparing this feature set against the template set inthe database [1214]. In [3], the authors propose an online(, ) threshold secret sharing scheme based on biometricverification and threshold password authentication. In [15],a continuous user authentication scheme based on biometricverification by fusing hard and soft traits is proposed irrespec-tive of user posture in front of the system. In [16], a BIO3G
protocol based on biometric authentication for 3G mobileenvironments is proposed to provide real end to end stronguser authentication. In [17], the author analyzes the securityof Dass biometric-based authentication scheme and showsthat the scheme is still insecure against some attacks anddoes not provide mutual authentication between the userand server. In [18], the author proposes an enhanced schemebased on biometric verification and smart card to removethe security weakness of Dass scheme analyzed in [17].However, the proposed scheme in [18] cannot withstand thereplay attack between the user and the remote server. Inthe abovementioned schemes, biometric verification allowsone to confirm or establish an individual identity. Therefore,biometric keys are proposedwhich are based on physiologicaland behavioral characteristics of persons such as fingerprints,faces, irises, hand geometry, and palm prints. Some advan-tages of biometric keys are described as follows [19, 20].
(i) Biometric keys cannot be lost or forgotten.(ii) Biometric keys are very difficult to copy or share.(iii) Biometric keys are extremely hard to forge or dis-
tribute.(iv) Biometric keys cannot be guessed easily.(v) Someones biometrics is not easier to break than
others.
Hindawi Publishing CorporationInternational Journal of Distributed Sensor NetworksVolume 2014, Article ID 275341, 9 pageshttp://dx.doi.org/10.1155/2014/275341
-
2 International Journal of Distributed Sensor Networks
Table 1: Notations used in the proposed scheme.
Notation Description
Client
Trusted registration center
ServerPW
Password shared between and
ID
Identity of the user
Biometric template of the user
() Symmetric parametric function Predetermined threshold for biometric verification() A secure one-way hash function
A secret information maintained by the server
A random number chosen by
A random number chosen by
Data concatenates with data XOR operation of and
As a result, biometric-based remote user authenticationsare inherently more reliable and secure than usual traditionalpassword-based remote user authentication schemes.
In this paper, we propose an improvement of Dassbiometric-based remote user authentication scheme usingsmart cards in order to withstand his design flaws. Theremainder of this paper is organized as follows. In Section 2,we briefly review the Dass biometric-based remote userauthentication scheme using smart cards [21]. In Section 3,we analyze the design flaws in Dass scheme. In Section 4, wepropose an improvement of the scheme in order to eliminatethe design flaws discussed in Section 3. Security analysis ofour scheme and performance comparison with other relatedschemes are implemented in Section 5. Finally, we concludethe paper in Section 6.
2. Review of DASs Biometric-Based RemoteUser Authentication Scheme
In this section, we review in brief Dass biometric-basedremote user authentication scheme [21]. For describing theDass scheme [21], we use the notations shown in Table 1.Dass scheme consists of the following four phases, namely,registration phase, login phase, authentication phase, andchange password phase. Details of each phase are given in thefollowing subsections.
2.1. Registration Phase. In order to login to the system, theremote user
needs to perform the following stages, as
shown in Algorithm 1.
Step 1.The user inputs his/her personal biometricon a spe-
cific device and offers his/her password PWand the identity
IDof the user to the registration center
in person.
(1)ID PW
(2) Computes and
= (
)
= (PW
)
= (ID
)
(3)Smart card(ID , (), , , )
Algorithm 1: Registration phase of Dass scheme.
Step 2. The registration center then computes
= (
),
= (PW
) , and
= (ID
) . Here
is secret
information generated by the server.
Step 3. Finally, the registration center
loads(ID, (),
, , ) on the users smart card and sends
the information to the user via a secure channel.
2.2. Login Phase. In this phase, if a user wants to login to
the server , he/she needs to perform the following steps, as
shown in Algorithm 2.
Step 1. first inserts his/her smart card into the smart card
reader of a terminal and offers his/her personal biometrictemplate,
, on the specific device to verify his/her biometric.
Step 2. Next, the users personal biometric template is
matched against the template stored in the system.
Step 3. If the above verification does not hold, then does
not pass the biometric verification and, as a result, the remoteuser authentication is terminated. Otherwise, on the otherhand, if the abovementioned verification holds,
passes the
biometric verification and then inputs his/her password
PWto perform Step 4.
Step 4. The smart card computes = (PW
) . If = ,
then password verification fails, and the client terminates thesession.
Step 5. If = , the smart card computes
1= ,
which is equal to (ID ),2= 1 , which is equal
to (ID )
, and
3= (
), where
is a random
number generated by the user.
Step 6. Finally, sends the message ID
,2,3 to the
remote server .
2.3. Authentication Phase. After receiving the login requestmessage ID
,2,3, performs the following steps, as
shown in Algorithm 3, in order to authenticate whether theuser
is legal or not.
-
International Journal of Distributed Sensor Networks 3
(1) Inserts the smart card and
(2) Verifies whether matches with template stored in system?
(3) If it holds, then inputs his/her password PW
(4) Computes = (PW
)
(5) Checks if = ?
(6) If it holds, the smart card computes the following:1=
2= 1
3= (
)
(7)ID ,2 ,3
Algorithm 2: Login phase of Dass scheme.
(1) Checks whether the format of s IDis valid or not.
If above holds, computes the following:
4= (ID
)
5= 24
(2) Verifies whether (5) =
3?
If it holds, then computes6= 4
7= (
2 5)
8= (
)
(3)7 ,6 ,8
(4) Verifies whether7= (
2 )?
(5) If above holds, computes
9= 61
Verifies whether (9) =
8?
If it does not hold, is rejected by
Otherwise, if it holds, then computes10= (
6 9)
(6)10
(7) Verifies whether10= (
6 )?
(8) If it holds, accepts
s login request
(9) Otherwise, rejects
s login request
Algorithm 3: Authentication phase of Dass scheme.
Step 1. first checks the format of
s ID.
Step 2. If the above format is valid, then computes
4=
(ID ), 5=
2 4and then verifies whether
(5) =
3. If it does not hold, then
rejects
s login
request. In case the verification is successful, then computes
6= 4 ,7= (
2 5), and
8= (
).
Step 3. then sends the message
7,6,8 to
.
Step 4. After receiving the message in Step 3, verifies
whether 7= (
2 ). Thus, if the verification does
not pass, terminates the session. Otherwise,
proceeds
as follows by computing9= 61(= ) and verifying
further whether (9) =
8. If (
9) =
8, terminates
the session. On the other hand, computes
10= (
6
9) and sends the message
10 to the server
.
Step 5. After receivings message,
verifies whether
10=
(6 ).
Step 6. If the abovementioned does not hold, rejects
s
login request.
Step 7. In case the verification is successful, then only
accepts s login request.
2.4. Password Change. The password change phase of Dassscheme [21] has the following steps.
-
4 International Journal of Distributed Sensor Networks
Step 1. It inserts the smart card into the card reader and offers.
Step 2. It verifies whether the users personal biometrictemplate
matches against the template stored in the system.
Step 3. If passes the biometric verification, then only
enters his/her old password PWold
and new changed
password PWnew
.
Step 4. The smart card then computes = (PWold
)
;
if = , the password change phase is terminated. If
= ,
then only smart card computes = (PWnew
)
, =
(= (ID
)), and
= .
Step 5. Finally, replace with
and
with
on the smart
card.
3. Cryptanalysis of Dass Scheme
This section demonstrates that Dass scheme [21] has somedrawbacks: denial-of-service attack, user impersonationattack, replay attack, and password change problem.
3.1. Denial-of-Service Attack. One of fundamental propertiesof a secure one-way hash function is that its outputs are verysensitive to small perturbations in their inputs. The crypto-graphic hash function cannot be applied straightforwardlywhen the input data are with noise such as biometrics [22].Then the predetermined threshold for biometric verificationcannot be used to measure outputs of hash functions. Inthe registration phase of Dass scheme, the register center
computes = (
) and
= (PW
) and then stores
and
in the smart card. In the login phase,
inserts
his/her smart card into the card reader and provides his/herpersonal biometrics
on a specific device to verify the users
biometrics by verifying whether () = or not. In Step 4 of
login phase, password verification is performed by verifyingwhether
= .However, both the biometric verification and
password verification procedures may result in serious flawsbecause (
) =
may never succeed, since the inputted
biometrics belonging to the same person may differ slightlyfrom time to time [22], so the next login and authenticationprocedure will be terminated. As a result, this may causethe legal user to be unable to pass biometric verification atthe login phase of Dass scheme. Therefore, Dass scheme isvulnerable to the denial-of-service attack.
3.2. User Impersonation Attack. We see from the login andauthentication phase of Dass scheme that an attacker canimpersonate a legal user to access to the server. In the loginphase of Dass scheme, since the user
sends the message
ID,2,3 to the remote server
where
identity is
not masked, this will result in user impersonation attack asfollows.
When an attack denoted aswants to access the remote
server, he/she can eavesdrop the message ID,2,3 by
tapping communication lines or wireless link between the
legal user and the remote server
. Once
derives
the message ID,2,3 he can send the eavesdropped
message to the remote server . Since the legal users ID is
not masked, so the check of users validity can easily pass. Wecan clearly see that when
computes
4= (ID
) and
5= 24, the verification of (
5) =
3is successful.
Then computes
6= 4 ,7= (
2 5), and
8= (
) and then sends message
7,6,8 to
.
The attackmay eavesdrops themessage
7,6,8 and
modifies the7, replaces it with
7, and then sends a forged
message 7,6,8 to
. Obviously
7= (2 ),
so terminates the session. However, the attacker
will
pass the verification 7,6,8, and
computes
9=
6 1= 6 4. Since the attack
can verify
9=
8, he proceeds as follows by computing
10= (
6
9) and sends message
10 to the remote server
. On
receiving themessage, the remote server will verifywhether
10= (
6 ) or not. We can see obviously that the
above equation holds, so the remote accepts the attackers
login request and the user impersonation attack will occursequentially.
3.3. Replay Attack. In Dass scheme, the replay and man-in-the-middle attack is withstood by checking whether
5(=
24) =
5, where
5is equal to
and is stored in the
database of remote server . It is noted that
5= 24=
1 4= (1= 4) is disclosed to any user when
one breaks the remote server . When the remote server
is compromised by an attacker, he/she can change ID,5
in the database of the remote server . Obviously, once
5
is changed, the replayed message ID,2,3 will not be
discarded and5will be replaced by
5.
3.4. Password Change. In password change procedure ofDass scheme, if remote user
wants to change his/her pass-
word, he/she must pass biometric verification by verifying() = . However, the inputted biometrics belonging to the
same personmay differ slightly from time to time [22], so thepassword change procedure will be terminated. In addition,for more time, since (
) = , then
= (PWold
)
computed by smart card is not equal to stored in the
smart card, so the password change procedure will also beterminated. According to the above analysis, Dass schemecannot realize the password change freely.
4. Proposed Scheme
In this section, we propose an improvement of the Dassbiometric-based remote user authentication scheme [21]using smart cards in order to withstand the flaws discussed inSection 3. For convenience, we use the same notations used asin Dass scheme shown in Table 1.
4.1. Registration Phase. In order to login to the system, theremote user
needs to perform the following steps, as shown
in Algorithm 4.
-
International Journal of Distributed Sensor Networks 5
(1)ID PW
(2) computes , , and
= (
)
= (ID
)
= (PW
)
= (
)
(3)Smart card((), , , , , , ())
Algorithm 4: Registration phase of our scheme.
Step 1. The user inputs his/her personal biometric
on
a specific device and offers his/her password PWand the
identity IDto the registration center
in person.
Step 2. The registration center then computes
= (
),
= (ID
), = (PW
), and
= (
). Here
is secret information generated by the server.We note that
and passwords of the corresponding users are not disclosed toany others for all secure future communications.
Step 3. Finally, the registration center
loads((),
, , , , , ()) on the users smart card and
sends this information to the user via a secure channel.
4.2. Login Phase. In order to login to the system, the remoteuser
needs to perform the following stages, as shown in
Algorithm 5.
Step 1. first inserts his/her smart card into the card reader
of a terminal and offers his/her personal biometric template,
, on the specific device. If (
,
) > , the remote
user authentication is terminated. Otherwise, passes the
biometric verification and then inputs his/her password PW
to perform Step 2.
Step 2.The smart card computes = (PW
). If(
, ) >
, then password verification fails, and the system terminatesthe session; otherwise, the smart card computes
1= ,
which is equal to ( ),2= (
), where
is a
random number generated by the userand is the current
timestamp of s system, and
3= 12.
Step 3. Finally, the user sends the message
,2,3,
to the remote server .
4.3. Authentication Phase. When the remote server
receives the login request ,2,3, at time , it will
perform the following steps as shown in Algorithm 6 toauthenticate whether the user
is legal or not.
Step 1. Verify T. If ( ) > , the authenticationphase aborts, where is the expected time interval for the
transmission delay of the system. On the contrary, if ( ) , the next step will be performed.
Step 2. checks the format of
s ID. It computes
4=
( ) using the secret value
maintained by the server
and then computes
5= 4 3and verifies whether
5= 2. If it does not hold, then
rejects
s login request.
In case the verification is successful, the next step will beperformed.
Step 3. computes
6= (
) and
7= 4 6,
where is the current timestamp of the server
, and then
sends message
4,6,7, to the user
.
Step 4. After receiving the message 4,6,7, at
time , first checks the freshness of
by verifying
( ) > . If it holds, the following session is
terminated; otherwise computes
8=
4
7
and then verifies whether 8=
6. If it does not
hold, terminates the session. Otherwise, it goes to the
next step.
Step 5.computes
9= 46and then verifies whether
9= 7. If it does not hold,
is rejected by
; otherwise,
if it holds, computes
10= (
), where is the
current timestamp of the user , and then computes
11=
710and sends the message
11, , to the remote
server .
Step 6. When receives the message
11, , at
time , it verifies ( ) > . If it holds, theauthentication phase is terminated. Otherwise, if it does nothold,
computes
12= (
) and then computes
13= 4612. After computing
13, then
verifies
whether13= 11. If it holds,
accepts
s login request;
otherwise, rejects the login request.
4.4. Password Change. In our scheme, user can freely
change the password PWold
to a new one PWnew
. Thepassword change procedure is performed as follows.
Step 1.inserts the smart card into the card reader and offers
his/her personal biometrics ; then the smart card computes
= (
) and verifies it by checking (
, ) . where
= (
) is the information stored in the smart card.
Step 2. If it holds, inserts old password PWold
and new
password PWnew
; otherwise the password change procedureis terminated.
Step 3. Smart card performs = (PWold
) and checks
(, ) . where
is the information stored in the smart
card.Step 4. If it holds, the smart card computes
= (PWnew
)
, = (= (ID
)), and
= .
Step 5. Finally, replace with
and
with
on the smart
card.
-
6 International Journal of Distributed Sensor Networks
(1) Inserts the smart card and inputs
(2) Verifies whether (,
) < ?
(3) If it holds, then inputs his/her password PW
(4) Computes = (PW
) and verifies whether (
, ) < ?
(5) If it holds, the smart card computes1=
2= (
)
3= 12
(6) ,2 ,3 ,
Algorithm 5: Login phase of our scheme.
(1) When receiving ,2,3, ,
checks ( ) > ?
(2) computes
4= (
),
5= 43, and verifies whether
5= 2?
(3) computes
6= (
),
7= 46,
4 ,6 ,7 , .
(4) When receiving 4, 6, 7,
at , checks ( ) > ?
computes8= 47, then verifies
8= 6?
(5) computes
9= 46, then verifies
9= 7? computes
10= (
), and
then11= 710,
11 , , .
(6) When receiving 11, , at ,
verifies ( ) > ?
then computes12= (
),
13= 4612, then verifies
13= 11?
If it holds, accepts
login request.
Algorithm 6: Authentication phase of our scheme.
5. Security Analysis and Performance ofthe Proposed Scheme
5.1. Security Analysis. If a legal user lost his/her smart card,it is extremely hard for an adversary to derive the userssensitive information such as users identity, password, andbiometrics because the extraction of parameters from thesmart card is quite difficult. Furthermore, the adversarycannot change the password because he/she cannot pass thebiometric verification.
5.1.1. Denial-of-Service Attack. In our proposed protocol,we take into account hash functions sensitivity to smallperturbations in its inputs. In the login phase, users biometricverification is performed by checking (
, ) > instead
of checking () =
. Moreover, the password verification
is performed by checking (, ) > instead of
= . So
denial-of-service attack caused by hash functions fundamen-tal properties can be withstood.
5.1.2. Stolen-Verifier Attack. Our scheme can resist stolen-verifier attack because the scheme is free from the veri-fier/password table. In our protocol, the remote server
does
not keep password tables. Therefore, an attacker cannot stealusers password from
. Moreover, the password ismasked by
hash function in the procedure of message transfer betweenthe user
and remote server
.
5.1.3. Many Logged-In Users Attack. Most systems, whichmaintain the password table to verify user login, are vulner-able to this kind of threat. Our scheme can resist the threatsince our scheme requires on-card computation for login tothe remote server
, and once the smart card is removed, the
login process will be aborted.
-
International Journal of Distributed Sensor Networks 7
5.1.4. Guessing Attack. Our protocol can resist guessingattack, which is a critical concern in password-based systems,since the password in our protocol is transmitted as a digestof some other secret information. The attacker cannot guessthe users password from the digest because of the one-waycharacteristic of the hash function, even if the attacker mayget the digest which contains the password.
5.1.5. ReplayAttack. Replaying an interceptedmessage can beprevented in our proposed protocol. If an attacker interceptsID,2,3, and tries to login to the remote server
via replaying the same message, he/she cannot pass the
verification of the login request due to ( ) > , where is the system time when the remote server
receives
the replayed message. Moreover, if an attacker intercepts4,6,7, and tries to replay the message to the user
, this kind of attack also can be prevented due to (
) >
.
5.1.6. User Impersonation Attack. In the login phase ofour scheme, the message sent to remote server
is
,2,3, instead of ID
,2,3, , where the users
identity IDis masked by hash function. Even though an
attacker eavesdrops the message ,2,3, , he cannot
derive the users identity, ID, due to the one-way charac-
teristic of hash function. In the authentication phase, whenthe remote server
receives the login request message
,2,3, , it will check the validity of users identity.
Since the attacker cannot derive legal users identity, thecheck of users identity cannot pass which will result inthe termination of authentication phase. Through the aboveanalysis, we can see that user impersonation attack can beavoided in our scheme.
5.1.7. Server Masquerading Attack. If an attack attempts
to masquerade as the legitimate server , he/she must make
the forged replay message to the user when receiving theusers login request message
,2,3, . However, the
forged replay message is more difficult to fake since thetime-stamped message
4,6,7, is sent to the user
when the remote server
is receiving
s login request
message ,2,3, . Moreover, the attacker
cannot
masquerade as the server by forging the replay message4,6,7, , because
cannot compute (
4,7)
sending to the user without knowing the secret value
kept by the server
. Hence, the attacker
cannot
masquerade as the legal server to the user by launching theserver masquerading attack.
5.1.8. Insider Attack. In the registration phase, if the userspassword PW
and the biometrics information
are revealed
to the server , the insider of the server may directly obtain
PWand
, and the insider impersonates as the user
to
access the users other accounts in the server. But in the loginphase of our scheme, if the insider wants to access
s other
accounts, he/she must input his/her smart card to the cardreader and provide his biometric information
in order to
pass the verification (, ) < . Since the insider cannot
provide the user s smart card, the biometric verification
will be aborted. So the insider attack can be prevented.
5.1.9. Mutual Authentication. As described above, ourscheme can withstand the user impersonation attack andserver masquerading attack; consequently our scheme canprovide mutual authentication between the user
and
remote server .
5.1.10. Man-in-the-Middle Attack. Man-in-the-middle attackmeans that an active attacker intercepts the communicationline between a legal user and the server and uses somemeansto successfully masquerade as both the server to the user andthe user to the server. Then, the user will believe that he istalking to the intended server and vice versa. In our scheme,when a user
wants to login to the remote server
, mutual
authentication between the user and remote server
is
performed, so man-in-the-middle attack can be prevented.
5.2. Performance of the Proposed Scheme. In this subsection,we compare the performances of our improved schemewith those for Li-Hwangs scheme [11] and Dass scheme[21]. It is worth recalling that the protocol of Li-Hwangsscheme [11] has security weaknesses against denial-of-serviceattack, replay attack, user impersonation attack, and man-in-the-middle attack. It is noted that Dass scheme [21] hassecurity weaknesses against denial-of-service attack, userimpersonation attack, replay attack, server masqueradingattack, and insider attack. The security comparisons betweenour scheme and the schemes proposed by Li and Hwang [11]and Das [21] are summarized in Table 2. For the convenienceof evaluating the efficiency of related scheme, we define thenotation
, the time of executing a one-way hash function.
The efficiency comparison with related schemes is shown inTable 3. From the table, we can see that our scheme is moreefficient than Dass scheme [21]. Though our scheme is lessefficient than Li-Hwangs scheme [11], it can provide bettersecurity against most attacks.
6. Conclusion
This paper presents a biometric-based user authenticationscheme for client/server system. The method employs bio-metric keys and resists the threats of stolen-verifier, of whichmany are logged-in users with the same login identity, denial-of-service attack, guessing attack, insider attack, replay attack,user impersonation attack, server masquerading attack, andman-in-the-middle attack. Moreover, the improved schemecan realize mutual authentication between the user andremote server. The proposed scheme uses only hash functionand XOR operation, which is efficient compared with thatof related protocols. In addition, the users password can bechanged freely using the proposed scheme. Our proposedscheme provides strong authentication with the help of ver-ifying biometrics, passwords, and random nonces generatedby the user and server as compared to that of related schemes.
-
8 International Journal of Distributed Sensor Networks
Table 2: Security comparisons among related protocols.
Item Our scheme Li-Hwangs scheme [11] Dass scheme [21]Avoiding denial-of-service attack Yes No NoAvoiding stolen-verifier attack Yes Yes YesAvoiding many logged-in users attack Yes Yes YesAvoiding guessing attack Yes Yes NoAvoiding replay attack Yes No NoAvoiding user impersonation attack Yes No NoAvoiding server masquerading attack Yes No NoAvoiding man-in-the-middle attack Yes No YesAvoiding insider attack Yes No NoMutual authentication Yes No NoHaving flaws in password change No Yes Yes
Table 3: Efficiency comparison with related schemes.
Different phase Li-HwangsScheme [11]Dass
scheme [21] Our scheme
RegistrationUser computation cost 2
4
Server computation cost 3
Login
User computation cost 3
3
3
Server computation cost Authentication
User computation cost 2
3
Server computation cost 3
5
3
Conflict of Interests
The authors declare that there is no conflict of interestsregarding the publication of this paper.
Acknowledgments
The authors would like to thank the valuable comments andsuggestions of the reviewers.Thiswork is supported in part byNational Natural Science Foundation of China (no. 61370223)and by Science Research Project of Hubei Provincial Depart-ment of Education (XD2012374 and B2013024).
References
[1] M. S. Hwang and C. Y. Liu, Authenticated encryption schemes:current status and key issues, International Journal of NetworkSecurity, vol. 1, no. 2, pp. 6173, 2005.
[2] N.-Y. Lee and Y.-C. Chiu, Improved remote authenticationscheme with smart card, Computer Standards and Interfaces,vol. 27, no. 2, pp. 177180, 2005.
[3] C. T. Li, An enhanced remote user authentication schemeproviding mutual authen- tication and key agreement withSmart Cards, in Proceedings of the 5th International IEEEComputer Society Conference on Information Assurance andSecurity, pp. 517520, Xian, China, 2009.
[4] M.Kim andC. K. Koc, A simple attack on a recently introducedhash-based strong-password authentication scheme, Interna-tional Journal of Network Security, vol. 1, no. 2, pp. 7780, 2005.
[5] K. H. M. Wong, Z. Yuan, C. Jiannong, and W. Shengwei,A dynamic user authentication scheme for wireless sensornetworks, in Proceedings of the IEEE International Conferenceon Sensor Networks, Ubiquitous, and Trustworthy Computing(SUTC 06), pp. 244251, Taichung, Taiwan, June 2006.
[6] H.-R. Tseng, R.-H. Jan, and W. Yang, An improved dynamicuser authentication scheme for wireless sensor networks, inProceedings of the 50th Annual IEEEGlobal TelecommunicationsConference (GLOBECOM 07), pp. 986990, Washington, DC,USA, November 2007.
[7] T. H. Lee, Simple dynamic user authen- tication protocolsfor wireless sensor networks, in Proceedings of the 2nd Inter-national Conference on Sensor Technologies and Application(SENSORCOMM08), pp. 657660,CapEsterel, France,August2008.
[8] L.-C. Ko, A novel dynamic user authentication scheme forwireless sensor networks, in Proceedings of the IEEE Interna-tional Symposium on Wireless Communication Systems (ISWCS08), pp. 608612, Reykjavik, Iceland, October 2008.
[9] B. Vaidya, J. J. Rodrigues, and J. H. Park, User authenticationschemes with pseudonymity for ubiquitous sensor network inNGN, International Journal of Communication Systems, vol. 23,no. 9-10, pp. 12011222, 2010.
[10] J. Daemen and R. V. Rijndael, The advanced encryptionstandard, Dr. Dobbs Journal, vol. 26, no. 3, pp. 137139, 2001.
[11] C.-T. Li and M.-S. Hwang, An efficient biometrics-basedremote user authentication scheme using smart cards, Journalof Network and Computer Applications, vol. 33, no. 1, pp. 15,2010.
[12] A. K. Jain, A. Ross, and S. Prabhakar, An introduction to bio-metric recognition, IEEE Transactions on Circuits and Systemsfor Video Technology, vol. 14, no. 1, pp. 420, 2004.
[13] D. Maltoni, D. Maio, A. K. Jain, and S. Prabhakar, Handbook ofFingerprint Recognition, Springer, New York, NY, USA, 2009.
[14] S. Prabhakar, S. Pankanti, and A. K. Jain, Biometric recogni-tion: security and privacy concerns, IEEE Security and Privacy,vol. 1, no. 2, pp. 3342, 2003.
[15] A. Prakash, A biometric approach for continuous user authen-tication by fusing hard and soft traits, International Journal ofNetwork Security, vol. 16, no. 1, pp. 6570, 2014.
-
International Journal of Distributed Sensor Networks 9
[16] C. K. Dimitriadis and S. A. Shaikh, A biometric authenticationprotocol for 3G mobile systems: modelled and validated usingCSP and rank functions, International Journal of NetworkSecurity, vol. 5, no. 1, pp. 99111, 2007.
[17] A. Yang, Security weaknesses and improvements of afingerprint-based remote user authentication scheme usingsmart cards, International Journal of Advancements inComputing Technology, vol. 4, no. 3, pp. 2128, 2012.
[18] A. N. Younghwa, Security analysis and enhancements of aneffective biometric-based remote user authentication schemeusing smart cards, Journal of Biomedicine and Biotechnology,vol. 2012, Article ID 519723, 6 pages, 2012.
[19] C.-H. Lin and Y.-Y. Lai, A flexible biometrics remote userauthentication scheme,Computer Standards and Interfaces, vol.27, no. 1, pp. 1923, 2004.
[20] C.-T. Li and M.-S. Hwang, An efficient biometrics-basedremote user authentication scheme using smart cards, Journalof Network and Computer Applications, vol. 33, no. 1, pp. 15,2010.
[21] A. K.Das, Analysis and improvement on an efficient biometric-based remote user authentication scheme using smart cards,IET Information Security, vol. 5, no. 3, pp. 145151, 2011.
[22] J. P. Linnartz and P. Tuyls, New shielding functions toenhance privacy and prevent misuse of biometric templates,in Proceedings of the Audio and Video-Based Biometric PersonAuthentication, vol. 2688 of Lecture Notes in Computer Science,pp. 393402, 2003.
-
Submit your manuscripts athttp://www.hindawi.com
VLSI Design
Hindawi Publishing Corporationhttp://www.hindawi.com Volume 2014
International Journal of
RotatingMachinery
Hindawi Publishing Corporationhttp://www.hindawi.com Volume 2014
Hindawi Publishing Corporation http://www.hindawi.com
Journal of
EngineeringVolume 2014
Hindawi Publishing Corporationhttp://www.hindawi.com Volume 2014
Shock and Vibration
Hindawi Publishing Corporationhttp://www.hindawi.com Volume 2014
Mechanical Engineering
Advances in
Hindawi Publishing Corporationhttp://www.hindawi.com Volume 2014
Civil EngineeringAdvances in
Acoustics and VibrationAdvances in
Hindawi Publishing Corporationhttp://www.hindawi.com Volume 2014
Hindawi Publishing Corporationhttp://www.hindawi.com Volume 2014
Electrical and Computer Engineering
Journal of
Hindawi Publishing Corporationhttp://www.hindawi.com Volume 2014
Distributed Sensor Networks
International Journal of
The Scientific World JournalHindawi Publishing Corporation http://www.hindawi.com Volume 2014
SensorsJournal of
Hindawi Publishing Corporationhttp://www.hindawi.com Volume 2014
Modelling & Simulation in EngineeringHindawi Publishing Corporation http://www.hindawi.com Volume 2014
Hindawi Publishing Corporationhttp://www.hindawi.com Volume 2014
Active and Passive Electronic Components
Hindawi Publishing Corporationhttp://www.hindawi.com Volume 2014
Chemical EngineeringInternational Journal of
Control Scienceand Engineering
Journal of
Hindawi Publishing Corporationhttp://www.hindawi.com Volume 2014
Antennas andPropagation
International Journal of
Hindawi Publishing Corporationhttp://www.hindawi.com Volume 2014
Hindawi Publishing Corporationhttp://www.hindawi.com Volume 2014
Navigation and Observation
International Journal of
Advances inOptoElectronics
Hindawi Publishing Corporation http://www.hindawi.com
Volume 2014
RoboticsJournal of
Hindawi Publishing Corporationhttp://www.hindawi.com Volume 2014