scholarly journals Security Analysis and Enhancements of an Effective Biometric-Based Remote User Authentication Scheme Using Smart Cards

2012 ◽  
Vol 2012 ◽  
pp. 1-6 ◽  
Author(s):  
Younghwa An
Keyword(s):  
User Authentication ◽  
Mutual Authentication ◽  
Security Analysis ◽  
Smart Cards ◽  
Authentication Scheme ◽  
Impersonation Attack ◽  
Insider Attack ◽  
Remote User Authentication ◽  
User Authentication Scheme ◽  
Remote User

Recently, many biometrics-based user authentication schemes using smart cards have been proposed to improve the security weaknesses in user authentication system. In 2011, Das proposed an efficient biometric-based remote user authentication scheme using smart cards that can provide strong authentication and mutual authentication. In this paper, we analyze the security of Das’s authentication scheme, and we have shown that Das’s authentication scheme is still insecure against the various attacks. Also, we proposed the enhanced scheme to remove these security problems of Das’s authentication scheme, even if the secret information stored in the smart card is revealed to an attacker. As a result of security analysis, we can see that the enhanced scheme is secure against the user impersonation attack, the server masquerading attack, the password guessing attack, and the insider attack and provides mutual authentication between the user and the server.

scholarly journals A Robust and Effective Smart-Card-Based Remote User Authentication Mechanism Using Hash Function

2014 ◽  
Vol 2014 ◽  
pp. 1-16 ◽  
Author(s):  
Ashok Kumar Das ◽  
Vanga Odelu ◽  
Adrijit Goswami
Keyword(s):  
Smart Card ◽  
Hash Function ◽  
User Authentication ◽  
Mutual Authentication ◽  
Security Analysis ◽  
Authentication Scheme ◽  
Remote Server ◽  
Remote User Authentication ◽  
User Authentication Scheme ◽  
Remote User

In a remote user authentication scheme, a remote server verifies whether a login user is genuine and trustworthy, and also for mutual authentication purpose a login user validates whether the remote server is genuine and trustworthy. Several remote user authentication schemes using the password, the biometrics, and the smart card have been proposed in the literature. However, most schemes proposed in the literature are either computationally expensive or insecure against several known attacks. In this paper, we aim to propose a new robust and effective password-based remote user authentication scheme using smart card. Our scheme is efficient, because our scheme uses only efficient one-way hash function and bitwise XOR operations. Through the rigorous informal and formal security analysis, we show that our scheme is secure against possible known attacks. We perform the simulation for the formal security analysis using the widely accepted AVISPA (Automated Validation Internet Security Protocols and Applications) tool to ensure that our scheme is secure against passive and active attacks. Furthermore, our scheme supports efficiently the password change phase always locally without contacting the remote server and correctly. In addition, our scheme performs significantly better than other existing schemes in terms of communication, computational overheads, security, and features provided by our scheme.

scholarly journals An Improved Biometrics-Based Remote User Authentication Scheme with User Anonymity

2013 ◽  
Vol 2013 ◽  
pp. 1-9 ◽  
Author(s):  
Muhammad Khurram Khan ◽  
Saru Kumari
Keyword(s):  
User Authentication ◽  
Security Analysis ◽  
User Anonymity ◽  
Authentication Scheme ◽  
Remote User Authentication ◽  
User Authentication Scheme ◽  
Efficiency Comparison ◽  
Remote User ◽  
Mere Addition

The authors review the biometrics-based user authentication scheme proposed by An in 2012. The authors show that there exist loopholes in the scheme which are detrimental for its security. Therefore the authors propose an improved scheme eradicating the flaws of An’s scheme. Then a detailed security analysis of the proposed scheme is presented followed by its efficiency comparison. The proposed scheme not only withstands security problems found in An’s scheme but also provides some extra features with mere addition of only two hash operations. The proposed scheme allows user to freely change his password and also provides user anonymity with untraceability.

Sign in / Sign up

Export Citation Format

Share Document