Robust mobile device integration of a fingerprint biometricremote authentication scheme

Toan-Thinh TRUONG∗, Minh-Triet TRAN† & Anh-Duc DUONG†∗Smart Digital Content, SDCEmail: ttthinh@sdcontent.org

†Faculty of Information Technology, University of Science, VNU-HCMEmail: {tmtriet,daduc}@fit.hcmus.edu.vn

Abstract—Communications in the wireless environmentssuch as GSM, CDPD, 3G, and 4G are very popular. There-fore, it is necessary to have a secure authentication schemeto protect transactions between users and servers fromillegal adversaries. Especially, users are people vulnerableto attacks and there are many authentication schemes withsmart cards proposed to guarantee them. Recently, Chenet al have proposed a scheme integrated with fingerprintof users to enhance security for authentication. With thisidea, Chen et al.’s scheme truly is more secure than previousones. However, their scheme is easy to be compromised byreplay attack. Furthermore, attackers can steal identity tore-register to obtain secret key to fake users and servers. Inthis paper, we present an improvement to their scheme inorder to isolate such problems.

Keywords-Authentication, Password, Dynamic ID, Smartcard, Impersonation, Session key, Biometric-based

I. INTRODUCTION

In wireless environments, remote authentication

schemes play an important role in communicating

between partners. To keep faith and security, schemes not

only must protect legal users and servers from illegitimate

adversaries, but they also prevent legal partners from

masquerading to cheat each other.

There are many solutions to satisfy above requirements,

and one of the solutions that many schemes have employed

is password authentication which has many advantages

such as simplicity, efficiency, and convenience. However,

many schemes[1][2][3][4][5] based on password use static

identity, which is vulnerable to leaking information to

attackers. One solution to identity theft is making it vary

for each login. Later, a number of papers[6][7][8][9][10]

have put forward many ideas to protect user anonymity

by applying random value or time-stamp to vary user

identity for each session. However, these schemes issue

a smart card for each user and assume that the contents

of smart card can not be revealed. This is not practical

because users can lost or be stolen smart card. So, when

attackers have smart card, they completely have capability

to impersonate users.

Recently, there has been a combination between

authentication schemes and biometrics such as

fingerprint, face and voice characteristics. Obviously,

combining authentication with personal characteristics

makes schemes be more securely and there are some

papers[11][12][13][14][15][16] that proposed biometric-

based schemes. In 2008, Khan et al.[11] proposed a

hash-based biometric remote authentication scheme,

using a mobile device instead of a smart card. They

claimed that their scheme provides secure, robust, and

trustworthy remote authentication of mobile users over

insecure network. However, in 2010, Chen et al.[12]

pointed out that Khan et al.’s scheme is vulnerable to

impersonation attack by using information leaked from

mobile device. Unlike Chen et al.’s claimed, in this

paper, we demonstrate that Chen et al.’s scheme is still

vulnerable to replay attack, server and user spoofing

attack and can not protect user’s anonymity.

According to the descriptions mentioned, we sum up

some requirements of the authentication scheme for a

mobile device and supply some necessary conditions

which a protocol should have.

1) Efficiency: We know that mobile device has a lim-

ited power and resource, so authentication protocol

should have low computational cost to save en-

ergy and extend the executing time of the mobile

device[17].

2) Anonymity: User’s anonymity is one of important

properties which a protocol must have because it can

protect privacy and prevent other adversaries from

masquerading legal users[18][19][20].

3) Mutual Authentication: To protect the security of

legitimate parties and prevent adversaries from com-

promising and impersonating, an authentication pro-

tocol designed must provide mutual authentication

for user and server to guarantee that all checked

objects are safe in insecure environment.

4) Session Establishment: After authenticating success-

fully, there is a need of transmitting data between

server and user. So, an authentication protocol

should include key exchange phase to satisfy this

requirement[21].

5) Scalability: Authentioncation scheme without stor-

ing verification table on server is suitable for extend-

ing a number of users. In such scheme, server only

confirms validity of user by checking identity. So,

server can increase profits especially in electronic

applications[22][23][24]

6) Mechanism of changing password: We know pass-

word of another user is vulnerable to password

guessing attack. User has the tendency to set pass-

word related with his/her information for example

2012 26th IEEE International Conference on Advanced Information Networking and Applications

1550-445X/12 $26.00 © 2012 IEEE

DOI 10.1109/AINA.2012.47

678

birthday, name or address. So, there is a need of

changing password of user for security. A standard

authentication scheme must provide a mechanism of

changing password to satisfy this requirement.

Our main ideas are using a random value for each user

instead of providing the same key for the same per-

son when he/she re-rvegisters and three-way challenge-

response handshake technique to satisfy above require-

ments and resist replay attack better[25]. And in later

sections we present an improvement to the scheme to

isolate such problems.

The remainder of this paper is organized as follows: sec-

tion 2 quickly reviews Chen et al.’s scheme and discusses

its weaknesses. Then, our proposed scheme is presented

in section 3, while section 4 discusses the security and

efficiency of the proposed scheme. Our conclusions are

presented in section 5.

II. REVIEW AND CRYPTANALYSIS OF CHEN, LEE AND

HSU’S SCHEME

In this section, we review Chen, Lee and Hsu’s Mo-

bile device integration of a fingerprint biometric remote

authentication scheme[12] and show that their scheme is

vulnerable to replay attack, and spoofing attack. Further-

more, it can not protect user’s anonymity.

A. Review of Chen, Lee and Hsu’s Scheme

In this subsection, we review Chen, Lee and Hsu’s

scheme. Their scheme includes four phases: registration

phase, login phase, authentication phase and password

change phase. Some important notations in this scheme

are listed as follow:

• Ui: ith user.

• IDi: Unique identification of Ui.

• PWi: Unique password of Ui.

• Fi: The personal fingerprint of the Ui.

• S: The remote server.

• x: The private key of the remote server.

• h(.): A cryptographic one-way hash function.

• hk(.): A cryptographic one-way hash function with a

secret key k.

• T: The timestamp.

• N: The nonce.

• ⊕: The exclusive-or operation.

• ‖: The concatenation operation.

1) Registration Phase: When the user Ui wants to

access resource of a remote server, he/she has to submit

his/her identity IDi, h(PWi ⊕ N) and fingerprint Fi to

server through a secure channel, where PWi is user’s

password and N is a nonce chosen by user. Figure 1

illustrates the steps of the registration phase.

• Step R1. Ui ⇒ S: IDi, h(PWi ⊕ N), Fi. Ui freely

chooses his/her identity IDi, PWi and imprints his/her

fingerprint biometric on the sensor. Then, Ui com-

putes h(PWi ⊕ N), where N is a random number

generated by Ui and sends IDi, h(PWi ⊕ N) and Fi

to the S for registration through a secure channel.

• Step R2. S computes hpw = h(PWi ⊕ N) ⊕ Fi, Ri

= h(IDi ⊕ x) ⊕ hpw, and Vi = hh(IDi⊕x)(Fi).• Step R3. S ⇒ Ui: (Ri, Vi, h(.), hk(.)). S sends the

secret information to Ui through a secure channel.

• Step R4. Ui stores information transmitted from Sand keys N into his/her mobile device.

Figure 1. Chen, Lee, and Hsu’s registration phase

In their registration phase, we see that there are three

advantages: another user can choose password PW and

identity ID freely. Furthermore, user also can hide his/her

password from server by sending a hash value h(PW ⊕ N)instead of only PW. Especially, this phase also uses user’s

fingerprint to enhance security. And at these points, our

scheme proposed later completely inherits them. However,

due to preparation for our authentication scheme, we only

modify our registration phase a little bit by adding a

random value e for each user’s registration.2) Login Phase: After receiving secret information

from S, Ui can use it when he/she wants to login to S.

Fig 2 illustrates the steps of login phase.

• Step L1. Ui inputs IDi, PWi and imprints his/her

fingerprint Fi on the sensor. Then the mobile device

computes hpw = h(PWi ⊕ N) ⊕ Fi, Ai = Ri ⊕hpw and then checks if the hAi

(Fi) is the same as

Vi stored in mobile device. If they are the same,

mobile device allows Ui to continue to go the next

step and temporarily saves the fingerprint template Fi

until the end of the authentication phase; otherwise,

it terminates the session.

• Step L2. The mobile device generates a nonce N′

and computes C1 = N′ ⊕ Ai and C2 = hAi (N

′) to

challenge the remote server S.

• Step L3. Ui ⇒ S: IDi, C1, C2. The user sends the

login message to a remote server through common

channel.

In their login phase, we see that user generates a random

value N to challenge server S. This guarantees no one

except S can know h(IDi ⊕ x) of user U. However,

drawback of this phase is IDi is transmitted in plain-text,

so we will fix this weak point of their phase.3) Authentication Phase: After receiving the login re-

quest sent from Ui, S performs the following tasks to

authenticate the users login request. Fig 2 illustrates the

steps of authentication phase.

• Step A1. On receiving the login request (IDi, C1, C2)

from Ui, S checks IDi to determine its validity.

• Step A2. S computes h(IDi ⊕ x) to obtain Bi(Bi =C1 ⊕ h(IDi ⊕ x)), then checks if hh(IDi⊕x)(Bi) ?=

679

Figure 2. Chen, Lee and Hsu’s login and authentication phase

C2. If they are not equal, S rejects the login request;

otherwise, the identity of the user is assured and the

login request is accepted. S stores IDi until the end

of the session.

• Step A3. S → Ui: (S1). The server computes S1 =h(h(IDi ⊕ x) ‖ Bi) and sends it back to the user.

• Step A4. On receiving this message (S1) from S,

Ui verifies if h(Ai ‖ N′) ?= S1. If they are equal,

the server is authenticated and Ui replaces N with a

selected N′′

, Ri with R′i

1; otherwise, this session is

terminated.

In their authentication phase, we see that server S does

not generate any random value to re-challenge user U. So,

S can not know whether user is communicating is legal

or not. At this point we use user three-way challenge-

response handshake technique to recover. With that tech-

nique, S can know legitimation of users. In addition, at the

end of this phase, we see that mobile device must choose a

new random value N′′

to update Ri = Ri ⊕ hpw ⊕ h(PW⊕ N

′′) ⊕ Fi. This update is useless because it do not

contribute to make change the way of login or package

transmitted to server S. So, in our authentication phase

proposed later, we will eliminate this useless proceduce

to decrease computational cost.

4) Password Change Phase: In this phase, Ui can

change his/her password anytime when he/she wants.

Figure 3 illustrates the steps of the password change phase.

• Step P1. Ui enters his/her identity IDi, password PWand imprints fingerprint Fi into the mobile devide.

• Step P2. The mobile device computes hpw = h(PW⊕ N) ⊕ Fi, and verifies whether hR⊕hpw(Fi) =Vi. If they are not equal, then Ui’s mobile device

rejects the password change request and terminates

the operation. Otherwise, the user chooses the new

password PW∗ and submits in the mobile device.

1R′i = Ri ⊕ hpw ⊕ hpw

′, where hpw

′= h(PW ⊕ N

′′) ⊕ Fi

• Step P3. Ui’s mobile device computes hpw∗ = h(PW∗

⊕ N) ⊕ Fi, R∗i = Ri ⊕ hpw ⊕ hpw∗ and stores R∗

i

to replace Ri.

Figure 3. Chen, Lee and Hsu’s password change phase

In their password change phase, we see that only legal

users can change password because this proceduce needs

identity IDi, password PW and fingerprint Fi of users.

So, this is the only phase we inherit without modification.

Especially, we use arrows in figure 3 in order to symbolize

because there is no channel between users and their mobile

device.

B. Cryptanalysis of Chen, Lee and Hsu’s Scheme

In this subsection, we present our results on Chen, Lee

and Hsu’s scheme. We will show that their scheme is vul-

nerable to replay attack, user and server spoofing attack.

Besides, their scheme do not protect user anonymity.

1) Inability To Protect User Anonymity: In Chen, Lee

and Hsu’s scheme, we see that anyone can know who

is authenticating with server. In the authentication phase,

mobile device directly sends IDi in plaintext to server Sand adversary can obtain this IDi. Clearly, their scheme

can not provide user’s anonymity.

2) User And Server Spoofing: In Chen, Lee and Hsu’s

scheme, we see that stealing identity of another legal user

will cause a bad result for that legal user. Because attacker

A has IDi of another U, attacker A can re-register to S by

680

sending (IDi, h(PWnew ⊕ Nnew), Finew). Then, S will

send (Ri, Vi, h(.), hk(.)) back to U. When obtaining Ri, Aeasily to get h(IDi ⊕ x) by performing Ri ⊕ h(PWnew

⊕ Nnew) ⊕ Finew. With h(IDi ⊕ x) in hand, A can

impersonate U owning IDi. A will compute C1 = N′ ⊕

h(IDi ⊕ x), C2 =hh(IDi⊕x)(N′), where N

′is a random

value chosen by A. So, A will send (IDi, C1, C2) to S to

masquerade U. Furthermore, with h(IDi ⊕ x) in hand, Acompletely fakes S to cheat that U. When U owing IDi

stolen by A sends (IDi, C1, C2) to S, A blocks this package

and computes N′

= C1 ⊕ h(IDi ⊕ x), S1 = h(h(IDi ⊕ x)‖ N

′). Then, S sends S1 to U. On receiving S1 from A,

U compares h(h(IDi ⊕ x) ‖ N′) with S1. Clearly, they are

equal and A cheats U successfully.

3) Replay Attack: In Chen, Lee and Hsu’s scheme, we

see that anyone can save (IDi, C1, C2). So, at anytime

adversary also resends (IDi, C1, C2) to S. On receiving this

package, S computes Bi = C1 ⊕ h(IDi ⊕ x) and checks

C2 ?= hh(IDi⊕x)(Bi). Clearly, everything will be correct.

So, S assumes that legal user is communicating. Finally,

S sends S1 to A. Obviously, their scheme can not resist

replay attack.

III. PROPOSED SCHEME

In this section, we will propose an revised scheme of

Chen, Lee and Hsu’s scheme that removes the security

problems described in the previous section. Our improved

scheme not only inherits the advantages of their scheme,

it also enhances the security of it.

Before entering into each phase, we will present gen-

eral ideas in our scheme more detailed. In registration

phase, our main goal is achieving h(IDi ⊕ h(x ‖ e)).Random value e helps to resist re-registration of attackers,

with the same identity but various authentication keys

at different time. In login and authentication phases, we

use two random value N′

and V for server and user to

challenge each other. Furthermore, we employ three-way

challenge-response handshake technique to resist replay or

impersonation attacks. And it is very important to have the

same session key for user and server after authenticating

sucessfully.

Our scheme is also divided into the four phases of regis-

tration, login, mutual authentication and password change

phase. However, we do not present password change phase

because it does not change in our scheme.

A. Registration Phase

Before we continue to present, we list three require-

ments for a registration phase: secrecy for information

transmitted between user and server, the true password

of user should not shown to anyone even the server,

and difference between keys provided for each time of

registration by server. Easily, we see that Chen et al.’s

scheme achieved first two requirements but not the last.

So, we will recover this point to accomplish a good

registration phase.

When one user Ui wants to register to the service provider

S, he/she has to submit his/her identity IDi, h(PW ⊕ N)

and his/her fingerprint by imprinting on the sensor to S,

where PW is Ui’s password and N is a nonce chosen by

Ui. Figure 4 illustrates the steps of the registration phase.

1) Generating a random value e.

2) Computing hpw = h(PW ⊕ N) ⊕ Fi, Ei = hpw ⊕h(x ‖ e), Ri = h(IDi ⊕ h(x ‖ e)) ⊕ hpw and Vi =hh(IDi⊕h(x‖e))(Fi).

3) Sending (Ri, Vi, Ei, e, h(.), hk(.)) to the user’s

mobile device through a secure channel.

Figure 4. Proposed registration phase

B. Login Phase

The user Ui types his/her identity IDi, password PWi

and the fingerprint Fi by imprinting on sensor to login the

service provider S, and then the mobile device performs

the following steps:

1) Computing hpw = h(PW ⊕ N) ⊕ Fi, Ai = Ri ⊕ hpw.

Then, mobile device checks if hAi(Fi) = Vi. If they

are not equal, the mobile device terminates session;

otherwise, it allows user to go to the next step.

Mobile device generates a nonce N′

and computes

C1 = N′ ⊕ Ei ⊕ hpw, C2 = hAi (N

′) and CID = IDi

⊕ N′.

2) Sending the login request message (CID, C1, C2) to

S.

C. Mutual Authentication And Session Key AgreementPhase

Similarly, we also propose three requirements that help

authentication be more secure: user must use a random

value to challenge server, server must use a random value

to re-challenge user. And user and server share a secret

session key. In Chen et al.’s scheme, only user use a

random value to challenge server but not vice versa and

no session key is generate after authenticating successfully.

Our phase will fix these weak points.

In this sesstion, the service provider S will receive the

login request message (CID, C1, C2) from Ui in the login

phase. Figure 5 illustrates the steps that S authenticates

the user Ui.

1) Computing N′

= h(x ‖ e) ⊕ C1, IDi = CID ⊕ N′

and S checking validity of IDi. Then, S continues

to checks if C2 = hh(IDi⊕h(x‖e))(N′). If they are

equal, S accepts Ui. Otherwise, it rejects Ui. Then,

S generates a random value V and computes S1 =h(h(IDi ⊕ h(x ‖ e)) ‖ V ‖ Bi). S sends (V, S1) to U.

681

Figure 5. Proposed login, mutual authentication and session key agreement phase

2) On receiving the message(V, S1), the user Ui checks

if S1 = h(Ai ‖ V ‖ N′). If they are not equal, mobile

device terminates session; otherwise, it computes S2

= h((Ei ⊕ hpw) ‖ V) and sends (S2) to S.

3) On receiving the message(S2), the server S checks

if S2 = h(h(x ‖ e) ‖ V). If they are not equal, Sterminates session; otherwise, it computes session

key SK = h(h(IDi ⊕ h(x ‖ e)) ‖ h(x ‖ e) ‖ V ‖ Bi).Similarly, U also computes SK = h(Ai ‖ (Ei ⊕ hpw)‖ V ‖ N

′).

IV. SECURITY AND EFFICIENCY ANALYSIS

In this section, we review weak point and strong point

of our scheme and analyze it on two aspects: security and

efficiency. Our scheme includes four phases, registration,

login, authentication and session-key agreement, and

password change phase.

• Registration phase: User U sends (IDi, h(PW ⊕ N),Fi) to server S and U receives (Ri, Vi, Ei, e, h(.),hk(.)). Finally, U enters N into mobile device. The ad-

vantage of this our phase is user will receive different

information at different time, and the drawback is PWchosen by U. That PW may be a weak password[26],

which has a value of low entropy and can be guessed

in polynomial time.

• Login phase: User U enters (ID, h(PW ⊕ R), Fi)

into mobile device. Then, mobile device computes

hRi⊕(h(PW⊕N)⊕Fi) and checks if that value is equal

to Vi stored in mobile device. Finally, mobile device

sends (CID, e, C1, C2) to server S.

• Authentication and session-key agreement phase: Af-

ter receiving (CID, e, C1, C2) from user U. S com-

putes V, S1 and sends it to U. Then, S waits to receive

S2 from U to confirm. The advantage of this our

phase is all information depends on master key x,

a strong key[26] of S, which has a value of high

entropy and can not be guessed in polynomial time.

And the drawback of this our phase is using more

hash operation than previous ones.

• Password change phase: At this phase, we do not

recall due to inheriting all from Chen et al.’s scheme.

A. Security Analysis

In this subsection, we present these security analyses

of our scheme and show that proposed scheme can resist

many kinds of attack. Assume that wireless communica-

tions are insecure amd that there exists an attacker. He/she

has capability to intercept all messages communicated

between server and user. Furthermore, we assume that

the attacker can obtain or steal information of legal user’s

mobile device.

1) Replay Attack: The replay attack is replaying the

same message of the receiver or the sender again. Our

scheme uses nonce and three-way challenge-response

handshake technique instead of time stamp to withstand

replay attacks. For example, another attacker A resends

(CID, e, C1, C2) to S. Then, S will send V, S1 to attacker

A. Without knowing h(x ‖ e) and nonce N′, A can not

compute S2 to send to S. So, S recognizes someone is

impersonating U and S will terminate the session.

2) User And Server Spoofing Attack: Our scheme re-

sists user and server spoofing attacks because identity of

users is protected. If an attacker A wants to fake another

user to cheat server, he/she must have h(x ‖ e) of that

user. Without knowing PW and nonce N, or master key

x, attacker can not compute h(x ‖ e). Furthermore, If an

attacker A wants to fake server to cheat other users, she/he

must have h(x ‖ e) and nonce N which is sent from users

to compute S1. So, proposed schemes resist this attack

successfully.

3) Stolen Verifier Attack: Because S does not store

any password verification table, the proposed scheme

can withstand stolen-verifier attacks. In our scheme, Sgenerates a random value e for each user. Therefore, when

authenticating with S, U only needs to send e to S and S

682

uses master key x to re-construct h(x ‖ e) of that user. So,

S does not need to keep U’s password in the storage space

when a new user is added in the system.

4) Stolen Informaton From Mobile Device Attack:Our scheme resists stolen information from mobile device

attack. With (Ri, Vi, Ei, N, e), attacker can not compute

h(x ‖ e) from those information to fake user. Consequently,

proposed scheme is secure against to stolen informaton

from mobile device attack.

5) Known-key Attack: The known-key security means

that compromise of a past session key can not derive any

further session key. In our scheme, the session key SKis associated with IDi and h(x ‖ e), which are unknown

to the adversary. Even though the past session key SK is

disclosed, the attacker can not derive IDi and h(x ‖ e)based on the security of one-way hash function. Thus, the

attacker can not obtain any further session key.

6) User Anonymity Protected: The user Ui will send

the login request(CIDi, C1, C2, e) to the server S in each

login. Thus, the attacker might incept and analyze the

login message. It is infeasible to know IDi from the login

message. Furthermore, the login message is dynamic in

each login. Among the parameters of login message, CIDi

is associated with nonce N′

and dynamically changed.

Consequently, an adversary can not identify the person

who is trying to login. In other words, our scheme can

protect user’s anonymity.

7) Password guessing attack: In our scheme, if the

user’s mobile device is stolen, attacker can not compute

to have user’s password. We see information in mobile

device (Ri, Vi, Ei, e, h(.), hk(.)) can not help attacker to

know more. Vi is a hash value, so attacker do not exploit

from this value. Attacker can perform Ei ⊕ Ri to obtain

h(x ‖ e) ⊕ h(IDi ⊕ h(x ‖ e)). So, without having master

key x of remote server, attacker has no way to compute

to know more information. Thus, our scheme can resist

password guessing attack efficiently.

8) Denial-of-service attack: Denial-of-service attack

means that another adversary can update wrong verifi-

cation information of another legitimate user. Then, that

legal user can not login to remote server successfully.

We see that there is no verification table stored in the

remote server. Furthermore, in password change phase, the

mobile device can know right away the user’s legitimacy

without waiting remote server (hRi⊕hpw(Fi) ?= Vi, where

hpw = h(PW ⊕ N) ⊕ Fi). Clearly, in the case of losing

mobile device, attacker must have correct password PWand fingerprint Fi to make change user’s information. At

this kind of attack, our scheme inherits from Chen et al.’s

scheme due to not modifying their this phase.

9) Mutual Authentication: In registration phase in our

scheme, S return a key h(x ‖ e) for each user. With it

in hand, user U can compute C1 and C2 to send to S.

Server S with master key x can compute random value N′

of U to obtain hh(IDi⊕h(x‖e))(N′). With this value, S can

authenticate U. Then, S randomizes value V to challenge

U. If user is a legal user, he/she will have h(x ‖ e) to

compute S2 to send it back to S.

10) Session-key Agreement: In our scheme, after fin-

ishing mutual authentication successfully, both user and

server share a session key SK to encrypt message later.

So, our scheme not only satisfies mutual authentication

but also provides session key to partners.

Our scheme is a revised version of Chen et al.’s scheme, so

it can also resist two-factor attack[13][27][28], reflection

and parallel session attack. In case of two-factor attack,

if user U losts his/her mobile device or even password,

attacker still can not login to impersonate U due to finger-

print of U. So, by employing fingerprint into authentication

scheme, we see that we easy to eliminate two-factor attack.

Morever, C2, S1, and S2 in our authentication scheme are

different about quantity of elements participating in hash

function. So, attacker can not reuse them to resend to

server or user. So, our scheme can resist reflection attack.

Finally, due to inheriting the way of storing the user’s

identity until the end of session to check the same identity

login. Thus, our scheme can also withstand a parallel

session attack like Chen et al.’s scheme.

B. Efficiency Analysis

To compare efficiency between our scheme and the

previous schemes proposed by Chen et al and Khan et

al, we reuse approach used in that previous scheme to

analyze computational complexity. That is, we calculate

the number of one-way hash function execution. Let Th

be the time to compute one-way hash function. In addition,

similarly to Chen et al.’s scheme, we also ignore exclusive-

or(⊕) operation because it requires very few computations.

In table 1, there are our scheme, Chen, Lee and Hsu’s

scheme and Khan et al.’s scheme. Chen et al.’s scheme

needs 3 x Th in registration phase, and 3 x Th in login

phase and 5 x Th in authentication phase. Khan et al.’s

scheme needs 2 x Th in registration phase, and 2 x Th

in login phase and 5 x Th in authentication phase. Our

scheme needs 4 x Th in registration phase and 3 x Th in

login phase and 7 x Th in authentication phase.

Clearly, proposed scheme needs more computational

amount than Chen et al.’s scheme and Khan et al.’s

scheme. However, those costs are necessary to protect

user’s anonymity and provide session key for partners.

In short, proposed scheme does not add many additional

computational costs and the proposed scheme also en-

hances security.

In table 2, we list the comparisons between our improved

scheme and Chen et al.’s scheme for withstanding various

attacks. We see that Chen et al.’s scheme can not resist to

server and user spoofing, stolen information from mobile,

and replay attacks. In addition, their scheme does not guar-

antee user’s anonymity. It can be seen that our proposed

scheme is more secure against various attacks.

In table 3, we list the comparisons between our im-

proved scheme and Chen et al.’s scheme for achieving

some necessary requirements to be a secure authentication

mentioned in introduction section. Our scheme not only

satisfies all Chen et al.’s does but also supplies two

important requirements which their scheme lacks. These

683

Table IA COMPARISON OF COMPUTATION COSTS

Computational type Authentication phase Login phase Registration phaseKhan et al.’s scheme[11] 5 x Th 2 x Th 2 x Th

Chen et al.’s scheme[12] 5 x Th 3 x Th 3 x Th

Our scheme 7 x Th 3 x Th 4 x Th

Table IITHE COMPARISON BETWEEN OUR SCHEME AND THE CHEN ET AL.’S FOR WITHSTANDING VARIOUS ATTACKS

Chen et al.’s scheme[12] Our schemeServer spoofing No YesUser spoofing No YesTwo-factor security Yes YesPassword guessing attack Yes YesReflection and parallel session attack Yes YesReplay attack No YesKnown-key attack No YesDenial-of-service attack Yes YesStolen information from mobile device Yes Yes

two properties are user’s anonymity and session key agree-

ment. If user’s anonymity is revealed, attacker may use it

to re-register to obtain other important information of legal

user such as password or authentication key provided from

server. And session key shared between user and server

play an another important role to encrypt transmitted data

later. We see that Chen et al.’s scheme fails to protect

user’s anonymity and do not have session key agreement

between user and server.

Table IIITHE COMPARISON BETWEEN OUR SCHEME AND THE CHEN ET AL.’S

FOR ACHIEVING NECESSARY REQUIREMENTS

Chen et al.’s scheme[12] Our schemeEfficiency Yes YesMutual authentication Yes YesSession key establishment No YesNo verification table Yes YesUser anonymity No YesScalability Yes YesPassword change phase Yes Yes

V. CONCLUSIONS

In this paper, we review mobile device integration of

a fingerprint biometric remote authentication scheme of

Chen et al. Although their scheme can withstand some

attacks, such as password guessing, denial-of-service, par-

allel session and reflection, and impersonation while the

content of the user’s device is revealed. However, we

see that their scheme is still vulnerable to replay attack,

server and user spoofing. Morever, their scheme can not

guarantee user’s anonymity. Consequently, we propose an

improved scheme to eliminate such problems.

Compared with related schemes, the proposed scheme has

the following main advantages; (1) User can choose the

password freely. (2) It provides secure user anonymity. (3)

It does not hold the password verification table for mobile

users. (4) It provides mutual authentication. As a result,

the proposed scheme is able to provide greater security

and be practical in wireless communication systems.

In the future, however, we will research a remote

biometric-based mutual authentication scheme for mobile

device on elliptic curve cryptosystem (ECC) which is very

suitable for device with limited energy[25] to enhance

security more and apply to more applications in electronic

transactions.

REFERENCES

[1] L. Lamport, “Password authentication with inse-

cure communication,” Communications of the ACM,

vol. 24, pp. 770–772, 1981.

[2] L. H. Li, I. C. Lin, and M. S. Hwang, “A remote

password authentication scheme for multi-server ar-

chitecture using neural networks,” IEEE Transactionson Neural Network, vol. 12, no. 6, pp. 1498–1504,

2001.

[3] J. J. Shen, C. W. Lin, and M. S. Hwang, “A modi-

fied remote user authentication scheme using smart

cards,” IEEE Transactions on Consumer Electronics,

vol. 49, no. 2, pp. 414–416, 2003.

[4] M. S. Hwang, C. C. Lee, and Y. L. Tang, “A simple

remote user authentication scheme,” Mathematicaland Computer Modelling, vol. 36, pp. 103–107,

2002.

[5] C. C. Lee, M. S. Hwang, and W. P. Yang, “Flexi-

ble remote user authentication scheme using smart

cards,” IEEE Transactions on Neural Network,

vol. 36, no. 3, pp. 46–52, 2002.

[6] I.-E. Liao, C.-C. Lee, and M.-S. Hwang, “Security

enhancement for a dynamic id-based remote user

authentication scheme,” IEEE Transactions on Con-sumer Electronics, vol. 50, pp. 629–631, 2004.

[7] E. J. Yoon and K. Y. Yoo, “Improving the dynamic

id-based remote mutual authentication scheme,” FirstInternational Workshop on Information Security, vol.

4277, pp. 499–507, 2006.

[8] Y. Y. Wang, J. Y. Kiu, F. X. Xiao, and J. Dan, “A

more efficient and secure dynamic id-based remote

user authentication scheme,” Computer Communica-tions, vol. 32, pp. 583–585, 2009.

[9] C.-C. Lee, T.-H. Lin, and R.-X. Chang, “A secure

684

dynamic id based remote user authentication scheme

for multi-server environment using smart cards,” Ex-pert Syst. Appl., vol. 38, no. 11, pp. 13 863–13 870,

2011.

[10] I. E. Liao, C. C. Lee, and M. S. Hwang, “Security

enhancement for a dynamic id-based remote user

authentication scheme,” International Conference onNext Generation Web Services Practices, vol. 6,

no. 2, pp. 517–522, 2005.

[11] M. K. Khan, J. Zhang, and X. Wang, “Chaotic hash-

based fingerprint biometric remote user authentica-

tion scheme on mobile devices,” Chaos, Solitons &Fractals, vol. 35, no. 3, pp. 519 – 524, 2008.

[12] C.-L. Chen, C.-C. Lee, and C.-Y. Hsu, “Mobile

device integration of a fingerprint biometric remote

authentication scheme,” International Journal ofCommunication Systems, 2011. [Online]. Available:

http://dx.doi.org/10.1002/dac.1277

[13] J. K. Lee, S. R. Ryu, and K. Y. Yoo, “Fingerprint-

based remote user authentication scheme using smart

cards,” Electronics Letters, vol. 38, pp. 554–555.

[14] C.-H. Lin and Y.-Y. Lai, “A flexible biometrics

remote user authentication scheme,” Computer Stan-dards & Interfaces, vol. 27, no. 1, pp. 19–23, 2004.

[15] M. K. Khan and J. Zhang, “Improving the security

of ’a flexible biometrics remote user authentication

scheme’,” Comput. Stand. Interfaces, vol. 29, pp. 82–

85, January 2007.

[16] J. Yuan, C. Jiang, and Z. Jiang, “A

biometric-based user authentication for wireless

sensor networks,” Wuhan University Journal ofNatural Sciences, vol. 15, pp. 272–276, 2010,

10.1007/s11859-010-0318-2. [Online]. Available:

http://dx.doi.org/10.1007/s11859-010-0318-2

[17] T. H. Chen, Y. C. Chen, W. K. Shih, and H. W. Wei,

“An efficient anonymous authentication protocol for

mobile pay-tv,” vol. 34, pp. 1131–1137, 2011.

[18] H.-C. Hsiang and W.-K. Shih, “Improvement

of the secure dynamic id based remote user

authentication scheme for multi-server environment,”

Comput. Stand. Interfaces, vol. 31, pp. 1118–

1123, November 2009. [Online]. Available:

http://dl.acm.org/citation.cfm?id=1595894.1596057

[19] Y.-P. Liao and S.-S. Wang, “A secure dynamic id

based remote user authentication scheme for multi-

server environment,” Comput. Stand. Interfaces,

vol. 31, pp. 24–29, January 2009. [Online]. Avail-

able: http://dx.doi.org/10.1016/j.csi.2007.10.007

[20] M. L. Das, A. Saxena, and V. P. Gulati, “A dynamic

id-based remote user authentication scheme,” IEEETransactions on Consumer Electronics, vol. 50, no. 2,

pp. 629–631, 2004.

[21] H. Debiao, C. Jianhua, and H. Jin, “An id-based

client authentication with key agreement protocol for

mobile clientserver environment on ecc with provable

security,” Information Fusion, 2011.

[22] J.-H. Yang and C.-C. Chang, “An id-based remote

mutual authentication with key agreement scheme

for mobile devices on elliptic curve cryptosystem,”

Computers & Security, vol. 28, no. 3-4, pp. 138–143,

2009.

[23] E.-J. Yoon and K.-Y. Yoo, “Robust id-based remote

mutual authentication with key agreement scheme

for mobile devices on ecc,” Computational Scienceand Engineering, IEEE International Conference on,

vol. 2, pp. 633–640, 2009.

[24] J. Zhang and F. Deng, “The authentication and

key agreement protocol based on ecc for wireless

communications,” 2009 International Conference onManagement and Service Science, pp. 1–4, 2009.

[25] S. H. Islam and G. P. Biswas, “A more efficient

and secure id-based remote mutual authentication

with key agreement scheme for mobile devices on

elliptic curve cryptosystem,” Journal of Systems andSoftware, vol. 84, no. 11, pp. 1892–1898, 2011.

[26] A. J. Menezes, P. C. Oorschot, and S. A. Vanstone,

“Handbook of applied cryptograph,” 1997.

[27] H.-S. Kim, S.-W. Lee, and K.-Y. Yoo, “Id-based

password authentication scheme using smart cards

and fingerprints,” SIGOPS Oper. Syst. Rev., vol. 37,

pp. 32–41, October 2003. [Online]. Available:

http://doi.acm.org/10.1145/958965.958969

[28] C.-H. Lin, T.-S. Lin, H.-H. Lin, and Y.-Y. Lai,

“On the security of id-based password authentication

scheme using smart cards and fingerprints,” in ITRE2005 - 3rd International Conference on InformationTechnology: Research and Education, June 27-302005, Hsinchu, Taiwan, Proceedings. IEEE, 2005,

pp. 230–232.

685