research article an improved biometric-based user...

Research ArticleAn Improved Biometric-Based User Authentication Scheme forCS System

Li Jiping1 Ding Yaoming1 Xiong Zenggang1 and Liu Shouyin2

1 School of Computer and Information Science Hubei Engineering University Xiaogan 432000 China2 College of Physical and Technology Central China Normal University Wuhan 430079 China

Correspondence should be addressed to Ding Yaoming xgdym21cncom

Received 24 August 2013 Revised 18 February 2014 Accepted 27 February 2014 Published 27 April 2014

Academic Editor Chuan-Ming Liu

Copyright copy 2014 Li Jiping et alThis is an open access article distributed under the Creative Commons Attribution License whichpermits unrestricted use distribution and reproduction in any medium provided the original work is properly cited

The authors first review the recently proposed Dasrsquos biometric-based remote user authentication scheme and then show that Dasrsquosscheme is still insecure against some attacks and has some problems in password change phase In order to overcome the designflaws in Dasrsquos scheme an improvement of the scheme is further proposed Cryptanalysis shows that our scheme is more efficientand secure against most of attacks moreover our scheme can provide strong mutual authentication by using verifying biometricpassword as well as random nonces generated by the user and server

1 Introduction

In a clientserver system the validity of remote user is neces-sary to assure the security of the system Traditional remoteidentity-based authentication schemes [1ndash9] are based onpasswords onlyHowever simple passwords are always easy tobreak by using simple dictionary attacks since they have lowentropy To overcome this problem cryptographic secret keysand passwords are used in the remote user authenticationschemes But the long and random cryptographic keys aredifficult to memorize and hence they must be stored some-where [10] it is expensive to maintain the long cryptographickeys Furthermore both passwords and cryptographic keysare unable to provide nonrepudiation because they can beforgotten or lost or when they are shared with other peoplethere is no-way to know who the actual user is [11] Abiometric system operates by acquiring biometric data froman individual extracting a feature set from the acquired dataand comparing this feature set against the template set inthe database [12ndash14] In [3] the authors propose an online(119905 119899) threshold secret sharing scheme based on biometricverification and threshold password authentication In [15]a continuous user authentication scheme based on biometricverification by fusing hard and soft traits is proposed irrespec-tive of user posture in front of the system In [16] a BIO3G

protocol based on biometric authentication for 3G mobileenvironments is proposed to provide real end to end stronguser authentication In [17] the author analyzes the securityof Dasrsquos biometric-based authentication scheme and showsthat the scheme is still insecure against some attacks anddoes not provide mutual authentication between the userand server In [18] the author proposes an enhanced schemebased on biometric verification and smart card to removethe security weakness of Dasrsquos scheme analyzed in [17]However the proposed scheme in [18] cannot withstand thereplay attack between the user and the remote server Inthe abovementioned schemes biometric verification allowsone to confirm or establish an individual identity Thereforebiometric keys are proposedwhich are based on physiologicaland behavioral characteristics of persons such as fingerprintsfaces irises hand geometry and palm prints Some advan-tages of biometric keys are described as follows [19 20]

(i) Biometric keys cannot be lost or forgotten(ii) Biometric keys are very difficult to copy or share(iii) Biometric keys are extremely hard to forge or dis-

tribute(iv) Biometric keys cannot be guessed easily(v) Someonersquos biometrics is not easier to break than

others

Hindawi Publishing CorporationInternational Journal of Distributed Sensor NetworksVolume 2014 Article ID 275341 9 pageshttpdxdoiorg1011552014275341

2 International Journal of Distributed Sensor Networks

Table 1 Notations used in the proposed scheme

Notation Description119862119894

Client119877119894

Trusted registration center119878119894

ServerPW119894

Password shared between 119862119894and 119878

119894

ID119894

Identity of the user 119862119894

119861119894

Biometric template of the user 119862119894

119889(∙) Symmetric parametric function120591 Predetermined threshold for biometric verificationℎ(∙) A secure one-way hash function119883119904

A secret information maintained by the server119877119888

A random number chosen by 119862119894

119877119904


119860 119861 Data 119860 concatenates with data 119861119860 oplus 119861 XOR operation of 119860 and 119861

As a result biometric-based remote user authenticationsare inherently more reliable and secure than usual traditionalpassword-based remote user authentication schemes

In this paper we propose an improvement of Dasrsquosbiometric-based remote user authentication scheme usingsmart cards in order to withstand his design flaws Theremainder of this paper is organized as follows In Section 2we briefly review the Dasrsquos biometric-based remote userauthentication scheme using smart cards [21] In Section 3we analyze the design flaws in Dasrsquos scheme In Section 4 wepropose an improvement of the scheme in order to eliminatethe design flaws discussed in Section 3 Security analysis ofour scheme and performance comparison with other relatedschemes are implemented in Section 5 Finally we concludethe paper in Section 6

2 Review of DASrsquos Biometric-Based RemoteUser Authentication Scheme

In this section we review in brief Dasrsquos biometric-basedremote user authentication scheme [21] For describing theDasrsquos scheme [21] we use the notations shown in Table 1Dasrsquos scheme consists of the following four phases namelyregistration phase login phase authentication phase andchange password phase Details of each phase are given in thefollowing subsections

21 Registration Phase In order to login to the system theremote user 119862

119894needs to perform the following stages as

shown in Algorithm 1

Step 1The user inputs hisher personal biometric119861119894on a spe-

cific device and offers hisher password PW119894and the identity

ID119894of the user to the registration center 119877

119894in person

119862119894

119878119894

(1)ID119894 119861119894 PW119894997888997888997888997888997888997888997888rarr

(2) Computes 119903119894and 119890

119894

119891119894= ℎ(119861

119894)

119903119894= ℎ(PW

119894) oplus 119891119894

119890119894= ℎ(ID

119894 119883119904) oplus 119903119894

(3)Smart card(ID119894 ℎ(sdot) 119891119894 119903119894 119890119894)larr997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888

Algorithm 1 Registration phase of Dasrsquos scheme

Step 2 The registration center 119877119894then computes 119891

119894= ℎ(119861

119894)

119903119894= ℎ(PW

119894) oplus 119891119894 and 119890

119894= ℎ(ID

119894119883119904) oplus 119903119894 Here 119883

119904is secret

information generated by the server

Step 3 Finally the registration center 119877119894

loads(ID119894 ℎ(sdot) 119891

119894 119890119894 119903119894) on the userrsquos smart card and sends

the information to the user 119862119894via a secure channel

22 Login Phase In this phase if a user 119862119894wants to login to

the server 119878119894 heshe needs to perform the following steps as


Step 1 119862119894first inserts hisher smart card into the smart card

reader of a terminal and offers hisher personal biometrictemplate119861

119894 on the specific device to verify hisher biometric

Step 2 Next the userrsquos personal biometric template 119861119894is

matched against the template stored in the system

Step 3 If the above verification does not hold then 119862119894does

not pass the biometric verification and as a result the remoteuser authentication is terminated Otherwise on the otherhand if the abovementioned verification holds 119862

119894passes the

biometric verification and 119862119894then inputs hisher password

PW119894to perform Step 4

Step 4 The smart card computes 1199031015840119894= ℎ(PW

119894) oplus 119891119894 If 1199031015840119894

= 119903119894

then password verification fails and the client terminates thesession

Step 5 If 1199031015840119894= 119903119894 the smart card computes 119872

1= 119890119894oplus 1199031015840119894

which is equal to ℎ(ID119894 119883119904)1198722= 1198721oplus 119877119888 which is equal

to ℎ(ID119894 119883119904) oplus 119877119888 and 119872

3= ℎ(119877

119888) where 119877

119888is a random

number generated by the user

Step 6 Finally 119862119894sends the message ⟨ID

11989411987221198723⟩ to the

remote server 119878119894

23 Authentication Phase After receiving the login requestmessage ⟨ID

11989411987221198723⟩ 119878119894performs the following steps as

shown in Algorithm 3 in order to authenticate whether theuser 119862

119894is legal or not

International Journal of Distributed Sensor Networks 3

119862119894

119878119894

(1) Inserts the smart card and 119861119894

(2) Verifies whether 119861119894matches with template stored in system

(3) If it holds then 119862119894inputs hisher password PW

119894

(4) Computes 1199031015840119894= ℎ(PW

119894) oplus 119891119894

(5) Checks if 1199031015840119894= 119903119894

(6) If it holds the smart card computes the following1198721= 119890119894oplus 1199031015840119894

1198722= 1198721oplus 119877119888

1198723= ℎ(119877

119888)

(7)⟨ID119894 1198722 1198723⟩997888997888997888997888997888997888997888997888997888997888rarr

Algorithm 2 Login phase of Dasrsquos scheme

119862119894

119878119894

(1) Checks whether the format of 1198621015840119894s ID119894is valid or not

If above holds 119878119894computes the following

1198724= ℎ(ID

119894 119883119878)

1198725= 1198722oplus1198724

(2) Verifies whether ℎ(1198725) = 119872

3

If it holds then computes1198726= 1198724oplus 119877119904

1198727= ℎ(119872

2 1198725)

1198728= ℎ(119877

119904)

(3)⟨1198727 1198726 1198728⟩larr997888997888997888997888997888997888997888997888997888997888

(4) Verifies whether1198727= ℎ(119872

2 119877119888)

(5) If above holds 119862119894computes

1198729= 1198726oplus1198721

Verifies whether ℎ(1198729) = 119872

8

If it does not hold 119878119894is rejected by 119862

119894

Otherwise if it holds then computes11987210

= ℎ(1198726 1198729)

(6)⟨11987210⟩997888997888997888997888997888rarr

(7) Verifies whether11987210

= ℎ(1198726 119877119904)

(8) If it holds 119878119894accepts 1198621015840

119894s login request

(9) Otherwise 119878119894rejects 1198621015840


Algorithm 3 Authentication phase of Dasrsquos scheme

Step 1 119878119894first checks the format of 119862

119894rsquos ID119894

Step 2 If the above format is valid 119878119894then computes 119872

4=

ℎ(ID119894 119883119904) 1198725

= 1198722oplus 1198724and then verifies whether

ℎ(1198725) = 119872

3 If it does not hold then 119878

119894rejects 119862

119894rsquos login

request In case the verification is successful then 119878119894computes

1198726= 1198724oplus 1198771199041198727= ℎ(119872

2 1198725) and119872

8= ℎ(119877

119904)

Step 3 119878119894then sends the message ⟨119872

711987261198728⟩ to 119862

119894

Step 4 After receiving the message in Step 3 119862119894verifies

whether 1198727

= ℎ(1198722

119877119888) Thus if the verification does

not pass 119862119894terminates the session Otherwise 119862

119894proceeds

as follows by computing1198729= 1198726oplus1198721(= 119877119904) and verifying

further whether ℎ(1198729) = 119872

8 If ℎ(119872

9) =1198728 119862119894terminates

the session On the other hand 119862119894computes 119872

10= ℎ(119872

6

1198729) and sends the message ⟨119872

10⟩ to the server 119878

119894

Step 5 After receiving119862119894rsquos message 119878

119894verifies whether119872

10=

ℎ(1198726 119877119904)

Step 6 If the abovementioned does not hold 119878119894rejects 119862

119894rsquos

login request

Step 7 In case the verification is successful then only 119878119894

accepts 119862119894rsquos login request

24 Password Change The password change phase of Dasrsquosscheme [21] has the following steps


Step 1 It inserts the smart card into the card reader and offers119861119894

Step 2 It verifies whether the userrsquos personal biometrictemplate119861

119894matches against the template stored in the system

Step 3 If 119862119894passes the biometric verification then only

119862119894enters hisher old password PWold

119894and new changed

password PWnew119894

Step 4 The smart card then computes 1199031015840119894= ℎ(PWold

119894) oplus 119891119894

if 1199031015840119894

= 119903119894 the password change phase is terminated If 1199031015840

119894= 119903119894

then only smart card computes 11990310158401015840119894

= ℎ(PWnew119894

) oplus 119891119894 1198901015840119894=

119890119894oplus 119903119894(= ℎ(ID

119894 119883119904)) and 11989010158401015840

119894= 1198901015840119894oplus 119903119894

Step 5 Finally replace 119890119894with 11989010158401015840

119894and 119903119894with 11990310158401015840

119894on the smart

card

3 Cryptanalysis of Dasrsquos Scheme

This section demonstrates that Dasrsquos scheme [21] has somedrawbacks denial-of-service attack user impersonationattack replay attack and password change problem

31 Denial-of-Service Attack One of fundamental propertiesof a secure one-way hash function is that its outputs are verysensitive to small perturbations in their inputs The crypto-graphic hash function cannot be applied straightforwardlywhen the input data are with noise such as biometrics [22]Then the predetermined threshold for biometric verificationcannot be used to measure outputs of hash functions Inthe registration phase of Dasrsquos scheme the register center 119877

119894

computes 119891119894= ℎ(119861

119894) and 119903

119894= ℎ(PW

119894) oplus 119891119894and then stores

119891119894and 119903

119894in the smart card In the login phase 119862

119894inserts

hisher smart card into the card reader and provides hisherpersonal biometrics 119861

119894on a specific device to verify the users

biometrics by verifying whether ℎ(119861119894) = 119891119894or not In Step 4 of

login phase password verification is performed by verifyingwhether 1199031015840

119894= 119903119894However both the biometric verification and

password verification procedures may result in serious flawsbecause ℎ(119861

119894) = 119891

119894may never succeed since the inputted

biometrics belonging to the same person may differ slightlyfrom time to time [22] so the next login and authenticationprocedure will be terminated As a result this may causethe legal user to be unable to pass biometric verification atthe login phase of Dasrsquos scheme Therefore Dasrsquos scheme isvulnerable to the denial-of-service attack

32 User Impersonation Attack We see from the login andauthentication phase of Dasrsquos scheme that an attacker canimpersonate a legal user to access to the server In the loginphase of Dasrsquos scheme since the user 119862

119894sends the message

⟨ID11989411987221198723⟩ to the remote server 119878

119894where 119862

119894identity is

not masked this will result in user impersonation attack asfollows

When an attack denoted as119860119894wants to access the remote

server heshe can eavesdrop the message ⟨ID11989411987221198723⟩ by

tapping communication lines or wireless link between the

legal user 119862119894and the remote server 119878

119894 Once 119860

119894derives

the message ⟨ID11989411987221198723⟩ he can send the eavesdropped

message to the remote server 119878119894 Since the legal userrsquos ID is

not masked so the check of userrsquos validity can easily pass Wecan clearly see that when 119878

119894computes1198721015840

4= ℎ(ID

119894 119883119904) and

11987210158405= 1198722oplus11987210158404 the verification of ℎ(1198721015840

5) = 119872

3is successful

Then 119878119894computes 1198721015840

6= 1198724oplus 119877119904 11987210158407= ℎ(119872

2 11987210158405) and

11987210158408

= ℎ(119877119904) and then sends message ⟨1198721015840

71198721015840611987210158408⟩ to 119862

119894

The attack119860119894may eavesdrops themessage ⟨1198721015840

71198721015840611987210158408⟩ and

modifies the11987210158407 replaces it with11987210158401015840

7 and then sends a forged

message ⟨1198721015840101584071198721015840611987210158408⟩ to 119862

119894 Obviously 11987210158401015840

7= ℎ(1198722 119877119888)

so 119862119894terminates the session However the attacker 119860

119894will

pass the verification ⟨119872101584071198721015840611987210158408⟩ and 119860

119894computes 1198721015840

9=

11987210158406oplus 1198721= 11987210158406oplus 1198724 Since the attack 119860

119894can verify 1198721015840

9=

11987210158408 he proceeds as follows by computing 1198721015840

10= ℎ(1198721015840

6

11987210158409) and sends message ⟨1198721015840

10⟩ to the remote server 119878

119894 On

receiving themessage the remote server 119878119894will verifywhether

119872101584010

= ℎ(1198726

119877119904) or not We can see obviously that the

above equation holds so the remote 119878119894accepts the attackerrsquos

login request and the user impersonation attack will occursequentially

33 Replay Attack In Dasrsquos scheme the replay and man-in-the-middle attack is withstood by checking whether 119872

1015840

5(=

1198722oplus1198724) = 119872

5 where119872

5is equal to 119877

119888and is stored in the

database of remote server 119878119894 It is noted that119872

5= 1198722oplus1198724

=

1198721oplus 119877119888oplus1198724= 119877119888(1198721= 1198724) is disclosed to any user when

one breaks the remote server 119878119894 When the remote server 119878

119894

is compromised by an attacker heshe can change ⟨ID1198941198725⟩

in the database of the remote server 119878119894 Obviously once 119872

5

is changed the replayed message ⟨ID1198941198721015840211987210158403⟩ will not be

discarded and1198725will be replaced by1198721015840

5

34 Password Change In password change procedure ofDasrsquos scheme if remote user 119862

119894wants to change hisher pass-

word heshe must pass biometric verification by verifyingℎ(119861119894) = 119891119894 However the inputted biometrics belonging to the

same personmay differ slightly from time to time [22] so thepassword change procedure will be terminated In additionfor more time since ℎ(119861

119894) = 119891119894 then 1199031015840

119894= ℎ(PWold

119894) oplus 119891

119894

computed by smart card is not equal to 119903119894stored in the

smart card so the password change procedure will also beterminated According to the above analysis Dasrsquos schemecannot realize the password change freely

4 Proposed Scheme

In this section we propose an improvement of the Dasrsquosbiometric-based remote user authentication scheme [21]using smart cards in order to withstand the flaws discussed inSection 3 For convenience we use the same notations used asin Dasrsquos scheme shown in Table 1

41 Registration Phase In order to login to the system theremote user119862

119894needs to perform the following steps as shown

in Algorithm 4


119862119894

119878119894

(1)ID119894 119861119894 PW119894997888997888997888997888997888997888997888rarr

(2) computes 119891119894 119892119894 119903119894and 119890

119894

119891119894= ℎ(119861

119894)

119892119894= ℎ(ID

119894)

119903119894= ℎ(PW

119894) oplus 119891119894

119890119894= ℎ(119892

119894 119883119904) oplus 119903119894

(3)Smart card(ℎ(sdot) 119891119894 119892119894 119890119894 119903119894 120591 119889(sdot))larr997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888

Algorithm 4 Registration phase of our scheme

Step 1 The user 119862119894inputs hisher personal biometric 119861

119894on

a specific device and offers hisher password PW119894and the

identity ID119894to the registration center 119877

119894in person


119894= ℎ(119861

119894)

119892119894= ℎ(ID

119894) 119903119894= ℎ(PW

119894)oplus119891119894 and 119890

119894= ℎ(119892

119894 119883119904)oplus119903119894 Here119883

119904

is secret information generated by the serverWe note that119883119904

and passwords of the corresponding users are not disclosed toany others for all secure future communications


loads(ℎ(sdot) 119891

119894 119892119894 119890119894 119903119894 120591 119889(sdot)) on the userrsquos smart card and

sends this information to the user 119862119894via a secure channel

42 Login Phase In order to login to the system the remoteuser 119862

119894needs to perform the following stages as shown in

Algorithm 5

Step 1 119862119894first inserts hisher smart card into the card reader

of a terminal and offers hisher personal biometric template1198611015840

119894 on the specific device If 119889(119861

119894 1198611015840

119894) gt 120591 the remote

user authentication is terminated Otherwise 119862119894passes the

biometric verification and then inputs hisher password PW119894

to perform Step 2

Step 2The smart card computes 1199031015840119894= ℎ(PW

119894)oplus119891119894 If119889(1199031015840

119894 119903119894) gt

120591 then password verification fails and the system terminatesthe session otherwise the smart card computes119872

1= 119890119894oplus 1199031015840119894

which is equal to ℎ(119892119894 119883119904) 1198722= ℎ(119877

119888 119879) where 119877

119888is a

random number generated by the user119862119894and119879 is the current

timestamp of 119862119894rsquos system and119872

3= 1198721oplus1198722

Step 3 Finally the user 119862119894sends the message ⟨119892

11989411987221198723 119879⟩

to the remote server 119878119894

43 Authentication Phase When the remote server 119878119894

receives the login request ⟨11989211989411987221198723 119879⟩ at time 119879lowast it will

perform the following steps as shown in Algorithm 6 toauthenticate whether the user 119862


Step 1 Verify T If (119879lowast minus 119879) gt Δ119879 the authenticationphase aborts where Δ119879 is the expected time interval for the

transmission delay of the system On the contrary if (119879lowast minus119879) le Δ119879 the next step will be performed

Step 2 119878119894checks the format of 119862

119894rsquos ID119894 It computes 119872

4=

ℎ(119892119894 119883119904) using the secret value119883

119904maintained by the server

119878119894and then computes 119872

5= 1198724oplus 1198723and verifies whether

1198725= 1198722 If it does not hold then 119878

119894rejects119862

119894rsquos login request

In case the verification is successful the next step will beperformed

Step 3 119878119894computes 119872

6= ℎ(119877

119904 119879119904) and 119872

7= 1198724oplus 1198726

where 119879119904is the current timestamp of the server 119878

119894 and then

119878119894sends message ⟨119872

411987261198727 119879119904⟩ to the user 119862

119894

Step 4 After receiving the message ⟨119872411987261198727 119879119904⟩ at

time 119879lowastlowast 119862119894first checks the freshness of 119879

119904by verifying

(119879lowastlowast minus 119879119904) gt Δ119879 If it holds the following session is

terminated otherwise 119862119894computes 119872

8= 119872

4oplus 1198727

and then verifies whether 1198728

= 1198726 If it does not

hold 119862119894terminates the session Otherwise it goes to the

next step

Step 5119862119894computes119872

9= 1198724oplus1198726and then verifies whether

1198729= 1198727 If it does not hold 119878

119894is rejected by 119862

119894 otherwise

if it holds 119862119894computes 119872

10= ℎ(119877

119888 1198791015840) where 1198791015840 is the

current timestamp of the user 119862119894 and then computes 119872

11=

1198727oplus11987210and sends the message ⟨119872

11 119877119888 1198791015840⟩ to the remote

server 119878119894

Step 6 When 119878119894receives the message ⟨119872

11 119877119888 1198791015840⟩ at

time 119879lowastlowastlowast it verifies (119879lowastlowastlowast minus 1198791015840) gt Δ119879 If it holds theauthentication phase is terminated Otherwise if it does nothold 119878

119894computes 119872

12= ℎ(119877

119888 1198791015840) and then computes

11987213

= 1198724oplus1198726oplus11987212 After computing119872

13 then 119878

119894verifies

whether 11987213

= 11987211 If it holds 119878

119894accepts 119862


otherwise 119878119894rejects the login request

44 Password Change In our scheme user 119862119894can freely

change the password PWold119894

to a new one PWnew119894

Thepassword change procedure is performed as follows

Step 1119862119894inserts the smart card into the card reader and offers

hisher personal biometrics 1198611015840119894 then the smart card computes

1198911015840119894= ℎ(1198611015840

119894) and verifies it by checking 119889(1198911015840

119894 119891119894) le 120591 where

119891119894= ℎ(119861

119894) is the information stored in the smart card

Step 2 If it holds 119862119894inserts old password PWold

119894and new


otherwise the password change procedureis terminated

Step 3 Smart card performs 1199031015840119894= ℎ(PWold

119894) oplus 1198911015840119894and checks

119889(1199031015840119894 119903119894) le 120591 where 119903

119894is the information stored in the smart

cardStep 4 If it holds the smart card computes 11990310158401015840

119894= ℎ(PWnew

119894) oplus

119891119894 1198901015840119894= 119890119894oplus 119903119894(= ℎ(ID

119894 119883119904)) and 11989010158401015840

119894= 1198901015840119894oplus 119903119894


119894and 119903119894with 11990310158401015840

119894on the smart

card


119862119894

119878119894

(1) Inserts the smart card and inputs 1198611015840119894

(2) Verifies whether 119889(119861119894 1198611015840

119894) lt 120591


119894

(4) Computes 1199031015840119894= ℎ(PW

119894) oplus 119891119894and verifies whether 119889(119903

119894 1199031015840119894) lt 120591

(5) If it holds the smart card computes1198721= 119890119894oplus 1199031015840119894

1198722= ℎ(119877

119888 119879)

1198723= 1198721oplus1198722

(6)⟨119892119894 1198722 1198723 119879⟩997888997888997888997888997888997888997888997888997888997888997888rarr

Algorithm 5 Login phase of our scheme

119862119894

119878119894

(1) When receiving ⟨11989211989411987221198723 119879⟩

119878119894checks (119879lowast minus 119879) gt Δ119879

(2) 119878119894computes119872

4= ℎ (119892

119894 119883119904)

1198725= 1198724oplus1198723 and verifies whether119872

5= 1198722

(3) 119878119894computes119872

6= ℎ(119877

119904 119879119904)

1198727= 1198724oplus1198726

⟨1198724 1198726 1198727 119879119904 ⟩larr997888997888997888997888997888997888997888997888997888997888997888997888997888

(4) When receiving ⟨1198724 1198726 1198727 119879119904⟩

at 119879lowastlowast 119862119894checks (119879lowastlowast minus 119879) gt Δ119879

computes1198728= 1198724oplus1198727 then verifies119872

8= 1198726

(5) 119862119894computes119872

9= 1198724oplus1198726 then verifies119872

9= 1198727 computes119872

10= ℎ(119877

119888 1198791015840) and

then11987211

= 1198727oplus11987210

⟨11987211 119877119888 1198791015840⟩

997888997888997888997888997888997888997888997888997888997888rarr

(6) When receiving ⟨11987211 119877119888 1198791015840⟩ at 119879lowastlowastlowast 119878

119894verifies (119879lowastlowastlowast minus 119879) gt Δ119879

then computes11987212

= ℎ(119877119888 1198791015840)

11987213

= 1198724oplus1198726oplus11987212 then verifies119872

13= 11987211

If it holds 119878119894accepts 1198621015840

119894119904 login request

Algorithm 6 Authentication phase of our scheme

5 Security Analysis and Performance ofthe Proposed Scheme

51 Security Analysis If a legal user lost hisher smart cardit is extremely hard for an adversary to derive the userrsquossensitive information such as userrsquos identity password andbiometrics because the extraction of parameters from thesmart card is quite difficult Furthermore the adversarycannot change the password because heshe cannot pass thebiometric verification

511 Denial-of-Service Attack In our proposed protocolwe take into account hash functionrsquos sensitivity to smallperturbations in its inputs In the login phase userrsquos biometricverification is performed by checking 119889(119861

119894 1198611015840119894) gt 120591 instead

of checking ℎ(1198611015840119894) = 119891119894 Moreover the password verification

is performed by checking 119889(1199031015840119894 119903119894) gt 120591 instead of 1199031015840

119894= 119903119894 So

denial-of-service attack caused by hash functionrsquos fundamen-tal properties can be withstood

512 Stolen-Verifier Attack Our scheme can resist stolen-verifier attack because the scheme is free from the veri-fierpassword table In our protocol the remote server 119878

119894does

not keep password tables Therefore an attacker cannot stealuserrsquos password from 119878

119894 Moreover the password ismasked by

hash function in the procedure of message transfer betweenthe user 119862

119894and remote server 119878

119894

513 Many Logged-In Users Attack Most systems whichmaintain the password table to verify user login are vulner-able to this kind of threat Our scheme can resist the threatsince our scheme requires on-card computation for login tothe remote server 119878

119894 and once the smart card is removed the

login process will be aborted


514 Guessing Attack Our protocol can resist guessingattack which is a critical concern in password-based systemssince the password in our protocol is transmitted as a digestof some other secret information The attacker cannot guessthe userrsquos password from the digest because of the one-waycharacteristic of the hash function even if the attacker mayget the digest which contains the password

515 ReplayAttack Replaying an interceptedmessage can beprevented in our proposed protocol If an attacker intercepts⟨ID11989411987221198723 119879⟩ and tries to login to the remote server

119878119894via replaying the same message heshe cannot pass the

verification of the login request due to (119879lowast minus 119879) gt Δ119879 where119879lowast is the system time when the remote server 119878

119894receives

the replayed message Moreover if an attacker intercepts⟨119872411987261198727 119879119904⟩ and tries to replay the message to the user

119862119894 this kind of attack also can be prevented due to (119879lowastlowastminus119879

119904) gt

Δ119879

516 User Impersonation Attack In the login phase ofour scheme the message sent to remote server 119878

119894is

⟨11989211989411987221198723 119879⟩ instead of ⟨ID

11989411987221198723 119879⟩ where the userrsquos

identity ID119894is masked by hash function Even though an

attacker eavesdrops the message ⟨11989211989411987221198723 119879⟩ he cannot

derive the userrsquos identity ID119894 due to the one-way charac-

teristic of hash function In the authentication phase whenthe remote server 119878

119894receives the login request message

⟨11989211989411987221198723 119879⟩ it will check the validity of userrsquos identity

Since the attacker cannot derive legal userrsquos identity thecheck of userrsquos identity cannot pass which will result inthe termination of authentication phase Through the aboveanalysis we can see that user impersonation attack can beavoided in our scheme

517 Server Masquerading Attack If an attack 119860119894attempts

to masquerade as the legitimate server 119878119894 heshe must make

the forged replay message to the user when receiving theuserrsquos login request message ⟨119892

11989411987221198723 119879⟩ However the

forged replay message is more difficult to fake since thetime-stamped message ⟨119872

411987261198727 119879119904⟩ is sent to the user

119862119894when the remote server 119878

119894is receiving 119862


message ⟨11989211989411987221198723 119879⟩ Moreover the attacker 119860

119894cannot

masquerade as the server by forging the replay message⟨119872411987261198727 119879119904⟩ because 119860

119894cannot compute (119872

41198727)

sending to the user 119862119894without knowing the secret value

119883119904kept by the server 119878

119894 Hence the attacker 119860

119894cannot

masquerade as the legal server to the user by launching theserver masquerading attack

518 Insider Attack In the registration phase if the userrsquospassword PW

119894and the biometrics information119861

119894are revealed

to the server 119878119894 the insider of the server may directly obtain

PW119894and 119861

119894 and the insider impersonates as the user 119862

119894to

access the userrsquos other accounts in the server But in the loginphase of our scheme if the insider wants to access 119862

119894rsquos other

accounts heshe must input hisher smart card to the cardreader and provide his biometric information 119861

1015840

119894in order to

pass the verification 119889(119861119894 1198611015840119894) lt 120591 Since the insider cannot

provide the user 119862119894rsquos smart card the biometric verification

will be aborted So the insider attack can be prevented

519 Mutual Authentication As described above ourscheme can withstand the user impersonation attack andserver masquerading attack consequently our scheme canprovide mutual authentication between the user 119862

119894and


5110 Man-in-the-Middle Attack Man-in-the-middle attackmeans that an active attacker intercepts the communicationline between a legal user and the server and uses somemeansto successfully masquerade as both the server to the user andthe user to the server Then the user will believe that he istalking to the intended server and vice versa In our schemewhen a user 119862

119894wants to login to the remote server 119878

119894 mutual

authentication between the user 119862119894and remote server 119878

119894is

performed so man-in-the-middle attack can be prevented

52 Performance of the Proposed Scheme In this subsectionwe compare the performances of our improved schemewith those for Li-Hwangrsquos scheme [11] and Dasrsquos scheme[21] It is worth recalling that the protocol of Li-Hwangrsquosscheme [11] has security weaknesses against denial-of-serviceattack replay attack user impersonation attack and man-in-the-middle attack It is noted that Dasrsquos scheme [21] hassecurity weaknesses against denial-of-service attack userimpersonation attack replay attack server masqueradingattack and insider attack The security comparisons betweenour scheme and the schemes proposed by Li and Hwang [11]and Das [21] are summarized in Table 2 For the convenienceof evaluating the efficiency of related scheme we define thenotation 119879

ℎ the time of executing a one-way hash function

The efficiency comparison with related schemes is shown inTable 3 From the table we can see that our scheme is moreefficient than Dasrsquos scheme [21] Though our scheme is lessefficient than Li-Hwangrsquos scheme [11] it can provide bettersecurity against most attacks

6 Conclusion

This paper presents a biometric-based user authenticationscheme for clientserver system The method employs bio-metric keys and resists the threats of stolen-verifier of whichmany are logged-in users with the same login identity denial-of-service attack guessing attack insider attack replay attackuser impersonation attack server masquerading attack andman-in-the-middle attack Moreover the improved schemecan realize mutual authentication between the user andremote server The proposed scheme uses only hash functionand XOR operation which is efficient compared with thatof related protocols In addition the userrsquos password can bechanged freely using the proposed scheme Our proposedscheme provides strong authentication with the help of ver-ifying biometrics passwords and random nonces generatedby the user and server as compared to that of related schemes


Table 2 Security comparisons among related protocols

Item Our scheme Li-Hwangrsquos scheme [11] Dasrsquos scheme [21]Avoiding denial-of-service attack Yes No NoAvoiding stolen-verifier attack Yes Yes YesAvoiding many logged-in users attack Yes Yes YesAvoiding guessing attack Yes Yes NoAvoiding replay attack Yes No NoAvoiding user impersonation attack Yes No NoAvoiding server masquerading attack Yes No NoAvoiding man-in-the-middle attack Yes No YesAvoiding insider attack Yes No NoMutual authentication Yes No NoHaving flaws in password change No Yes Yes

Table 3 Efficiency comparison with related schemes

Different phase Li-HwangrsquosScheme [11]

Dasrsquosscheme [21] Our scheme

RegistrationUser computation cost 2119879

ℎmdash 4119879

ℎ

Server computation cost mdash 3119879ℎ

mdashLogin

User computation cost 3119879ℎ

3119879ℎ

3119879ℎ

Server computation cost mdash mdash mdashAuthentication


3119879ℎ

119879ℎ

Server computation cost 3119879ℎ

5119879ℎ

3119879ℎ

Conflict of Interests

The authors declare that there is no conflict of interestsregarding the publication of this paper

Acknowledgments

The authors would like to thank the valuable comments andsuggestions of the reviewersThiswork is supported in part byNational Natural Science Foundation of China (no 61370223)and by Science Research Project of Hubei Provincial Depart-ment of Education (XD2012374 and B2013024)

References

[1] M S Hwang and C Y Liu ldquoAuthenticated encryption schemescurrent status and key issuesrdquo International Journal of NetworkSecurity vol 1 no 2 pp 61ndash73 2005

[2] N-Y Lee and Y-C Chiu ldquoImproved remote authenticationscheme with smart cardrdquo Computer Standards and Interfacesvol 27 no 2 pp 177ndash180 2005

[3] C T Li ldquoAn enhanced remote user authentication schemeproviding mutual authentication and key agreement withSmart Cardsrdquo in Proceedings of the 5th International IEEEComputer Society Conference on Information Assurance andSecurity pp 517ndash520 Xirsquoan China 2009

[4] MKim andC K Koc ldquoA simple attack on a recently introducedhash-based strong-password authentication schemerdquo Interna-tional Journal of Network Security vol 1 no 2 pp 77ndash80 2005

[5] K H M Wong Z Yuan C Jiannong and W ShengweildquoA dynamic user authentication scheme for wireless sensornetworksrdquo in Proceedings of the IEEE International Conferenceon Sensor Networks Ubiquitous and Trustworthy Computing(SUTC rsquo06) pp 244ndash251 Taichung Taiwan June 2006

[6] H-R Tseng R-H Jan and W Yang ldquoAn improved dynamicuser authentication scheme for wireless sensor networksrdquo inProceedings of the 50th Annual IEEEGlobal TelecommunicationsConference (GLOBECOM rsquo07) pp 986ndash990 Washington DCUSA November 2007

[7] T H Lee ldquoSimple dynamic user authentication protocolsfor wireless sensor networksrdquo in Proceedings of the 2nd Inter-national Conference on Sensor Technologies and Application(SENSORCOMMrsquo08) pp 657ndash660CapEsterel FranceAugust2008

[8] L-C Ko ldquoA novel dynamic user authentication scheme forwireless sensor networksrdquo in Proceedings of the IEEE Interna-tional Symposium on Wireless Communication Systems (ISWCSrsquo08) pp 608ndash612 Reykjavik Iceland October 2008

[9] B Vaidya J J Rodrigues and J H Park ldquoUser authenticationschemes with pseudonymity for ubiquitous sensor network inNGNrdquo International Journal of Communication Systems vol 23no 9-10 pp 1201ndash1222 2010

[10] J Daemen and R V Rijndael ldquoThe advanced encryptionstandardrdquo Dr Dobbrsquos Journal vol 26 no 3 pp 137ndash139 2001

[11] C-T Li and M-S Hwang ldquoAn efficient biometrics-basedremote user authentication scheme using smart cardsrdquo Journalof Network and Computer Applications vol 33 no 1 pp 1ndash52010

[12] A K Jain A Ross and S Prabhakar ldquoAn introduction to bio-metric recognitionrdquo IEEE Transactions on Circuits and Systemsfor Video Technology vol 14 no 1 pp 4ndash20 2004

[13] D Maltoni D Maio A K Jain and S Prabhakar Handbook ofFingerprint Recognition Springer New York NY USA 2009

[14] S Prabhakar S Pankanti and A K Jain ldquoBiometric recogni-tion security and privacy concernsrdquo IEEE Security and Privacyvol 1 no 2 pp 33ndash42 2003

[15] A Prakash ldquoA biometric approach for continuous user authen-tication by fusing hard and soft traitsrdquo International Journal ofNetwork Security vol 16 no 1 pp 65ndash70 2014


[16] C K Dimitriadis and S A Shaikh ldquoA biometric authenticationprotocol for 3G mobile systems modelled and validated usingCSP and rank functionsrdquo International Journal of NetworkSecurity vol 5 no 1 pp 99ndash111 2007

[17] A Yang ldquoSecurity weaknesses and improvements of afingerprint-based remote user authentication scheme usingsmart cardsrdquo International Journal of Advancements inComputing Technology vol 4 no 3 pp 21ndash28 2012

[18] A N Younghwa ldquoSecurity analysis and enhancements of aneffective biometric-based remote user authentication schemeusing smart cardsrdquo Journal of Biomedicine and Biotechnologyvol 2012 Article ID 519723 6 pages 2012

[19] C-H Lin and Y-Y Lai ldquoA flexible biometrics remote userauthentication schemerdquoComputer Standards and Interfaces vol27 no 1 pp 19ndash23 2004


[21] A KDas ldquoAnalysis and improvement on an efficient biometric-based remote user authentication scheme using smart cardsrdquoIET Information Security vol 5 no 3 pp 145ndash151 2011

[22] J P Linnartz and P Tuyls ldquoNew shielding functions toenhance privacy and prevent misuse of biometric templatesrdquoin Proceedings of the Audio and Video-Based Biometric PersonAuthentication vol 2688 of Lecture Notes in Computer Sciencepp 393ndash402 2003

International Journal of

AerospaceEngineeringHindawi Publishing Corporationhttpwwwhindawicom Volume 2014

RoboticsJournal of

Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014


Active and Passive Electronic Components

Control Scienceand Engineering

Journal of



RotatingMachinery


Hindawi Publishing Corporation httpwwwhindawicom

Journal ofEngineeringVolume 2014

Submit your manuscripts athttpwwwhindawicom

VLSI Design



Shock and Vibration


Civil EngineeringAdvances in

Acoustics and VibrationAdvances in



Electrical and Computer Engineering

Journal of

Advances inOptoElectronics


Volume 2014

The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014

SensorsJournal of


Modelling amp Simulation in EngineeringHindawi Publishing Corporation httpwwwhindawicom Volume 2014


Chemical EngineeringInternational Journal of Antennas and

Propagation




Navigation and Observation



DistributedSensor Networks



Table 1 Notations used in the proposed scheme

Notation Description119862119894

Client119877119894

Trusted registration center119878119894

ServerPW119894

Password shared between 119862119894and 119878

119894

ID119894

Identity of the user 119862119894

119861119894

Biometric template of the user 119862119894

119889(∙) Symmetric parametric function120591 Predetermined threshold for biometric verificationℎ(∙) A secure one-way hash function119883119904

A secret information maintained by the server119877119888


119877119904


119860 119861 Data 119860 concatenates with data 119861119860 oplus 119861 XOR operation of 119860 and 119861

As a result biometric-based remote user authenticationsare inherently more reliable and secure than usual traditionalpassword-based remote user authentication schemes

In this paper we propose an improvement of Dasrsquosbiometric-based remote user authentication scheme usingsmart cards in order to withstand his design flaws Theremainder of this paper is organized as follows In Section 2we briefly review the Dasrsquos biometric-based remote userauthentication scheme using smart cards [21] In Section 3we analyze the design flaws in Dasrsquos scheme In Section 4 wepropose an improvement of the scheme in order to eliminatethe design flaws discussed in Section 3 Security analysis ofour scheme and performance comparison with other relatedschemes are implemented in Section 5 Finally we concludethe paper in Section 6

2 Review of DASrsquos Biometric-Based RemoteUser Authentication Scheme

In this section we review in brief Dasrsquos biometric-basedremote user authentication scheme [21] For describing theDasrsquos scheme [21] we use the notations shown in Table 1Dasrsquos scheme consists of the following four phases namelyregistration phase login phase authentication phase andchange password phase Details of each phase are given in thefollowing subsections

21 Registration Phase In order to login to the system theremote user 119862

119894needs to perform the following stages as


Step 1The user inputs hisher personal biometric119861119894on a spe-

cific device and offers hisher password PW119894and the identity

ID119894of the user to the registration center 119877

119894in person

119862119894

119878119894

(1)ID119894 119861119894 PW119894997888997888997888997888997888997888997888rarr

(2) Computes 119903119894and 119890

119894

119891119894= ℎ(119861

119894)

119903119894= ℎ(PW

119894) oplus 119891119894

119890119894= ℎ(ID

119894 119883119904) oplus 119903119894

(3)Smart card(ID119894 ℎ(sdot) 119891119894 119903119894 119890119894)larr997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888

Algorithm 1 Registration phase of Dasrsquos scheme


119894= ℎ(119861

119894)

119903119894= ℎ(PW

119894) oplus 119891119894 and 119890

119894= ℎ(ID

119894119883119904) oplus 119903119894 Here 119883

119904is secret

information generated by the server


loads(ID119894 ℎ(sdot) 119891

119894 119890119894 119903119894) on the userrsquos smart card and sends

the information to the user 119862119894via a secure channel

22 Login Phase In this phase if a user 119862119894wants to login to

the server 119878119894 heshe needs to perform the following steps as


Step 1 119862119894first inserts hisher smart card into the smart card

reader of a terminal and offers hisher personal biometrictemplate119861

119894 on the specific device to verify hisher biometric

Step 2 Next the userrsquos personal biometric template 119861119894is

matched against the template stored in the system

Step 3 If the above verification does not hold then 119862119894does

not pass the biometric verification and as a result the remoteuser authentication is terminated Otherwise on the otherhand if the abovementioned verification holds 119862

119894passes the

biometric verification and 119862119894then inputs hisher password

PW119894to perform Step 4

Step 4 The smart card computes 1199031015840119894= ℎ(PW

119894) oplus 119891119894 If 1199031015840119894

= 119903119894

then password verification fails and the client terminates thesession

Step 5 If 1199031015840119894= 119903119894 the smart card computes 119872

1= 119890119894oplus 1199031015840119894

which is equal to ℎ(ID119894 119883119904)1198722= 1198721oplus 119877119888 which is equal

to ℎ(ID119894 119883119904) oplus 119877119888 and 119872

3= ℎ(119877

119888) where 119877

119888is a random

number generated by the user

Step 6 Finally 119862119894sends the message ⟨ID

11989411987221198723⟩ to the


23 Authentication Phase After receiving the login requestmessage ⟨ID

11989411987221198723⟩ 119878119894performs the following steps as

shown in Algorithm 3 in order to authenticate whether theuser 119862



119862119894

119878119894




119894

(4) Computes 1199031015840119894= ℎ(PW

119894) oplus 119891119894

(5) Checks if 1199031015840119894= 119903119894


1198722= 1198721oplus 119877119888

1198723= ℎ(119877

119888)

(7)⟨ID119894 1198722 1198723⟩997888997888997888997888997888997888997888997888997888997888rarr


119862119894

119878119894



1198724= ℎ(ID

119894 119883119878)

1198725= 1198722oplus1198724


3


1198727= ℎ(119872

2 1198725)

1198728= ℎ(119877

119904)

(3)⟨1198727 1198726 1198728⟩larr997888997888997888997888997888997888997888997888997888997888


2 119877119888)


1198729= 1198726oplus1198721


8


119894


= ℎ(1198726 1198729)

(6)⟨11987210⟩997888997888997888997888997888rarr


= ℎ(1198726 119877119904)







119894rsquos ID119894


4=

ℎ(ID119894 119883119904) 1198725


ℎ(1198725) = 119872


119894rejects 119862

119894rsquos login


1198726= 1198724oplus 1198771199041198727= ℎ(119872

2 1198725) and119872

8= ℎ(119877

119904)


711987261198728⟩ to 119862

119894


whether 1198727

= ℎ(1198722



119894proceeds



8 If ℎ(119872

9) =1198728 119862119894terminates


10= ℎ(119872

6



119894



10=

ℎ(1198726 119877119904)


119894rsquos

login request













119894) oplus 119891119894

if 1199031015840119894


119894= 119903119894


= ℎ(PWnew119894

) oplus 119891119894 1198901015840119894=

119890119894oplus 119903119894(= ℎ(ID

119894 119883119904)) and 11989010158401015840

119894= 1198901015840119894oplus 119903119894


119894and 119903119894with 11990310158401015840

119894on the smart

card




119894

computes 119891119894= ℎ(119861

119894) and 119903

119894= ℎ(PW


119891119894and 119903


119894inserts







119894) = 119891






119894where 119862

119894identity is






119894 Once 119860

119894derives




119894computes1198721015840

4= ℎ(ID

119894 119883119904) and


5) = 119872

3is successful

Then 119878119894computes 1198721015840

6= 1198724oplus 119877119904 11987210158407= ℎ(119872

2 11987210158405) and

11987210158408


71198721015840611987210158408⟩ to 119862

119894


71198721015840611987210158408⟩ and



message ⟨1198721015840101584071198721015840611987210158408⟩ to 119862

119894 Obviously 11987210158401015840

7= ℎ(1198722 119877119888)


119894will


119894computes 1198721015840

9=


119894can verify 1198721015840

9=


10= ℎ(1198721015840

6



119894 On


119872101584010

= ℎ(1198726





1015840

5(=

1198722oplus1198724) = 119872

5 where119872

5is equal to 119877



5= 1198722oplus1198724

=



119894



5



5





119894) = 119891119894 then 1199031015840

119894= ℎ(PWold

119894) oplus 119891

119894



4 Proposed Scheme




in Algorithm 4


119862119894

119878119894

(1)ID119894 119861119894 PW119894997888997888997888997888997888997888997888rarr

(2) computes 119891119894 119892119894 119903119894and 119890

119894

119891119894= ℎ(119861

119894)

119892119894= ℎ(ID

119894)

119903119894= ℎ(PW

119894) oplus 119891119894

119890119894= ℎ(119892

119894 119883119904) oplus 119903119894




119894on



119894in person


119894= ℎ(119861

119894)

119892119894= ℎ(ID

119894) 119903119894= ℎ(PW

119894)oplus119891119894 and 119890

119894= ℎ(119892

119894 119883119904)oplus119903119894 Here119883

119904









Algorithm 5




119894 1198611015840

119894) gt 120591 the remote



to perform Step 2


119894)oplus119891119894 If119889(1199031015840

119894 119903119894) gt


1= 119890119894oplus 1199031015840119894


119888 119879) where 119877

119888is a



3= 1198721oplus1198722


11989411987221198723 119879⟩










4=






119894rejects119862



Step 3 119878119894computes 119872

6= ℎ(119877

119904 119879119904) and 119872

7= 1198724oplus 1198726


119894 and then

119878119894sends message ⟨119872

411987261198727 119879119904⟩ to the user 119862

119894



119904by verifying



8= 119872

4oplus 1198727




next step

Step 5119862119894computes119872




119894 otherwise


10= ℎ(119877

119888 1198791015840) where 1198791015840 is the


11=


11 119877119888 1198791015840⟩ to the remote

server 119878119894


11 119877119888 1198791015840⟩ at


119894computes 119872

12= ℎ(119877


11987213


13 then 119878

119894verifies

whether 11987213

= 11987211 If it holds 119878

119894accepts 119862









1198911015840119894= ℎ(1198611015840


119894 119891119894) le 120591 where

119891119894= ℎ(119861



119894and new




119894) oplus 1198911015840119894and checks

119889(1199031015840119894 119903119894) le 120591 where 119903



119894= ℎ(PWnew

119894) oplus

119891119894 1198901015840119894= 119890119894oplus 119903119894(= ℎ(ID

119894 119883119904)) and 11989010158401015840

119894= 1198901015840119894oplus 119903119894


119894and 119903119894with 11990310158401015840

119894on the smart

card


119862119894

119878119894



119894) lt 120591


119894

(4) Computes 1199031015840119894= ℎ(PW


119894 1199031015840119894) lt 120591


1198722= ℎ(119877

119888 119879)

1198723= 1198721oplus1198722

(6)⟨119892119894 1198722 1198723 119879⟩997888997888997888997888997888997888997888997888997888997888997888rarr


119862119894

119878119894

(1) When receiving ⟨11989211989411987221198723 119879⟩


(2) 119878119894computes119872

4= ℎ (119892

119894 119883119904)


5= 1198722

(3) 119878119894computes119872

6= ℎ(119877

119904 119879119904)

1198727= 1198724oplus1198726

⟨1198724 1198726 1198727 119879119904 ⟩larr997888997888997888997888997888997888997888997888997888997888997888997888997888

(4) When receiving ⟨1198724 1198726 1198727 119879119904⟩



8= 1198726

(5) 119862119894computes119872


9= 1198727 computes119872

10= ℎ(119877

119888 1198791015840) and

then11987211

= 1198727oplus11987210

⟨11987211 119877119888 1198791015840⟩

997888997888997888997888997888997888997888997888997888997888rarr




= ℎ(119877119888 1198791015840)

11987213


13= 11987211







119894 1198611015840119894) gt 120591 instead



119894= 119903119894 So



119894does





119894









119894receives



119904) gt

Δ119879


119894is

⟨11989211989411987221198723 119879⟩ instead of ⟨ID












11989411987221198723 119879⟩ However the







119894cannot



41198727)




119894cannot




119894are revealed


PW119894and 119861


119894to


119894rsquos other


1015840

119894in order to





119894and




119894 mutual


119894is





6 Conclusion









ℎmdash 4119879

ℎ


mdashLogin


3119879ℎ

3119879ℎ



3119879ℎ

119879ℎ


5119879ℎ

3119879ℎ



Acknowledgments


References


























RoboticsJournal of





Journal of



RotatingMachinery





VLSI Design



Shock and Vibration







Journal of



Volume 2014


SensorsJournal of





Propagation










119862119894

119878119894




119894

(4) Computes 1199031015840119894= ℎ(PW

119894) oplus 119891119894

(5) Checks if 1199031015840119894= 119903119894


1198722= 1198721oplus 119877119888

1198723= ℎ(119877

119888)

(7)⟨ID119894 1198722 1198723⟩997888997888997888997888997888997888997888997888997888997888rarr


119862119894

119878119894



1198724= ℎ(ID

119894 119883119878)

1198725= 1198722oplus1198724


3


1198727= ℎ(119872

2 1198725)

1198728= ℎ(119877

119904)

(3)⟨1198727 1198726 1198728⟩larr997888997888997888997888997888997888997888997888997888997888


2 119877119888)


1198729= 1198726oplus1198721


8


119894


= ℎ(1198726 1198729)

(6)⟨11987210⟩997888997888997888997888997888rarr


= ℎ(1198726 119877119904)







119894rsquos ID119894


4=

ℎ(ID119894 119883119904) 1198725


ℎ(1198725) = 119872


119894rejects 119862

119894rsquos login


1198726= 1198724oplus 1198771199041198727= ℎ(119872

2 1198725) and119872

8= ℎ(119877

119904)


711987261198728⟩ to 119862

119894


whether 1198727

= ℎ(1198722



119894proceeds



8 If ℎ(119872

9) =1198728 119862119894terminates


10= ℎ(119872

6



119894



10=

ℎ(1198726 119877119904)


119894rsquos

login request













119894) oplus 119891119894

if 1199031015840119894


119894= 119903119894


= ℎ(PWnew119894

) oplus 119891119894 1198901015840119894=

119890119894oplus 119903119894(= ℎ(ID

119894 119883119904)) and 11989010158401015840

119894= 1198901015840119894oplus 119903119894


119894and 119903119894with 11990310158401015840

119894on the smart

card




119894

computes 119891119894= ℎ(119861

119894) and 119903

119894= ℎ(PW


119891119894and 119903


119894inserts







119894) = 119891






119894where 119862

119894identity is






119894 Once 119860

119894derives




119894computes1198721015840

4= ℎ(ID

119894 119883119904) and


5) = 119872

3is successful

Then 119878119894computes 1198721015840

6= 1198724oplus 119877119904 11987210158407= ℎ(119872

2 11987210158405) and

11987210158408


71198721015840611987210158408⟩ to 119862

119894


71198721015840611987210158408⟩ and



message ⟨1198721015840101584071198721015840611987210158408⟩ to 119862

119894 Obviously 11987210158401015840

7= ℎ(1198722 119877119888)


119894will


119894computes 1198721015840

9=


119894can verify 1198721015840

9=


10= ℎ(1198721015840

6



119894 On


119872101584010

= ℎ(1198726





1015840

5(=

1198722oplus1198724) = 119872

5 where119872

5is equal to 119877



5= 1198722oplus1198724

=



119894



5



5





119894) = 119891119894 then 1199031015840

119894= ℎ(PWold

119894) oplus 119891

119894



4 Proposed Scheme




in Algorithm 4


119862119894

119878119894

(1)ID119894 119861119894 PW119894997888997888997888997888997888997888997888rarr

(2) computes 119891119894 119892119894 119903119894and 119890

119894

119891119894= ℎ(119861

119894)

119892119894= ℎ(ID

119894)

119903119894= ℎ(PW

119894) oplus 119891119894

119890119894= ℎ(119892

119894 119883119904) oplus 119903119894




119894on



119894in person


119894= ℎ(119861

119894)

119892119894= ℎ(ID

119894) 119903119894= ℎ(PW

119894)oplus119891119894 and 119890

119894= ℎ(119892

119894 119883119904)oplus119903119894 Here119883

119904









Algorithm 5




119894 1198611015840

119894) gt 120591 the remote



to perform Step 2


119894)oplus119891119894 If119889(1199031015840

119894 119903119894) gt


1= 119890119894oplus 1199031015840119894


119888 119879) where 119877

119888is a



3= 1198721oplus1198722


11989411987221198723 119879⟩










4=






119894rejects119862



Step 3 119878119894computes 119872

6= ℎ(119877

119904 119879119904) and 119872

7= 1198724oplus 1198726


119894 and then

119878119894sends message ⟨119872

411987261198727 119879119904⟩ to the user 119862

119894



119904by verifying



8= 119872

4oplus 1198727




next step

Step 5119862119894computes119872




119894 otherwise


10= ℎ(119877

119888 1198791015840) where 1198791015840 is the


11=


11 119877119888 1198791015840⟩ to the remote

server 119878119894


11 119877119888 1198791015840⟩ at


119894computes 119872

12= ℎ(119877


11987213


13 then 119878

119894verifies

whether 11987213

= 11987211 If it holds 119878

119894accepts 119862









1198911015840119894= ℎ(1198611015840


119894 119891119894) le 120591 where

119891119894= ℎ(119861



119894and new




119894) oplus 1198911015840119894and checks

119889(1199031015840119894 119903119894) le 120591 where 119903



119894= ℎ(PWnew

119894) oplus

119891119894 1198901015840119894= 119890119894oplus 119903119894(= ℎ(ID

119894 119883119904)) and 11989010158401015840

119894= 1198901015840119894oplus 119903119894


119894and 119903119894with 11990310158401015840

119894on the smart

card


119862119894

119878119894



119894) lt 120591


119894

(4) Computes 1199031015840119894= ℎ(PW


119894 1199031015840119894) lt 120591


1198722= ℎ(119877

119888 119879)

1198723= 1198721oplus1198722

(6)⟨119892119894 1198722 1198723 119879⟩997888997888997888997888997888997888997888997888997888997888997888rarr


119862119894

119878119894

(1) When receiving ⟨11989211989411987221198723 119879⟩


(2) 119878119894computes119872

4= ℎ (119892

119894 119883119904)


5= 1198722

(3) 119878119894computes119872

6= ℎ(119877

119904 119879119904)

1198727= 1198724oplus1198726

⟨1198724 1198726 1198727 119879119904 ⟩larr997888997888997888997888997888997888997888997888997888997888997888997888997888

(4) When receiving ⟨1198724 1198726 1198727 119879119904⟩



8= 1198726

(5) 119862119894computes119872


9= 1198727 computes119872

10= ℎ(119877

119888 1198791015840) and

then11987211

= 1198727oplus11987210

⟨11987211 119877119888 1198791015840⟩

997888997888997888997888997888997888997888997888997888997888rarr




= ℎ(119877119888 1198791015840)

11987213


13= 11987211







119894 1198611015840119894) gt 120591 instead



119894= 119903119894 So



119894does





119894









119894receives



119904) gt

Δ119879


119894is

⟨11989211989411987221198723 119879⟩ instead of ⟨ID












11989411987221198723 119879⟩ However the







119894cannot



41198727)




119894cannot




119894are revealed


PW119894and 119861


119894to


119894rsquos other


1015840

119894in order to





119894and




119894 mutual


119894is





6 Conclusion









ℎmdash 4119879

ℎ


mdashLogin


3119879ℎ

3119879ℎ



3119879ℎ

119879ℎ


5119879ℎ

3119879ℎ



Acknowledgments


References


























RoboticsJournal of





Journal of



RotatingMachinery





VLSI Design



Shock and Vibration







Journal of



Volume 2014


SensorsJournal of





Propagation


















119894) oplus 119891119894

if 1199031015840119894


119894= 119903119894


= ℎ(PWnew119894

) oplus 119891119894 1198901015840119894=

119890119894oplus 119903119894(= ℎ(ID

119894 119883119904)) and 11989010158401015840

119894= 1198901015840119894oplus 119903119894


119894and 119903119894with 11990310158401015840

119894on the smart

card




119894

computes 119891119894= ℎ(119861

119894) and 119903

119894= ℎ(PW


119891119894and 119903


119894inserts







119894) = 119891






119894where 119862

119894identity is






119894 Once 119860

119894derives




119894computes1198721015840

4= ℎ(ID

119894 119883119904) and


5) = 119872

3is successful

Then 119878119894computes 1198721015840

6= 1198724oplus 119877119904 11987210158407= ℎ(119872

2 11987210158405) and

11987210158408


71198721015840611987210158408⟩ to 119862

119894


71198721015840611987210158408⟩ and



message ⟨1198721015840101584071198721015840611987210158408⟩ to 119862

119894 Obviously 11987210158401015840

7= ℎ(1198722 119877119888)


119894will


119894computes 1198721015840

9=


119894can verify 1198721015840

9=


10= ℎ(1198721015840

6



119894 On


119872101584010

= ℎ(1198726





1015840

5(=

1198722oplus1198724) = 119872

5 where119872

5is equal to 119877



5= 1198722oplus1198724

=



119894



5



5





119894) = 119891119894 then 1199031015840

119894= ℎ(PWold

119894) oplus 119891

119894



4 Proposed Scheme




in Algorithm 4


119862119894

119878119894

(1)ID119894 119861119894 PW119894997888997888997888997888997888997888997888rarr

(2) computes 119891119894 119892119894 119903119894and 119890

119894

119891119894= ℎ(119861

119894)

119892119894= ℎ(ID

119894)

119903119894= ℎ(PW

119894) oplus 119891119894

119890119894= ℎ(119892

119894 119883119904) oplus 119903119894




119894on



119894in person


119894= ℎ(119861

119894)

119892119894= ℎ(ID

119894) 119903119894= ℎ(PW

119894)oplus119891119894 and 119890

119894= ℎ(119892

119894 119883119904)oplus119903119894 Here119883

119904









Algorithm 5




119894 1198611015840

119894) gt 120591 the remote



to perform Step 2


119894)oplus119891119894 If119889(1199031015840

119894 119903119894) gt


1= 119890119894oplus 1199031015840119894


119888 119879) where 119877

119888is a



3= 1198721oplus1198722


11989411987221198723 119879⟩










4=






119894rejects119862



Step 3 119878119894computes 119872

6= ℎ(119877

119904 119879119904) and 119872

7= 1198724oplus 1198726


119894 and then

119878119894sends message ⟨119872

411987261198727 119879119904⟩ to the user 119862

119894



119904by verifying



8= 119872

4oplus 1198727




next step

Step 5119862119894computes119872




119894 otherwise


10= ℎ(119877

119888 1198791015840) where 1198791015840 is the


11=


11 119877119888 1198791015840⟩ to the remote

server 119878119894


11 119877119888 1198791015840⟩ at


119894computes 119872

12= ℎ(119877


11987213


13 then 119878

119894verifies

whether 11987213

= 11987211 If it holds 119878

119894accepts 119862









1198911015840119894= ℎ(1198611015840


119894 119891119894) le 120591 where

119891119894= ℎ(119861



119894and new




119894) oplus 1198911015840119894and checks

119889(1199031015840119894 119903119894) le 120591 where 119903



119894= ℎ(PWnew

119894) oplus

119891119894 1198901015840119894= 119890119894oplus 119903119894(= ℎ(ID

119894 119883119904)) and 11989010158401015840

119894= 1198901015840119894oplus 119903119894


119894and 119903119894with 11990310158401015840

119894on the smart

card


119862119894

119878119894



119894) lt 120591


119894

(4) Computes 1199031015840119894= ℎ(PW


119894 1199031015840119894) lt 120591


1198722= ℎ(119877

119888 119879)

1198723= 1198721oplus1198722

(6)⟨119892119894 1198722 1198723 119879⟩997888997888997888997888997888997888997888997888997888997888997888rarr


119862119894

119878119894

(1) When receiving ⟨11989211989411987221198723 119879⟩


(2) 119878119894computes119872

4= ℎ (119892

119894 119883119904)


5= 1198722

(3) 119878119894computes119872

6= ℎ(119877

119904 119879119904)

1198727= 1198724oplus1198726

⟨1198724 1198726 1198727 119879119904 ⟩larr997888997888997888997888997888997888997888997888997888997888997888997888997888

(4) When receiving ⟨1198724 1198726 1198727 119879119904⟩



8= 1198726

(5) 119862119894computes119872


9= 1198727 computes119872

10= ℎ(119877

119888 1198791015840) and

then11987211

= 1198727oplus11987210

⟨11987211 119877119888 1198791015840⟩

997888997888997888997888997888997888997888997888997888997888rarr




= ℎ(119877119888 1198791015840)

11987213


13= 11987211







119894 1198611015840119894) gt 120591 instead



119894= 119903119894 So



119894does





119894









119894receives



119904) gt

Δ119879


119894is

⟨11989211989411987221198723 119879⟩ instead of ⟨ID












11989411987221198723 119879⟩ However the







119894cannot



41198727)




119894cannot




119894are revealed


PW119894and 119861


119894to


119894rsquos other


1015840

119894in order to





119894and




119894 mutual


119894is





6 Conclusion









ℎmdash 4119879

ℎ


mdashLogin


3119879ℎ

3119879ℎ



3119879ℎ

119879ℎ


5119879ℎ

3119879ℎ



Acknowledgments


References


























RoboticsJournal of





Journal of



RotatingMachinery





VLSI Design



Shock and Vibration







Journal of



Volume 2014


SensorsJournal of





Propagation










119862119894

119878119894

(1)ID119894 119861119894 PW119894997888997888997888997888997888997888997888rarr

(2) computes 119891119894 119892119894 119903119894and 119890

119894

119891119894= ℎ(119861

119894)

119892119894= ℎ(ID

119894)

119903119894= ℎ(PW

119894) oplus 119891119894

119890119894= ℎ(119892

119894 119883119904) oplus 119903119894




119894on



119894in person


119894= ℎ(119861

119894)

119892119894= ℎ(ID

119894) 119903119894= ℎ(PW

119894)oplus119891119894 and 119890

119894= ℎ(119892

119894 119883119904)oplus119903119894 Here119883

119904









Algorithm 5




119894 1198611015840

119894) gt 120591 the remote



to perform Step 2


119894)oplus119891119894 If119889(1199031015840

119894 119903119894) gt


1= 119890119894oplus 1199031015840119894


119888 119879) where 119877

119888is a



3= 1198721oplus1198722


11989411987221198723 119879⟩










4=






119894rejects119862



Step 3 119878119894computes 119872

6= ℎ(119877

119904 119879119904) and 119872

7= 1198724oplus 1198726


119894 and then

119878119894sends message ⟨119872

411987261198727 119879119904⟩ to the user 119862

119894



119904by verifying



8= 119872

4oplus 1198727




next step

Step 5119862119894computes119872




119894 otherwise


10= ℎ(119877

119888 1198791015840) where 1198791015840 is the


11=


11 119877119888 1198791015840⟩ to the remote

server 119878119894


11 119877119888 1198791015840⟩ at


119894computes 119872

12= ℎ(119877


11987213


13 then 119878

119894verifies

whether 11987213

= 11987211 If it holds 119878

119894accepts 119862









1198911015840119894= ℎ(1198611015840


119894 119891119894) le 120591 where

119891119894= ℎ(119861



119894and new




119894) oplus 1198911015840119894and checks

119889(1199031015840119894 119903119894) le 120591 where 119903



119894= ℎ(PWnew

119894) oplus

119891119894 1198901015840119894= 119890119894oplus 119903119894(= ℎ(ID

119894 119883119904)) and 11989010158401015840

119894= 1198901015840119894oplus 119903119894


119894and 119903119894with 11990310158401015840

119894on the smart

card


119862119894

119878119894



119894) lt 120591


119894

(4) Computes 1199031015840119894= ℎ(PW


119894 1199031015840119894) lt 120591


1198722= ℎ(119877

119888 119879)

1198723= 1198721oplus1198722

(6)⟨119892119894 1198722 1198723 119879⟩997888997888997888997888997888997888997888997888997888997888997888rarr


119862119894

119878119894

(1) When receiving ⟨11989211989411987221198723 119879⟩


(2) 119878119894computes119872

4= ℎ (119892

119894 119883119904)


5= 1198722

(3) 119878119894computes119872

6= ℎ(119877

119904 119879119904)

1198727= 1198724oplus1198726

⟨1198724 1198726 1198727 119879119904 ⟩larr997888997888997888997888997888997888997888997888997888997888997888997888997888

(4) When receiving ⟨1198724 1198726 1198727 119879119904⟩



8= 1198726

(5) 119862119894computes119872


9= 1198727 computes119872

10= ℎ(119877

119888 1198791015840) and

then11987211

= 1198727oplus11987210

⟨11987211 119877119888 1198791015840⟩

997888997888997888997888997888997888997888997888997888997888rarr




= ℎ(119877119888 1198791015840)

11987213


13= 11987211







119894 1198611015840119894) gt 120591 instead



119894= 119903119894 So



119894does





119894









119894receives



119904) gt

Δ119879


119894is

⟨11989211989411987221198723 119879⟩ instead of ⟨ID












11989411987221198723 119879⟩ However the







119894cannot



41198727)




119894cannot




119894are revealed


PW119894and 119861


119894to


119894rsquos other


1015840

119894in order to





119894and




119894 mutual


119894is





6 Conclusion









ℎmdash 4119879

ℎ


mdashLogin


3119879ℎ

3119879ℎ



3119879ℎ

119879ℎ


5119879ℎ

3119879ℎ



Acknowledgments


References


























RoboticsJournal of





Journal of



RotatingMachinery





VLSI Design



Shock and Vibration







Journal of



Volume 2014


SensorsJournal of





Propagation










119862119894

119878119894



119894) lt 120591


119894

(4) Computes 1199031015840119894= ℎ(PW


119894 1199031015840119894) lt 120591


1198722= ℎ(119877

119888 119879)

1198723= 1198721oplus1198722

(6)⟨119892119894 1198722 1198723 119879⟩997888997888997888997888997888997888997888997888997888997888997888rarr


119862119894

119878119894

(1) When receiving ⟨11989211989411987221198723 119879⟩


(2) 119878119894computes119872

4= ℎ (119892

119894 119883119904)


5= 1198722

(3) 119878119894computes119872

6= ℎ(119877

119904 119879119904)

1198727= 1198724oplus1198726

⟨1198724 1198726 1198727 119879119904 ⟩larr997888997888997888997888997888997888997888997888997888997888997888997888997888

(4) When receiving ⟨1198724 1198726 1198727 119879119904⟩



8= 1198726

(5) 119862119894computes119872


9= 1198727 computes119872

10= ℎ(119877

119888 1198791015840) and

then11987211

= 1198727oplus11987210

⟨11987211 119877119888 1198791015840⟩

997888997888997888997888997888997888997888997888997888997888rarr




= ℎ(119877119888 1198791015840)

11987213


13= 11987211







119894 1198611015840119894) gt 120591 instead



119894= 119903119894 So



119894does





119894









119894receives



119904) gt

Δ119879


119894is

⟨11989211989411987221198723 119879⟩ instead of ⟨ID












11989411987221198723 119879⟩ However the







119894cannot



41198727)




119894cannot




119894are revealed


PW119894and 119861


119894to


119894rsquos other


1015840

119894in order to





119894and




119894 mutual


119894is





6 Conclusion









ℎmdash 4119879

ℎ


mdashLogin


3119879ℎ

3119879ℎ



3119879ℎ

119879ℎ


5119879ℎ

3119879ℎ



Acknowledgments


References


























RoboticsJournal of





Journal of



RotatingMachinery





VLSI Design



Shock and Vibration







Journal of



Volume 2014


SensorsJournal of





Propagation














119894receives



119904) gt

Δ119879


119894is

⟨11989211989411987221198723 119879⟩ instead of ⟨ID












11989411987221198723 119879⟩ However the







119894cannot



41198727)




119894cannot




119894are revealed


PW119894and 119861


119894to


119894rsquos other


1015840

119894in order to





119894and




119894 mutual


119894is





6 Conclusion









ℎmdash 4119879

ℎ


mdashLogin


3119879ℎ

3119879ℎ



3119879ℎ

119879ℎ


5119879ℎ

3119879ℎ



Acknowledgments


References


























RoboticsJournal of





Journal of



RotatingMachinery





VLSI Design



Shock and Vibration







Journal of



Volume 2014


SensorsJournal of





Propagation
















ℎmdash 4119879

ℎ


mdashLogin


3119879ℎ

3119879ℎ



3119879ℎ

119879ℎ


5119879ℎ

3119879ℎ



Acknowledgments


References


























RoboticsJournal of





Journal of



RotatingMachinery





VLSI Design



Shock and Vibration







Journal of



Volume 2014


SensorsJournal of





Propagation



















RoboticsJournal of





Journal of



RotatingMachinery





VLSI Design



Shock and Vibration







Journal of



Volume 2014


SensorsJournal of





Propagation









research article an improved biometric-based user...

Documents