Cryptanalysis and improvement on anonymous three-factor authentication scheme for mobile networks☆
Graphical abstract
Introduction
With the rapid development of science and technology, mobile network communication has become more and more popular in our daily life, such as the usage of personal digital assistant (PDA), smart phones and tablet personal computers, etc. However, it is well known that these open environments suffer from various security risks, which can be significantly reduced by applying a secure remote user authentication protocol in mobile network. Many authentication and key agreement schemes based on password and smart card have been proposed. Furthermore, based on the advantages of using biometrics, such as voiceprint, faces, fingerprints, palm-prints, hand geometry, a variety of three-factor authentication protocols have been proposed in the past decade [1], [2], [3].
In 2002, Lee et al. [4] introduced a fingerprint-based remote user authentication protocol by using smart card and claimed that their scheme can resist the impersonation attack and the replay attack. Unfortunately, Lin et al. [5] pointed out that Lee et al.’s scheme is vulnerable to the impersonation attack. To enhance the security, they proposed an improved authentication scheme based on fingerprint and claimed that their protocol is secure against the weaknesses of Lee et al.’s scheme. However, Yoon et al. [6] demonstrated that Lin et al.’s protocol is still vulnerable to the impersonation attack. Moreover, they proposed a new fingerprint-based authentication protocol to fix this problem. Nevertheless, Lee and Kwon [7] showed that Yoon et al.’s protocol is insecure against the impersonation attack. The adversary can login the registration center using the valid messages and then impersonate other legal users. Lee and Kwon also presented an improved three-factor remote user authentication protocol and argued that their scheme is resistant to the impersonation attack and more efficient than other related schemes. Later on, Kim et al. [8] proposed ID-based password authentication protocol using fingerprints and smart cards. But Scott [9] found out that an adversary could impersonate a legal user and successfully login to the remote server without using the password, the smart card or even the fingerprint. In 2007, Bhargav-Spantzel et al. [10] introduced a biometrics-based multi-factor user authentication scheme. Unfortunately, Fan and Lin [11] pointed out that Bhargav-Spantzel et al.’s scheme needs to perform modular exponentiation computations in the authentication phase and thus is not suitable for smart card environments, and they presented an efficient three-factor authentication protocol with privacy protection. But Yeh et al. [12] demonstrated that Fan and Lin's scheme is insecure against the insider attack, the modification attack and the stolen-verifier attack. To overcome these weaknesses, Yeh et al. proposed an elliptic curve cryptography (ECC) based user authentication protocol.
In order to eliminate the clock synchronization problem, Li and Hwang [13] presented a biometrics-based authentication protocol using smart cards and random numbers instead of timestamps. Nevertheless, Das [14] showed that their protocol had some design flaws and proposed an improved authentication scheme to fix these flaws. Li et al. [15] found out that Li and Hwang's scheme is still susceptible to the man-in-the-middle attack and proposed an improved biometrics-based session key agreement scheme. After that, An [16] found out that Das's scheme still suffered from the insider attack, the password guessing attack and the impersonation attack, etc. To strengthen the security, An proposed an enhanced user authentication protocol. However, Khan et al. [17] and Chaturvedi et al. [18] independently showed that An's protocol is insecure against the impersonation attack, the password guessing attack, the man-in-the-middle attack and the replay attack. To conquer the mentioned weaknesses, Khan et al. proposed an anonymous biometrics-based user authentication protocol, Chaturvedi et al. also proposed an improved three-factor key agreement protocol using biometrics and smart card. Unfortunately, Sarvabhatla et al. [19] and Wen et al. [20] demonstrated that Khan et al.’s protocol is vulnerable to the impersonation attack, the off-line password guessing attack and the server masquerading attack, respectively. Sarvabhatla et al. and Wen et al. also proposed improved protocols to resolve these problems.
Very recently, Wu et al. [21] argued that Yeh et al.’s scheme [12] and Khan et al.’s scheme [22] are susceptible to the server spoofing attack, the impersonation attack and the de-synchronization attack, respectively. To strengthen the security, Wu et al. proposed a new biometrics-based three-factor user authentication protocol and claimed to be both secure and practical. However, we found out that Wu et al.’s scheme cannot withstand the impersonation attack, and we will propose an improvement of their scheme in this paper.
The remainder of the paper is organized as follows. We review and cryptanalyze Wu et al.’s scheme in Sections 2 and 3. The specification of an improved three-factor authentication scheme for mobile client-server networks is given in Section 4. Formal verification, security analysis and comparisons are presented in Sections 5 and 6. Then we evaluate the performance of the proposed scheme in Section 7. We conclude the paper in Section 8.
Section snippets
Review of wu et al.’s scheme
Wu et al.’s scheme consists of five phases: initialization phase, registration phase, login phase, authentication phase and password change phase. The login and authentication phase are shown in Fig. 1. For the convenience, the notations we used in this paper are summarized in Table 1.
Impersonation attack on wu et al.’s scheme
Wu et al. claimed that their scheme satisfies three-factor authentication: even if an adversary can know all information stored in mobile device or can get two-factor of Ui, the security is still preserved. However, the following analysis shows that the scheme is insecure against the impersonation attack.
Assume that an adversary A is an insider user, and can get the user Ui’s identity IDi and {T1, T2, P, λi, ei} from the user Ui’s mobile device, then A can compute B2 = h(IDi||ei) and launch the
The proposed scheme
In this section, we propose an improved three-factor authentication scheme to fix the weakness of Wu et al.’s scheme. Our scheme consists of three phases: registration phase, login and authentication phase, and password change phase.
Formal verification
In order to prove the security of cryptographic protocols, researchers generally prefer to adopt either the formal verification or the formal security proof. The latter is artificial structured, complex and difficult, and not easy to find the errors; while the former is performed automatically, and the mistakes can be found out easily. Formal verification tools have some candidates like Burrows–Abadi–Needham (BAN) logic, Automated Validation of Internet Security Protocols and Applications
Security analysis and comparison
In this section, we will analyze the security of our presented scheme. Moreover, we will make a security comparison with some other related schemes and show that the proposed scheme achieves a higher security level.
Performance analysis
In this section, we will compare the computational cost of the proposed scheme with other related protocols. In performance comparison, we mainly focus on computations of the login and authentication phase, since it is the main body of an authentication scheme. We use the following notations in our analysis: H is the time complexity of one hash function evaluation, PM is the time complexity of one scalar multiplication operation of elliptic curve, SY is the time complexity of one symmetric key
Conclusions
In order to solve the security weaknesses of previous biometrics based three-factor authentication schemes, Wu et al. proposed a novel biometrics-based scheme with ECC and the mobile device by using fuzzy extractor. The advantage is that their scheme use user's biometrics to transmit the user's identity and the authentication message in confidential manner, which can achieve anonymous and authentication, and solve the de-synchronization attack, reduce the computation cost.
However, we analyzed
Acknowledgements
This research was supported by Natural Science Foundations of Zhejiang Province (No. LZ12F02005), and the Major State Basic Research Development (973) Program of China (No.2013CB834205).
Qi Xie received his ph.D. degree from Zhejiang University, China, in 2005. He served as a professor at Hangzhou Normal University since 2006, and was a visiting scholar at University of Birmingham in UK from 2009 to 2010 and at City University of Hong Kong in 2012. He has published over 60 research papers in the area of applied cryptography.
References (25)
- et al.
A more efficient and secure ID-based remote mutual authentication with key agreement scheme for mobile devices on elliptic curve cryptosystem
J Syst Softw
(2011) - et al.
A secure remote user mutual authentication scheme using smart cards
J Inform Secur Appl
(2014) - et al.
An efficient biometrics-based remote user authentication scheme using smart cards
J Netw Comput Appl
(2010) - et al.
Cryptanalysis and improvement of a biometrics-based remote user authentication scheme using smart cards
J Netw Comput Appl
(2011) - et al.
A secure and efficient identity-based authenticated key exchange protocol for mobile client–server networks
J Supercomput
(2014) - et al.
Fingerprint-based remote user authentication scheme using smart cards
Elect Lett
(2002) - et al.
A fingerprint-based user authentication scheme for multimedia systems
- et al.
A new efficient fingerprint-based remote user authentication scheme for multimedia systems
- et al.
An improved fingerprint-based remote user authentication scheme using smart cards
- et al.
ID-based password authentication scheme using smart cards and fingerprints
ACM SIGOPS Oper Syst Rev
(2003)
Cryptanalysis of an ID-based password authentication scheme using smart cards and fingerprints
ACM SIGOPS Oper Syst Rev
Privacy preserving multi-factor authentication with biometrics
J Comput Secur
Cited by (25)
Cryptanalysis and improvement of a two-factor user authentication scheme for smart home
2021, Journal of Information Security and ApplicationsCitation Excerpt :For the formal security verification of the authentication scheme, there are various tools available such as ProVerif and Automated Validation of Internet Security Protocols and Applications (AVISPA). In this paper, we have used ProVerif for the proposed scheme which is based on Dolev–Yao model [32] and is able to handle many cryptographic primitives unlike AVISPA [39]. Below is the code for ProVerif and its output.
A robust authentication and access control protocol for securing wireless healthcare sensor networks
2020, Journal of Information Security and ApplicationsCitation Excerpt :Wu et al. stated that there scheme is secure against all known attacks and is secure against Insider attack, Off-line guessing attack, User impersonation attack, Server spoofing attack, Known-key attack and provides User anonymity. However, Xie et al. [34] identified that Wu et al.’s scheme is vulnerable against Impersonation attack. Xie et al. stated that their scheme is secure against Replay attack, Off-line password guessing attack, Privileged insider attack, Impersonation attack, Stolen-verifier attack, Man-in-the-middle attack and provides User anonymity, Session key security and Mutual authentication.
Secure and efficient two-factor zero-knowledge authentication solution for access control systems
2018, Computers and SecurityCitation Excerpt :Their proposed authentication scheme needs 2 scalar multiplications on Fp, 1 symmetric encryption and 11 hash functions on a smart card side. However, Xie et al. (2017) demonstrate that Wu scheme cannot resist an impersonation attack. Further, there are several strongly secure authentication schemes with smart cards that provide advanced security features, e.g. user privacy, attribute authentication, mutual authentication and authenticated key agreement, forward secrecy.
An efficient ECC-based provably secure three-factor user authentication and key agreement protocol for wireless healthcare sensor networks
2018, Computers and Electrical EngineeringCitation Excerpt :Their scheme provides forward security as well as the user’s privacy. However, Xie et al. [11] showed that Wu et al.’s scheme [10] is vulnerable to an impersonation attack as the de/encryption key of the server and the user can be computed by an adversary. Furthermore, Arshad and Nikooghadam [12] proposed an efficient three-factor anonymous authentication and key agreement scheme for the telecare medicine information systems.
An efficient three-factor authentication protocol for wireless healthcare sensor networks
2024, Multimedia Tools and ApplicationsS-method: secure multimedia encryption technique in cloud environment
2024, Multimedia Tools and Applications
Qi Xie received his ph.D. degree from Zhejiang University, China, in 2005. He served as a professor at Hangzhou Normal University since 2006, and was a visiting scholar at University of Birmingham in UK from 2009 to 2010 and at City University of Hong Kong in 2012. He has published over 60 research papers in the area of applied cryptography.
Zhixiong Tang is currently a M.S. candidate of Hangzhou Normal University, China. His research interests include authentication and key exchange protocols.
Kefei Chen received the Ph.D. degree from Justus-Liebig University, Gießen, Germany, in 1994. From 1996 to 2012 he served as a professor at Shanghai Jiaotong University in China, and joined to Hangzhou Normal University since 2013. He has authored over 200 research papers and 9 books in the areas of cryptography and information security.
- ☆
Reviews processed and approved for publication by Editor-in-Chief.