Improving an Anonymous and Provably Secure Authentication Protocol for a Mobile User

Moon, Jongho; Lee, Youngsook; Kim, Jiye; Won, Dongho

doi:https://doi.org/10.1155/2017/1378128

Security and Communication Networks

On this page

Abstract Introduction Preliminaries Conclusion Conflicts of Interest Acknowledgments References Copyright Related Articles

Research Article | Open Access

Volume 2017 | Article ID 1378128 | https://doi.org/10.1155/2017/1378128

Improving an Anonymous and Provably Secure Authentication Protocol for a Mobile User

Jongho Moon,¹Youngsook Lee,²Jiye Kim,³and Dongho Won⁴

Academic Editor: Hongxin Hu

Received04 May 2017

Accepted16 Aug 2017

Published27 Sept 2017

Abstract

Recently many authentication protocols using an extended chaotic map were suggested for a mobile user. Many researchers demonstrated that authentication protocol needs to provide key agreement, mutual authentication, and user anonymity between mobile user and server and resilience to many possible attacks. In this paper, we cautiously analyzed chaotic-map-based authentication scheme and proved that it is still insecure to off-line identity guessing, user and server impersonation, and on-line identity guessing attacks. To address these vulnerabilities, we proposed an improved protocol based on an extended chaotic map and a fuzzy extractor. We proved the security of the proposed protocol using a random oracle and AVISPA (Automated Validation of Internet Security Protocols and Applications) tool. Furthermore, we present an informal security analysis to make sure that the improved protocol is invulnerable to possible attacks. The proposed protocol is also computationally efficient when compared to other previous protocols.

1. Introduction

Given recent developments in mobile telecommunications and the rapid spread of mobile devices, there is a growing importance of wireless and wired networking services that utilize bygone and current positional information from users carrying mobile devices with location tracking capabilities [1]. Remote user authentication schemes typically verify registered credentials using stored databases. Since Lamport [2] presented the first authentication scheme based on passwords in 1981, various remote user authentication schemes [3, 4] based on passwords have been proposed. However, since a server under a password-based remote user authentication protocol needs to store a verification table, which stores the password to determine the credentials of a remote user, the server arranges for extra storage for the verification table. Furthermore, several studies have shown that password-based remote user authentication protocols are insecure against some attacks, including off-line password guessing or stolen smart card attacks [5–7]. The problem with password-based authentication scheme is that it can be easily stolen or lost and making it difficult to remember on a regular basis. For these reasons, many researchers have presented new remote user authentication protocols that use biometrics. A major characteristic of biometrics is it uniqueness. Other advantage is that it cannot be guessed or stolen. Biological characteristics have been used in numerous remote user authentication schemes [8–13].

To design a secure authentication scheme, some cryptographic algorithms are also used, such as an RSA cryptosystem [14, 15], elliptic curve cryptography [16, 17], hash function [18, 19], and chaos-based cryptography [20–22].

Recently, many chaos-based authentication protocols have been suggested. Xiao et al. [23] first presented a user authentication protocol using a chaotic map and claimed that their protocol is useful and suitable for serviceable implementations. Unfortunately, many attacks were demonstrated by Han [31]. To overcome these vulnerabilities in [23], Han et al. [24] presented an enhanced user authentication protocol using chaos and asserted that their protocol resists all possible attacks. After that, Niu and Wang [32] proved that Han et al.’s protocol is vulnerable against an insider attack. Furthermore, Yoon [33] demonstrated that Niu and Wang’s protocol does not resist a denial-of-service (DoS) attack. After that, Xue and Hong [34] proposed an improved authentication and key agreement protocol using a chaotic map to improve the security to some possible attacks. Unfortunately, Tan [35] found that Xue and Hong’s protocol does not resist a man-in-the-middle attack. Lee et al. [25] presented an improved chaotic map-based authentication protocol, and He et al. [29] proved that Lee et al.’s protocol does not resist DoS and insider attacks. To enhance the functionality and security, Lin [26] proposed a new authentication and key agreement protocol using a chaotic map and dynamic identity. Unfortunately, Islam et al. [27] found that Lin’s protocol cannot resist well-known attacks, and proposed an enhanced authentication protocol. However, we found that Islam et al.’s protocol is still insecure against off-line identity guessing, impersonation, and on-line identity guessing attacks.

The remainder of this paper is organized as follows. We briefly introduce the Chebyshev chaotic maps, threat assumptions, and fuzzy extractor that we adopt in the proposed protocol in Section 2. In Sections 3 and 4, we, respectively, review and cryptanalyze Islam et al.’s protocol. In Section 5, we propose an improved authentication and key agreement protocol for a mobile user. In Section 6, we present a security analysis of the proposed protocol. Section 7 explains the functionality and performance analyses comparing the proposed protocol to previous protocols. The conclusions are presented in Section 8.

1.1. Our Contribution

To address the security vulnerabilities in Islam et al.’s authentication protocol and obtain the required performance, we propose a security-improved scheme. The primary contribution of this paper are described below.(i)First, we prove that Islam et al.’s protocol is still vulnerable to some attacks, and we show how an adversary can impersonate a legitimate user or server.(ii)Second, we suggest an improved biometrics-based authentication and key agreement protocol on Islam et al.’s protocol. The improved protocol is designed to be secure to well-known attacks.(iii)Third, we analyze that the proposed protocol has better robustness and a lower computational cost with a performance analysis.

2. Preliminaries

We briefly introduce the Chebyshev chaotic maps [28, 36], threat assumptions, and fuzzy extractor.

2.1. Chebyshev Chaotic Maps

The Chebyshev polynomial is a polynomial of degree .

Definition 1. Let be a whole number and be a real number from the round , ; the Chebyshev polynomial of degree is then defined as .

Definition 2 (CMDLP). Given the two parameters , , the Chaotic Maps Discrete Logarithm Problem is whether integer can be found such that . The probability of being able to address the CMDLP is defined as .

Definition 3 (CMDHP). Given the three elements , , and , the Chaotic Maps Diffie-Hellman Problem is whether can be computed such that .

2.2. Threat Assumptions

We introduce some threat model [37, 38] and consider constructing the threat assumptions described as follows:(i)Adversary can be both a user or server. Any registered mobile user can act as an adversary.(ii) can intercept all messages in a public channel, thereby capturing any message exchanged between a user or server.(iii) has the ability to modify, reroute, or delete the captured message.(iv)Stored parameters can be extracted from the mobile device.

2.3. Fuzzy Extractor

In this subsection, we describe the basis for a biometric-based fuzzy extractor that converts biometric information data into a random value. Based on [39–41], the fuzzy extractor is operated through two procedures (, ), demonstrated as(i),(ii), if is reasonably close to .

is a probabilistic generation function for which the biometrics returns an “extracted” string and auxiliary string , and is a deterministic reproduction function that enables the recovery of from and any vector close to . Detailed information of the fuzzy extractor can be found in [42].

3. Review of Islam et al.’s Protocol

We review Islam et al.’s protocol. Their protocol consists of registration, login, verification, and password change phases and uses an extended chaotic maps. The term is the chaotic map computation that is calculated with respect to “” and . The notations of this paper are illustrated in the Notations.

3.1. Registration Phase

(i)User selects the identity and password and inputs these values into the mobile devices . then chooses a random number , calculates , and sends to server over an insecure channel.(ii)Upon receiving , server computes and and sends to user by using a secure channel.(iii)Upon receiving , retrieves , , and and stores into .

3.2. Login Phase

(i)User enters and into .(ii) computes and . then checks whether is equal to . If this holds, executes the following stage; otherwise, rejects the login request.(iii) chooses a random number and then computes and , where , , , and is the current timestamp. sends to server by using a public channel.

3.3. Verification Phase

(i)When receiving the request message from user , server verifies freshness of timestamp and terminates the session if is false; otherwise, server continues the next stage.(ii) computes , , , and . then rejects the session if ; otherwise, server continues the following stage.(iii) randomly chooses a number and computes the session key , and . then sends the response messages over an insecure channel.(iv)After receiving the response message from server at time , checks the freshness of and terminates the session if is false; otherwise, e then computes , and . next checks whether . If this holds, accepts as the session key and authenticates server ; otherwise, rejects the session.

3.4. Password Change Phase

(i)User inputs and into the mobile device .(ii) computes and . then checks whether is the same to . If this holds, the mobile device asks the new identity and password to ; otherwise, rejects the password change request.(iii) inputs a new and into . then computes and and replaces by into .

4. Cryptanalysis of Islam et al.’s Protocol

We cryptanalyze the security problems in Islam et al.’s protocol [27]. Islam et al. analyzed the protocol by Lin et al. and improved it to support an improved security functionality. However, we found that Islam et al.’s protocol was vulnerable to some possible attacks. These attacks are based on the threat assumptions that an adversary was entirely monitored through the public channel connecting and in the login and verification phases and that obtained the mobile device. Therefore, can insert, modify, eavesdrop on, or delete any message transmitted over a public network. We now reveal further details of these problems.

4.1. Violation of the Identity

Let be an active adversary who is a legitimate user and owns a mobile device to extract information and suppose that an adversary eavesdrops on the communication messages between user and server . can then easily obtain the identity of user . The details are described as follows:(i)Adversary calculates .(ii)Using [43], the adversary computes , .(iii) can then compute , , and .

4.2. On-Line Identity Guessing and User Impersonation Attack

Let be an active adversary who is a legitimate user and owns a mobile device to extract information . can then easily guess the identity of any user and impersonate as follows.(i)Adversary computes .(ii) generates a random number , computes , guesses any identity , and then computes , where , , , and is the current time stamp. sends to server over an insecure network.(iii)Upon receiving the login request message from the adversary , server verifies the freshness of the timestamp and terminates the session if is false; otherwise, server continues the next stage.(iv) computes , , , and . then rejects the session if ; otherwise, server continues the following stage.(v) randomly chooses a number and computes the session key , and . then sends the response messages over an insecure channel.(vi)After receiving the response messages from server at time , the mobile device checks the freshness of and terminates the session if is false; otherwise, then computes . Finally, and “successfully” conclude on the session key . However, server faultily decides that he/she is communicating with user .

4.3. Server Impersonation Attack

Let be an active adversary who is a legitimate user and owns a mobile device to extract information . can then easily impersonate as follows.(i)Adversary computes .(ii)Using [43], the adversary computes , .(iii)When receiving the login request message from user , computes and .(iv)Adversary randomly chooses a number and computes the session key , and . The then sends the response messages to user over an insecure channel.(v)After receiving the response message from adversary at time , the mobile device checks the freshness of and terminates the session if is false; otherwise, then computes , and . The mobile device next checks whether . If this holds, the mobile device accepts as the session key. However, server faultily decides that he/she is communicating with .

4.4. Violation of the Session Key

Assume that any adversary eavesdrops on the communication messages between user and server . can then easily calculate the session key between and .(i) calculates .(ii)Using [43], the adversary computes , .(iii) can compute and .(iv)Using [43], the adversary computes , .(v) can then compute the session key .

5. The Proposed Protocol

We will propose an improved biometric-based authentication protocol using the fuzzy extractor. The proposed protocol is also two members, user and server , and consists of four phases such as registration, login, verification, and password change. Figures 1 and 2 are the registration and login and verification phases of the proposed scheme.

5.1. Registration Phase

(i) gives one’s biometrics at the mobile device . The then scans , pulls out two random strings () from the computation , and stores in storage. enters the identity and password , and then calculates . Finally, generates a random number , stores in the storage, and sends user registration request message to server by using a secure communication channel.(ii)Upon receiving the request message for registration, randomly chooses a number and calculates , , and , where is a fixed random positive integer and is the master key of server .(iii) sends to the .(iv)After receiving the registration response message , computes , , , and and stores into storage after deleting , , and .

5.2. Login Phase

(i) enters and and gives into the mobile device .(ii) scans and recovers from the computation .(iii) then computes , , and , and checks whether is the same to the stored . If this holds, performs the next stage; otherwise, rejects the login request.(iv) calculates , , and , where is the current timestamp.(v)Finally, sends the request message for login to server .

5.3. Verification Phase

(i)When receiving the request message from , server checks whether is valid, where is the minimum acceptable time interval and is the actual arrival time of login request. If this holds, continues to proceed to the next stage; otherwise, rejects the request.(ii) then calculates , , and and checks whether is the same to the received . If this holds, the continues to proceed to the next stage; otherwise, terminates this session.(iii) randomly chooses a number and calculates the session key , , and . then sends the login response message where is the current timestamp.(iv)After receiving the response message from server , checks whether is valid, where is the minimum acceptable time interval and is the actual arrival time of response message. If this holds, continues to the next stage; otherwise, terminates this session.(v) computes and the session key and and verifies whether is the same to the received . If this holds, continues to the next stage; otherwise, terminates current session.(vi)Finally, replaces by into storage.

5.4. Password Change Phase

(i)User inputs and and gives into the mobile device .(ii) scans and recovers from the computation .(iii) then computes , , and and checks whether is the same to the stored . If this holds, performs the next stage; otherwise, rejects the password change request.(iv) inputs a new password into . then computes , , , and .(v)Finally, replaces by into storage.

6. Security Analysis of the Improved Protocol

The proposed protocol, which retains the advantages of Islam et al.’s protocol, is demonstrated, and it can resist some possible attacks and supports all security properties. The analysis of the improved protocol was organized with the threat assumptions made in Preliminaries.

6.1. Formal Security Analysis

A random oracle-based formal analysis is demonstrated here, and its security is shown. First, the following hash function is defined [44]:

Definition 4. A collision-resistance and one-way hash function receives an input as a binary string of arbitrary length , returns a binary string of fixed length , and gratifies the following conditions:(i)Given , it is computationally impracticable to find a such that .(ii)Given , it is computationally impracticable to find another , such that .(iii)It is computationally impracticable to find a pair , with , such that .

Theorem 5. According to the assumptions if hash function similarly acts like an random oracle, then the improved protocol is clearly secure to an adversary to protect sensitive information, including identity , semigroup property , common session key , and master secret key .

Proof. Formal proof of the proposed protocol is similar in [40, 45], and it uses the oracle to construct , which will have the ability to extract , , , and .

Reveal. Random oracle can extract input value from hash value without failing. Adversary now executes the experimental algorithm shown in Algorithm 1, for the proposed scheme as BBSMK, for example. Let us then define the probability of success for as , where means the probability of . The advantage function for this algorithm then defines , where and are the execution time and number of queries. We then discuss the algorithm in Algorithm 1 for . If has the capability to address the problem of hash function given in Definition 4, then he/she can immediately retrieve , , , and . In that case, will detect the complete connections between and ; however, the inversion of the input from a given hash result is not possible computationally; that is, , for all . Thus, , since depends on . In conclusion, there is no method for to detect the complete connections between and , and the proposed protocol is distinctly invulnerable to an adversary to retrieve .

(1) Eavesdrop the login request message
(2) Call the Reveal oracle. Let
(3) Eavesdrop the authentication response message
(4) Use the Reveal oracle. Let
(5) if then
(6) Compute
(7) Call the Reveal oracle. Let
(8) if () then
(9) Compute
(10) Call the Reveal oracle. Let
(11) Call the Reveal oracle. Let
(12) if () then
(13) Accept , , , as the correct , , , , respectively.
(14) return 0 (Success)
(15) else
(16) return 0 (Failure)
(17) else
(18) return 0 (Failure)
(19) else
(20) return 0 (Failure)
(21) end if

6.2. Simulation Result Using AVISPA

We perform to simulate the improved protocol for formal analysis using the widely accepted AVISPA. The main contribution of the simulation is to prove that the improved protocol is invulnerable to man-in-the-middle and replay attacks. AVISPA tool consists of four back-ends: (1) On-the-Fly Model Checker (OFMC); (2) Constraint-Logic-Based Attack Searcher; (3) SAT-Based Model Checker; and (4) Tree Automata Based on Automatic Approximations for the Analysis of Security Protocols. In the AVISPA, the protocol is implemented in High-Level Protocol Specification Language (HLPSL) [44], which is based on the roles: the basic roles for representing each entity role and composition roles for representing the scenarios of the basic roles. The fundamental types available in the HLPSL are [46] as follows:(i)agent: it means a primary name. The intruder always has the special identifier .(ii)symmetric_key: it is the key using the symmetric-key cryptosystem.(iii)text: the text values are applied for messages. They are often used as nonces.(iv)nat: the nat is used for meaning the natural numbers in nonmessage contexts.(v)const: it is the type for representing constants.(vi)hash_func: the basic type hash_func expresses collision-resistance secure one-way hash functions.

The role of the initiator, user , is shown in Algorithm 2. first receives the signal for starting and modifies its state variable from 0 to 1. This state variable is retained by the variable state. Similar to user, the roles of server are implemented and shown in Algorithm 3. The specifications in HLPSL for the roles of environment, session, and goal are described in Algorithm 4. The result for the formal security verification of the improved protocol using OMFC is provided in Algorithm 5. It is clear that the improved protocol is invulnerable to passive and active attacks including the two attacks.

role user (Ui, AS: agent,
SKuas: symmetric_key,
H, F: function,
SND, RCV: channel (dy))

played_by Ui def=

local State: nat,
IDi, PWi, BIOi, RPWi, DPWi, T, Ai: text,
Hi, Vi, VVi, R, S, Xi, Yi, Wi: text,
CIDi, Zi, T1, T3, SK, Y2, Ys, Zs: text
const as_ui_y2,
sc1, sc2, sc3, sc4: protocol_id

init State ≔ 0

transition

(1) State = 0 ∧ RCV(start) =\|>
State’ ≔ 1 ∧ T’ ≔ new()
∧ RPWi’ ≔ H(PWi.Ai)
∧ DPWi’ ≔ xor(RPWi’,T’)
∧ secret(, sc1, Ui)
∧ secret(IDi, sc2, )
∧ SND(SKuas)

(2) State = 2 ∧ RCV(xor(H(IDi.xor(H(PWi.Ai),T’)),F(R.H(S.IDi))).xor((Yi’.H(Yi’.S)),
xor(H(PWi.Ai),T’)) _SKuas) =\|>
State’ ≔ 4 ∧ secret(R, S, sc3, AS)
∧ secret(F(R.H(S.IDi)), sc4, Ui, AS)
∧ VVi’ ≔ xor(H(IDi.H(PWi.Ai)), F(R.H(S.IDi)))
∧ Wi’ ≔ H(H(IDi.H(PWi.Ai)).F(R.H(S.IDi)))
∧ Xi’ ≔ xor((Yi’.H(Yi’.S)),H(PWi.Ai))
∧ CIDi’ ≔ xor(IDi, H(Yi’.S))
∧ T1’ ≔ new()
∧ Zi’ ≔ H(IDi.F(R.H(S.IDi)).Yi’.T1’)
∧ SND(CIDi’.Yi’.Zi’.T1’)

(3) State = 6 ∧ RCV(xor((Y2’.H(Y2’.S)),F(R.H(S.IDi))).H(SK.F(R.H(S.IDi)).T1’.T3’).T3’) =\|>
State’ ≔ 8 ∧ SK’ ≔ H(IDi.F(R.H(S.IDi)).H(Y2’.S).T1’.T3’)
∧ Xi’ ≔ xor((Y2’.H(Y2’.S)),H(PWi.Ai))
∧ request(Ui, AS, as_ui_y2, Y2’)

end role

role applicationserver (Ui, AS: agent,
SKuas: symmetric_key,
H, F: function,
SND, RCV: channel(dy))

played_by AS def=

local State: nat,
IDi, PWi, BIOi, RPWi, DPWi, T, Ai: text,
Hi, Vi, VVi, R, S, Xi, Yi, Wi: text,
CIDi, Zi, T1, T3, SK, Y2, Ys, Zs: text
const as_ui_y2,
sc1, sc2, sc3, sc4: protocol_id

init State:= 1

transition

(1) State = 1 ∧ RCV(IDi.xor(H(PWi.Ai),T’)) =\|>
State’ ≔ 3 ∧ Hi’ ≔ H(S.IDi)
∧ Vi’ ≔ xor(H(IDi.xor(H(PWi.Ai),T’)),F(R.H(S.IDi)))
∧ Yi’ ≔ new()
∧ Xi’ ≔ xor((Yi’.H(Yi’.S)),xor(H(PWi.Ai),T’))
∧ secret(F(R.H(S.IDi)), sc4, , )
∧ SND(_SKuas)

(2) State = 5 ∧ RCV(xor(IDi,H(Yi’.S).Yi’.H(IDi.F(R.H(S.IDi).Yi’.T1’)).T1’)) =\|>
State’ ≔ 7 ∧ Hi’ ≔ H(S.IDi)
∧ Y2’ ≔ new()
∧ T3’ ≔ new()
∧ SK’ ≔ H(IDi.F(R.H(S.IDi)).H(Y2’.S).T1’.T3’)
∧ Ys’ ≔ xor((Y2’.H(Y2’.S)),F(R.H(S.IDi)))
∧ Zs’ ≔ H(SK’.F(R.H(S.IDi)).T1’.T3’)
∧ SND(Ys’.Zs’.T3’)
∧ witness(AS, Ui, as_ui_y2, Y2’)

end role

role session (Ui, AS: agent,
SKuas: symmetric_key,
H, F: function)

def=
local H1, H2, R1, R2: channel (dy)
composition

user (Ui, AS, SKuas, H, F, H1, R1)
∧ applicationserver (Ui, AS, SKuas, H, F, H2, R2)

end role

role environment() def=

const ui, as: agent,
skuas: symmetric_key,
h, f: function,
cidi, yi, zi, t1, ys, zs, t3: text,
as_ui_y2,
sc1, sc2, sc3, sc4: protocol_id

intruder_knowledge = ui, as, h, f, cidi, yi, zi, t1, ys, zs, t3

composition

session(ui, as, skuas, h, f)
∧ session(i, as, skuas, h, f)
∧ session(ui, i, skuas, h, f)

end role

goal

secrecy_of sc1, sc2, sc3, sc4
authentication_on as_ui_y2

end goal

environment()

% OFMC
% Version of 2006/02/13
SUMMARY
SAFE

DETAILS
BOUNDED_NUMBER_OF_SESSIONS

PROTOCOL
/home/span/span/testsuite/results/testrv3.if

GOAL
as_specified

BACKEND
OFMC

COMMENTS
STATISTICS
parseTime: 0.00 s
searchTime: 0.03 s
visiteNodes: 4 nodes
depth: 2 piles

6.3. Informal Security Analysis

6.3.1. Mutual Authentication

Not only does the proposed scheme guarantee security as the other biometric-based schemes, but also and authenticate each other. authenticates by checking whether is valid or not, because only a legitimate user can compute a valid using a chaotic map. then authenticates by checking , which only can compute using the long-term key and timestamp .

6.3.2. User Anonymity

To compromise the anonymity of user , adversary must be able to compute . The value is the master secret key of server , and the random value changes every session. Thus, the login request message changes every session. Even if adversary eavesdrops on the login request message of a user , does not know . The proposed protocol provides user anonymity.

6.3.3. User Impersonation Attack

Suppose that an adversary steals the mobile device of user and extracts the parameters from . To make the login request message , where and , the server’s master key is needed. Without the master secret key from server , cannot compute . The proposed protocol can therefore resist a user impersonation attack.

6.3.4. Privileged Insider Attack

In the proposed protocol, user sends the login request message . Even if the privileged insider adversary obtains these values , does not know and cannot impersonate user . The proposed protocol can therefore resist a privileged insider attack.

6.3.5. Lost Mobile Device Attack

Suppose that user ’s mobile device has been stolen or lost and any adversary obtains it. then tries to login to server using ; however, does not know the correct password . To login to , the biometrics is also needed. The proposed protocol can therefore resist a lost mobile device attack.

6.3.6. Replay Attack

One of the best solutions to prevent replay attack is to use a timestamp technique. The proposed protocol also uses timestamps. Even if any adversary eavesdrops on any user’s login request message and sends it to the server , the server checks the freshness of the timestamp and rejects the request. Furthermore, an adversary cannot compute without and . The proposed protocol can therefore resist a replay attack.

6.3.7. Off-Line Password Guessing Attack

To obtain a password of user , the biometrics is needed. Biometrics is uniquene and it cannot be guessed or stolen. The proposed protocol can therefore resist an off-line password guessing attack.

6.3.8. Stolen Verifier Attack

In the proposed protocol, a server does not store any information related to the user’s identity or password. The proposed protocol can therefore resist a stolen verifier attack.

6.3.9. Session Key Forward Security

One important objective of any user authentication protocols is to constitute a session key between user and server . The forward secrecy can protect previous and future session keys from adversary if the master secret key of is exposed. Suppose that the master secret key of is known to . However, does not know . Thus, the session key of the improved protocol is still undiscovered to . Therefore, forward secrecy is retained in the proposed protocol.

7. Comparison of Functionality and Performance

This section presents comparisons of the functionality between the improved protocol and related protocols [23–28], and the computational spending between the improved protocol and the other protocols [25–30] is also compared here.

7.1. Functionality Analysis

Table 1 compares the security features provided by the proposed protocol with previous protocols. The results indicate that the proposed protocol is distinctly invulnerable and achieves all of the avoidance requirements.

7.2. Performance Analysis

We demonstrated the computational cost of the improved protocol against previous protocols in terms of the computational cost. According to the simulations obtained in [34], we found that ms and ms, respectively, with a system using Pentium IV 3.2 G (CPU) with a 3.0 GB (RAM). According to [47], the computational cost of the fuzzy extractor technique is nearly identical to ECC multiplication. Kilinc and Yanik [48] has gauged the execution time of some cryptographic algorithms by using the Pairing-Based Cryptography Library (version 0.5.12) [49] in the OS: 32-bit Ubuntu 12.04.1, 2.2 G (CPU), and 2.0 G (RAM). They demonstrated that the cost to perform an elliptic curve point multiplication is nearly 2.226 ms. In addition, they proved that the cost of a bitwise XOR operation is negligible. In Table 2, we presented the computational cost of the improved protocol for each phase and execution time (millisecond) with the related schemes. Compared to Islam et al.’s protocol, the improved protocol performs seven further hash functions and two fuzzy-extract operations. However, we reduce four extended chaotic operations. The improved protocol therefore is more effective than Islam et al.’s protocol.

8. Conclusion

Recently, Islam et al. demonstrated the security vulnerabilities in Lin et al.’s protocol and presented an improved authentication protocol using extended chaotic map. Islam et al. also asserted that their authentication protocol is more secure than Lin et al.’s protocol and that it guarantees user anonymity. However, Islam et al.’s protocol is still insecure against some types of attacks, such as on-line identity guessing and user impersonation. To overcome these security weaknesses, in the current paper, we suggest an improved user authentication protocol using a fuzzy extractor that preserves the advantages of Islam et al.’s protocol and contributes to inclusive security properties. The formal and informal analyses of this work clarify why the improved protocol is more efficient and secure.

Notations

:	Mobile user
:	Mobile device of user
:	Identity of user
:	Password of user
:	Biometrics of user
:	Remote server
:	Real number chosen set [−1, 1]
:	Chebyshev polynomial of degree
:	Master secret key of server
:	Positive random integer generated server
:	Cryptographic hash function
9 , :	’s nearly random binary and auxiliary binary strings
:	Session key
:	Timestamp
:	Concatenation operator
:	Bitwise XOR operator.

Conflicts of Interest

The authors declare that they have no conflicts of interest.

Acknowledgments

This research was supported by Basic Science Research Program through the National Research Foundation of Korea (NRF) funded by the Ministry of Education (NRF-2010-0020210).

References

N. Park, H. W. Kim, S. Kim, and D. Won, “Open location-based service using secure middleware infrastructure in web services,” in Proceedings of the International Conference on Computational Science and Its Applications - ICCSA 2005, pp. 1146–1155, sgp, May 2005.
View at: Google Scholar
L. Lamport, “Password authentication with insecure communication,” Communications of the ACM, vol. 24, no. 11, pp. 770–772, 1981.
View at: Publisher Site | Google Scholar
M. Kumar, “On the weaknesses and improvements of an efficient password based remote user authentication scheme using smart cards,” IACR Cryptology ePrint Archive, pp. 163–174, 2004.
View at: Google Scholar
H. Lin, “Efficient mobile dynamic ID authentication and key agreement scheme without trusted servers,” International Journal of Communication Systems, vol. 30, no. 1, Article ID e2818, 2017.
View at: Publisher Site | Google Scholar
M. Khan and J. Zhang, “Improving the security of “a flexible biometrics remote user authentication scheme”,” Computer Standards and Interfaces, vol. 29, no. 1, pp. 82–85, 2007.
View at: Publisher Site | Google Scholar
W. Jeon, J. Kim, J. Nam, Y. Lee, and D. Won, “An enhanced secure authentication scheme with anonymity for wireless environments,” IEICE Transactions on Communications, vol. 95, no. 7, pp. 2505–2508, 2012.
View at: Publisher Site | Google Scholar
D. He, N. Kumar, M. K. Khan, and J.-H. Lee, “Anonymous two-factor authentication for consumer roaming service in global mobility networks,” IEEE Transactions on Consumer Electronics, vol. 59, no. 4, pp. 811–817, 2013.
View at: Publisher Site | Google Scholar
D. Mishra, A. Das, and S. Mukhopadhyay, “A secure user anonymity-preserving biometric-based multi-server authenticated key agreement scheme using smart cards,” Expert Systems with Applications, vol. 41, no. 18, pp. 8129–8143, 2014.
View at: Publisher Site | Google Scholar
R. Amin, S. Islam, G. Biswas, M. Khan, and N. Kumar, “A robust and anonymous patient monitoring system using wireless medical sensor networks,” Future Generation Computer Systems, 2015.
View at: Publisher Site | Google Scholar
R. Amin, R. Sherratt, D. Giri, S. Islam, and M. Khan, “A software agent enabled biometric security algorithm for secure file access in consumer storage devices,” IEEE Transactions on Consumer Electronics, vol. 63, no. 1, pp. 53–61, 2017.
View at: Publisher Site | Google Scholar
P. Mohit, R. Amin, and G. Biswas, “Design of authentication protocol for wireless sensor network-based smart vehicular system,” Vehicular Communications, vol. 9, pp. 64–71, 2017.
View at: Publisher Site | Google Scholar
A. Chaturvedi, D. Mishra, S. Jangirala, and S. Mukhopadhyay, “A privacy preserving biometric-based three-factor remote user authenticated key agreement scheme,” Journal of Information Security and Applications, vol. 32, pp. 15–26, 2017.
View at: Publisher Site | Google Scholar
D. Mishra, S. Kumari, M. Khan, and S. Mukhopadhyay, “An anonymous biometric-based remote user-authenticated key agreement scheme for multimedia systems,” International Journal of Communication Systems, vol. 30, no. 1, Article ID e2946, 2017.
View at: Publisher Site | Google Scholar
S. Park, S. Kim, and D. Won, “ID-based group signature,” Electronics Letters, vol. 33, no. 19, pp. 1616-1617, 1997.
View at: Publisher Site | Google Scholar
R. Amin and G. Biswas, “An Improved RSA Based User Authentication and Session Key Agreement Protocol Usable in TMIS,” Journal of Medical Systems, vol. 39, no. 8, article no. 79, 2015.
View at: Publisher Site | Google Scholar
J. Nam, M. Kim, J. Paik, Y. Lee, and D. Won, “A provably-secure ECC-based authentication scheme for wireless sensor networks,” Sensors, vol. 14, no. 11, pp. 21023–21044, 2014.
View at: Publisher Site | Google Scholar
R. Amin, S. Islam, G. Biswas, M. Khan, and N. Kumar, “An Efficient and Practical Smart Card Based Anonymity Preserving User Authentication Scheme for TMIS using Elliptic Curve Cryptography,” Journal of Medical Systems, vol. 39, no. 11, article no. 180, 2015.
View at: Publisher Site | Google Scholar
C. Chen, D. He, S. Chan, J. Bu, Y. Gao, and R. Fan, “Lightweight and provably secure user authentication with anonymity for the global mobility network,” International Journal of Communication Systems, vol. 24, no. 3, pp. 347–362, 2011.
View at: Publisher Site | Google Scholar
H. Debiao, C. Jianhua, and Z. Rui, “A more secure authentication scheme for telecare medicine information systems,” Journal of Medical Systems, vol. 36, no. 3, pp. 1989–1995, 2012.
View at: Publisher Site | Google Scholar
S. Wu, Y. Zhu, and Q. Pu, “Robust smart-cards-based user authentication scheme with user anonymity,” Security and Communication Networks, vol. 5, no. 2, pp. 236–248, 2012.
View at: Publisher Site | Google Scholar
P. Gong, P. Li, and W. Shi, “A secure chaotic maps-based key agreement protocol without using smart cards,” Nonlinear Dynamics. An International Journal of Nonlinear Dynamics and Chaos in Engineering Systems, vol. 70, no. 4, pp. 2401–2406, 2012.
View at: Publisher Site | Google Scholar | MathSciNet
J. Moon, Y. Choi, J. Kim, and D. Won, “An Improvement of Robust and Efficient Biometrics Based Password Authentication Scheme for Telecare Medicine Information Systems Using Extended Chaotic Maps,” Journal of Medical Systems, vol. 40, no. 3, article no. 70, pp. 1–11, 2016.
View at: Publisher Site | Google Scholar
D. Xiao, X. Liao, and S. Deng, “A novel key agreement protocol based on chaotic maps,” Information Sciences. An International Journal, vol. 177, no. 4, pp. 1136–1142, 2007.
View at: Publisher Site | Google Scholar | MathSciNet
S. Han, H. Tseng, R. Jan, and W. Yang, “A chaotic maps-based key agreement protocol that preserves user anonymity,” in Proceedings of the IEEE International Conference on Communications (ICCâ09, pp. 1–6, Dresden, Germany, 2009.
View at: Google Scholar
C. Lee, C. Chen, C. Wu, and S. Huang, “An extended chaotic maps-based key agreement protocol with user anonymity,” Nonlinear Dynamics. An International Journal of Nonlinear Dynamics and Chaos in Engineering Systems, vol. 69, no. 1-2, pp. 79–87, 2012.
View at: Publisher Site | Google Scholar | MathSciNet
H. Lin, “Chaotic map based mobile dynamic ID authenticated key agreement scheme,” Wireless Personal Communications, vol. 78, no. 2, pp. 1487–1494, 2014.
View at: Publisher Site | Google Scholar
S. Islam, M. Obaidat, and R. Amin, “An anonymous and provably secure authentication scheme for mobile user,” International Journal of Communication Systems, vol. 29, no. 9, pp. 1529–1544, 2016.
View at: Publisher Site | Google Scholar
C. Lee and C. Hsu, “A secure biometric-based remote user authentication with key agreement scheme using extended chaotic maps,” Nonlinear Dynamics. An International Journal of Nonlinear Dynamics and Chaos in Engineering Systems, vol. 71, no. 1-2, pp. 200–211, 2013.
View at: Publisher Site | Google Scholar | MathSciNet
D. He, Y. Chen, and J. Chen, “Cryptanalysis and improvement of an extended chaotic maps-based key agreement protocol,” Nonlinear Dynamics. An International Journal of Nonlinear Dynamics and Chaos in Engineering Systems, vol. 69, no. 3, pp. 1149–1157, 2012.
View at: Publisher Site | Google Scholar | MathSciNet
D. Guo, Q. Wen, W. Li, H. Zhang, and Z. Jin, “Analysis and Improvement of ‘Chaotic Map Based Mobile Dynamic ID Authenticated Key Agreement Scheme’,” Wireless Personal Communications, vol. 83, no. 1, pp. 35–48, 2015.
View at: Publisher Site | Google Scholar
S. Han, “Security of a key agreement protocol based on chaotic maps,” Chaos, Solitons & Fractals, vol. 38, no. 3, pp. 764–768, 2008.
View at: Publisher Site | Google Scholar | MathSciNet
Y. Niu and X. Wang, “An anonymous key agreement protocol based on chaotic maps,” Communications in Nonlinear Science and Numerical Simulation, vol. 16, no. 4, pp. 1986–1992, 2011.
View at: Publisher Site | Google Scholar | MathSciNet
E. Yoon, “Efficiency and security problems of anonymous key agreement protocol based on chaotic maps,” Communications in Nonlinear Science and Numerical Simulation, vol. 17, no. 7, pp. 2735–2740, 2012.
View at: Publisher Site | Google Scholar | MathSciNet
K. Xue and P. Hong, “Security improvement of an anonymous key agreement protocol based on chaotic maps,” Communications in Nonlinear Science and Numerical Simulation, vol. 17, no. 7, pp. 2969–2977, 2012.
View at: Publisher Site | Google Scholar | MathSciNet
Z. Tan, “A chaotic maps-based authenticated key agreement protocol with strong anonymity,” Nonlinear Dynamics. An International Journal of Nonlinear Dynamics and Chaos in Engineering Systems, vol. 72, no. 1-2, pp. 311–320, 2013.
View at: Publisher Site | Google Scholar | MathSciNet
C. Li, C. Lee, and C. Weng, “An extended chaotic maps based user authentication and privacy preserving scheme against DoS attacks in pervasive and ubiquitous computing environments,” Nonlinear Dynamics. An International Journal of Nonlinear Dynamics and Chaos in Engineering Systems, vol. 74, no. 4, pp. 1133–1143, 2013.
View at: Publisher Site | Google Scholar | MathSciNet
D. Dolev and A. Yao, “On the security of public key protocols,” Institute of Electrical and Electronics Engineers. Transactions on Information Theory, vol. 29, no. 2, pp. 198–208, 1983.
View at: Publisher Site | Google Scholar | MathSciNet
J. Moon, Y. Choi, J. Jung, and D. Won, “An improvement of robust biometrics-based authentication and key agreement scheme for multi-server environments using smart cards,” PLoS ONE, vol. 10, no. 12, Article ID e0145263, 2015.
View at: Publisher Site | Google Scholar
Y. Dodis, B. Kanukurthi, J. Katz, and A. Smith, “Robust fuzzy extractors and authenticated key agreement from close secrets,” IEEE Transactions on Information Theory, vol. 58, no. 9, pp. 6207–6222, 2012.
View at: Publisher Site | Google Scholar | MathSciNet
A. Das, “A secure and effective biometric-based user authentication scheme for wireless sensor networks using smart card and fuzzy extractor,” International Journal of Communication Systems, vol. 30, no. 1, Article ID e2933, 2017.
View at: Publisher Site | Google Scholar
C. Wang, X. Zhang, and Z. Zheng, “Cryptanalysis and improvement of a biometric-based user authentication scheme for wireless sensor networks using smart card and fuzzy extractor,” in PLoS One, vol. 11, pp. 25–25, 2016.
View at: Google Scholar
Y. Dodis, L. Reyzin, and A. Smith, “Fuzzy extractors: how to generate strong keys from biometrics and other noisy data,” in Advances in cryptology---{EUROCRYPT} 2004, vol. 3027 of Lecture Notes in Comput. Sci., pp. 523–540, Springer, Berlin, 2004.
View at: Publisher Site | Google Scholar | MathSciNet
P. Bergamo, P. D'Arco, A. De Santis, and L. Kocarev, “Security of public-key cryptosystems based on Chebyshev polynomials,” IEEE Transactions on Circuits and Systems. I. Regular Papers, vol. 52, no. 7, pp. 1382–1393, 2005.
View at: Publisher Site | Google Scholar | MathSciNet
A. Das, “A secure and effective user authentication and privacy preserving protocol with smart cards for wireless communication,” in Networking Science, vol. 2, pp. 12–27, 2, 2013.
View at: Google Scholar
Y. Lu, L. Li, X. Yang, and Y. Yang, “Robust biometrics based authentication and key agreement scheme for multi-server environments using smart cards,” PLoS ONE, vol. 10, no. 5, Article ID 0126323, 2015.
View at: Publisher Site | Google Scholar
von Oheimb D. The high-level protocol specification language hlpsl developed in the eu project avispa. In Proceedings of the Applied Semantics 2005 Workshop, Frauenchiemsee, Germany, 12–15 September 2005; pp. 1–17.
M. Wazid, A. K. Das, S. Kumari, X. Li, and F. Wu, “Design of an efficient and provably secure anonymity preserving three-factor user authentication and key agreement scheme for TMIS,” Security and Communication Networks, vol. 9, no. 13, pp. 1983–2001, 2016.
View at: Publisher Site | Google Scholar
H. Kilinc and T. Yanik, “A survey of SIP authentication and key agreement schemes,” IEEE Communications Surveys and Tutorials, vol. 16, no. 2, pp. 1005–1023, 2014.
View at: Publisher Site | Google Scholar
Lynn B. Pairing-based cryptography library, available at http://crypto.stanford.edu/pbc/.

Copyright

Copyright © 2017 Jongho Moon et al. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

PDF Download Citation

Download other formats

Order printed copies

Views

1237

Downloads

987

Citations