Table of Contents Author Guidelines Submit a Manuscript
Security and Communication Networks
Volume 2018, Article ID 9046064, 14 pages
https://doi.org/10.1155/2018/9046064
Research Article

Efficient and Secure Biometric-Based User Authenticated Key Agreement Scheme with Anonymity

1Department of Computer Engineering, Sungkyunkwan University, 2066 Seoburo, Suwon, Gyeonggido 440-746, Republic of Korea
2Department of Cyber Security, Howon University, 64 Howondae 3-gil, Impi-myeon, Gunsan-si, Jeonrabuk-do 54058, Republic of Korea

Correspondence should be addressed to Dongho Won; rk.er.ytiruces@nowhd

Received 4 May 2017; Revised 4 November 2017; Accepted 13 May 2018; Published 20 June 2018

Academic Editor: Vincenzo Conti

Copyright © 2018 Dongwoo Kang et al. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

Abstract

At present, a number of users employ an authentication protocol so as to enjoy protected electronic transactions in wireless networks. In order to establish an efficient and robust the transaction system, numerous researches have been conducted relating to authentication protocols. Recently, Kaul and Awasthi presented an user authentication and key agreement scheme, arguing that their scheme is able to resist various types of attacks and preserve diverse security properties. However, this scheme possesses critical vulnerabilities. First, the scheme cannot prevent two kinds of attacks, including off-line password guessing attacks and user impersonation attacks. Second, user anonymity rule cannot be upheld. Third, session key can be compromised by an attacker. Fourth, there is high possibility that the time synchronization trouble occurs. Therefore, we suggest an upgraded version of the user authenticated key agreement method that provides enhanced security. Our security and performance analysis shows that compared, to other associated protocols, our method not only improves the security level but also ensures efficiency.

1. Introduction

The rapid evolution of mobile devices and the development of Information and Communication Technology (ICT) are providing convenience to our lives. This development has particularly affected the computer science environment, which has adhered to not only conventional but also inefficient ways. While the users enjoy simplicity and efficiency in their transaction systems, the issue of security has emerged as a major interest in both academic and industrial fields. In order to guarantee reliability among the communication parties, authentication protocol supports security when users access to foreign network.

Lamport [1] first proposed an authentication mechanism and, since then, many related studies have been carried out [25] to enhance efficiency and security. In 2004, Das et al. [6] presented an authentication mechanism using dynamic identity technique in order to avoid exposure of user’s identity. However, Wang et al. [7] claimed that their mechanism [6] cannot guarantee mutual authentication and fails to secure against server spoofing attack, and they then presented a new version. In 2010, Khan et al. [8] proved that Wang et al.’s version [7] is imperfect because their scheme leads to anonymity problem and server internal attack. Khan et al. [8] also presented an upgraded authentication method so as to treat Wang et al.’s deficiency. However, An [9] and Chou et al. [10] then separately pointed out that Khan et al.’s method [8] has an anonymity problem and unsteady under the various attacks such as off-line password guessing attack and forgery attack, with each proposing an improved new scheme. In Chou et al.’s research [10], they did not only demonstrate the deficiencies of Khan et al.’s method [8] but also criticized Song’s scheme [11] that it cannot guarantee to protect off-line password guessing attack. In 2013, Chang et al. [12] corrected Wang et al.’s [7] flaw to expose private data including user’s identity in the process of messages transmitted and suggested enhanced mechanism. However, Kumari et al. [13] claimed that Chang et al.’s mechanism [12] cannot guarantee protecting against off-line password guessing attack, user disguise attack, and server masquerading attack, and their scheme also cannot keep user’s identity and mutual authentication property. Like their predecessor, this was also followed by Kumari et al.’s [13] proposal for enhanced authentication technique.

Recently, Kaul and Awasthi [14] proved that Kumari et al.’s proposal [13] fails to protect important security parameters and session key shared between communication parties. With compensating these defections, they presented their own authentication method [14], claiming it can resist different types of attacks. However, we discovered that they compromise several security flaws. Their scheme (i) cannot withstand off-line password guessing attack and user impersonation attacks, (ii) is unable to support user anonymity, (iii) cannot achieve session key security, and (iv) encounters time synchronization trouble. In this research, we explain how the previously stated attacks operate and present a more developed version.

The remainder of this paper is arranged as follows: Section 2 introduces preliminary knowledges. Kaul and Awasthi’s authentication mechanism is described in Section 3. Section 4 demonstrates that vulnerabilities of Kaul and Awasthi’s mechanism. Our proposed method with detailed explanation is provided in Section 5. Sections 6 and 7 deal with informal security analysis and formal security analysis, respectively. In Section 8, we analyze the performance of the proposed scheme and, lastly, Section 9 contains the conclusion to this paper.

2. Preliminary Knowledge

In this section, we will describe basic knowledge in terms of threat model and introduce bio-hash function [15], which is used in our proposed scheme.

2.1. Threat Model

This subsection describes the threat model. Based on previous researches [514, 1619], we constructed several common assumptions, including the capabilities of an attacker.(1)All existing smart cards have vulnerabilities because confidential information stored within them can be extracted by physically monitoring the power consumption [20], meaning that an attacker can read and acquire data stored on the smart card.(2)An attacker can control the public channels between the user and the server, meaning that the attacker can intercept any messages that are transmitted via the public channel [1618].(3)An attacker can modify and resend the intercepted/eavesdropped message [16].

2.2. Biohashing

A user’s biometric data is very sensitive information. Thus, when user identification is employed using biometric data, secure and accurate matching is needed. To address this concern, Jin et al. [15] suggested fingerprint-based function to identify user’s legitimacy in 2004. According to prior research [15], bio-hash technique employs particular tokenized pseudo-random numbers to each of users measuring biometric feature arbitrarily onto twofold strands. Bio-hash function is a one-way function with a feature that the probability of denial of service can be reduced. To date, many authentication studies have been carried out [19, 2123] based on the bio-hash technique. In order to improve security, our proposed scheme also adopts user’s biometric information applied bio-hash function, and the details are as follows in Section 5.

3. Review of the Kaul and Awasthi’s Scheme

In this section, we briefly review the Kaul and Awasthi’s scheme [14] to examine the cryptanalysis on their scheme. It consists of the following phases: registration, login, authentication, and password change. Figure 1 describes the Kaul and Awasthi’s scheme, and Table 1 displays the notations employed in the remainder of this paper.

Table 1: Notations.
Figure 1: Kaul and Awasthi’s scheme.
3.1. Registration Phase

(1) inputs and and then generates a random number that is only kept to user . computes and sends a registration request to through a secure channel.(2) generates a random number and computes , , and .(3) then issues a smart card with the parameters and sends it to through a secure channel.(4)Upon receiving the smart card, computes and enters the in its memory, and, finally, the smart card includes the information .

3.2. Login Phase

(1) inserts ’s smart card into a card reader and inputs his/her and .(2)Smart card computes , , , and . The smart card then compares with . If this condition is satisfied, the smart card acknowledges the legitimacy of and proceeds with the next step. If not, this phase is terminated.(3)Smart card computes and .(4)Finally, sends the login request to through a public network.

3.3. Authentication Phase

(1) verifies the time-stamp through . If it holds, proceeds with the next step. Otherwise, this phase is terminated.(2) computes , and . then verifies whether . If this comparison is satisfied, accepts the login request and proceeds with the next step. Otherwise, rejects the login request and this phase is terminated.(3) computes and sends an authentication request to through a public network.(4) verifies the time-stamp through . If it holds, proceeds with the next step. Otherwise, this phase is terminated.(5) computes and verifies whether . If this comparison is satisfied, accepts the authentication request and proceeds with the next step. Otherwise, rejects the authentication request and this phase is terminated.(6)Finally, computes a shared session key and also computes the same session key successfully.

3.4. Password Change Phase

(1) inserts ’s smart card into a card reader and inputs , old password , and new password . The smart card computes and .(2)Smart card further computes , and . Smart card then verifies whether . If this comparison is satisfied, smart card proceeds with the next step. Otherwise, this phase is terminated.(3)Using the new password , smart card computes , , , and .(4)Smart card replaces with the new parameters . Consequently, the smart card contains the information .

4. Security Weaknesses of the Kaul and Awasthi’s Scheme

In this section, we show that Kaul and Awasthi’s scheme [14] possesses some security vulnerabilities. Based on the threat model as mentioned in Section 2.1, the following problems have been found and their detailed descriptions are given as follows.

4.1. Lack of User’s Anonymity

In modern networks environments, user’s sensitive information leakage such as identity or password can expedite an outside attacker to identify every specific user. In this case, user’s privacy data is at risk of being exposed to a untrusted third party that disobey his/her will. Therefore, user anonymity is must be taken seriously as a satisfied property for user authentication scheme. However, in Kaul and Awasthi’s scheme [14], an attacker can easily acquire the user’s identity through monitoring the public channels [1618] because a user’s identity is transmitted in a plain text without any encryption during the login phase. Attacker also can abuse acquired user’s identity to launch various types of attacks, leading to many malicious scenarios. For this reason, user anonymity cannot be preserved in Kaul and Awasthi’s authentication scheme.

4.2. Off-Line Password Guessing Attack

This attack is the attempted identification of a password until the correct password is found due to the tendency of many users to create simple, brief passwords for the sake of convenience. For this reason, authentication schemes for all password-based users should be designed to prevent a guessing attack; however, Kaul and Awasthi’s scheme has a weakness in this situation, and we therefore propose a scenario for an off-line password guessing attack. The following is a detailed description.

Step 1. After an attacker has stolen a smart card, the attacker can extract from the user’s smart card.

Step 2. The attacker can use an eavesdropped login request from the public channel.

Step 3. The attacker selects a password candidate and computes .

Step 4. The attacker computes the following:

Step 5. The attacker iterates the comparison process until the computed result equals the extracted value .

Step 6. If they corresponded with each other, would be an accurate password.

Through the above description, we demonstrate that Kaul and Awasthi’s scheme [14] does not guarantee to protect off-line password guessing attack.

4.3. User Impersonation Attack

Generally speaking, many password-based authentication schemes’ security is based on knowledge of the password; therefore, if an attacker acquires an user’s password, the attacker can impersonate a legitimate user. Unfortunately, Kaul and Awasthi’s scheme has a weakness under this case. After obtaining the user’s password , as described in Section 4.2, an attacker can successfully impersonate a legitimate user by performing the following steps.

Step 1. Attacker extracts after stolen smart card.

Step 2. The attacker gets and in the eavesdropped request .

Step 3. The attacker computes using obtained and further computes .

Step 4. The attacker constructs login request and sends it to .

Step 5. Upon getting the login request, checks whether and are normal values or not.

Step 6. If the above checking process is done, assures that the received login request is a legal message.

In Step 6, it is obvious that can successfully verify , since the values in attacker’s login request are exactly equal to user’s login request. Therefore, the attacker can successfully disguise a legitimate user in Kaul and Awasthi’s scheme [14].

4.4. Session Key Compromise

In Kaul and Awasthi’s scheme, if an attacker successfully guesses ’s password by off-line password guessing attack, the attacker can construct the session key shared between user and server. First, the attacker can acquire and after eavesdropping the login and authentication request. Then, the attacker can compute and using obtained , which is previously compromised value through the Section 4.2. With combined these values, attacker can successfully establish .

4.5. Time Synchronize Problem

It is time-stamp method that a hitherto commonly used method against replay attack. Kaul and Awasthi also mentioned a time-stamp method to prevent replay attack. However, this method may cause time synchronization problem between servers and users, since the current network system is large-scale wireless network composed of multitudinous users employing various devices contrary to past small scale network environment. Besides, it is inefficient to synchronize all system in real time. Nonce-based method applying random number is recommended instead of time-stamp method to settle synchronization problem [24]. Kaul and Awasthi’s scheme is required to switch to nonce-based method to resolve time synchronization problem.

5. The Proposed Scheme

In this section, we suggest the refined version of authentication protocol to offer enhanced security by resolving Kaul and Awasthi’s [14] vulnerabilities. In our proposed scheme, in order to conceal the user’s identity, we employ dynamic identity technique that is combined form of and random number. We also use biometrics information with Biohashing [15] to avoid off-line password guessing attack and impersonation attack. In addition, we apply nonce-based method to prevent replay attack instead of unsteady time-stamp method. Our proposed method also consists of four phases: registration, login, authentication, and password change. Figure 2 describes our proposed scheme, and the notations employed to the proposed scheme are displayed in Table 1.

Figure 2: Our proposed scheme.
5.1. Registration Phase

(1) inputs and and imprints his/her biometrics . Then computes and sends a registration request to server through a secure channel.(2) computes , , and .(3) then issues a smart card with the parameters and sends it to through a secure channel.(4)Upon receiving the smart card, computes and enters the in its memory, and, finally, the smart card includes the information .

5.2. Login Phase

(1) inserts ’s smart card into a card reader and inputs , and also imprints biometric . Smart card then computes and compares it with the stored in the smart card. If this comparison is satisfied, the smart card acknowledges the legitimacy of the and proceeds with the next step. Otherwise, it terminates this phase.(2)Smart card computes and .(3)Smart card selects a random number and computes , and .(4)Finally, sends the login request to through a public network.

5.3. Authentication Phase

(1) computes , and . then verifies whether . If this comparison is satisfied, accepts the login request and proceeds with the next step. Otherwise, rejects the login request and this phase is terminated.(2) selects a random number and computes , and .(3) sends an authentication request to through a public network.(4) computes , and .(5) then verifies whether . If this comparison is satisfied, accepts the authentication request and successfully authenticates . Otherwise, rejects the authentication request and this phase is terminated.

5.4. Password Change Phase

(1) inserts ’s smart card into a card reader and inputs , and also imprints biometric . Smart card then computes and compares it with the stored in the smart card. If this comparison is satisfied, the smart card acknowledges the legitimacy of and proceeds with the next step. Otherwise, it terminates this phase.(2) inputs a new password , and smart card computes .(3)Smart card further computes(4)Smart card replaces with the new parameters . Consequently, the smart card contains the information .

6. Security Analysis and Proof of the Proposed Scheme

In this section, we first analyze whether our proposed technique satisfies numerous security requirements. After that, we will apply Burrows-Abadi-Needham (BAN) logic [25] to validate that the generated session key is precisely distributed to user and server .

6.1. Security Analysis of Proposed Scheme

We evaluate whether our proposal is secure against various attacks and satisfies various authentication requirements. In addition, comparative analysis of related schemes [9, 10, 1214] is carried out, and the results are shown in Table 2.

Table 2: Security comparison.
6.1.1. User Anonymity

Our scheme protects the user’s identity sent by messages from the possible dangers of exposure in order to accomplish user anonymity. Even if an attacker captures by snatching login request , it is unachievable to derive since the attacker cannot acquire random number .

6.1.2. Privileged Insider Attack

In our scheme, when sends a registration request to , is transmitted not as uncovered, but as a form of with a value ,to preclude insider attack. Thus, our scheme guarantees to hinder an insider attack.

6.1.3. Replay Attack

Assumes that an attacker steals the former login request . Then, the attacker might try to pose as a valid user by sending this request in order to login the server. However, if the attacker sends prior login request, the server would apparently turn down the request because our scheme can find out the invalid random number through the comparison of value. In addition, in each session, our proposed scheme handles distinct random numbers. As a result, our scheme can provide safety against replay attack.

6.1.4. Off-Line Password Guessing Attack

From the stolen smart card and snatch the login request , an attacker can procure , and, using these values, the attacker may try to predict the precise password . However, the attacker cannot conjecture the unless and are given. Furthermore, an user only knows since it is a hashed biometric information. For this reason, our scheme guarantees to defend off-line password guessing attack.

6.1.5. User Impersonation Attack

In our scheme, an attacker should generate the values of , , , and after obtaining the value of or a random number, to achieve impersonation attack. Still, as we mentioned above, it is impossible for an attacker to get the value of or . Thus, an attacker cannot create an appropriate login request to cheat .

6.1.6. Mutual Authentication

In the authentication phase of our scheme, and can attest each other according to several procedures. To be specific, first confirms the login request by examining whether is accurate. also makes sure the authentication request by checking whether is correct. If all these verification processes are executed successfully, mutual authentication has succeeded properly.

6.1.7. Session Key Compromise

In our scheme, in order to compromise the session key , an attacker should have the random numbers and . Moreover, to acquire the random numbers, the attacker should know in advance. However, the attacker has no way to derive the user’s , all things considered. In this manner, our authentication mechanism guarantees session key security.

6.1.8. Password Verification Process

There is a feasibility that a user accidentally inputs an inaccurate password, but, for password verification procedure, a server will detect the wrong password after executing authentication phase [19]. Considering this kind of inefficient situation, our scheme evaluates the correctness of password by checking the value in an early login phase.

6.1.9. Convenient Password Change

In general, it is encouraged to implement verification process by itself when password adjustment occurs [24]. The performance of a security scheme can be enhanced through its own mechanism without communicating to server . Our proposed scheme carries out extant password checking in self-verification process within smart card. After testing, calculated values from new password will substitute the existed values in an efficient and appropriate way.

6.1.10. No Time Synchronization

In timestamp-based authentication protocols, when a user and a server transmit a packet, the clocks of all devices should be set accurately. For this reason, there is a strong likelihood that error occurs. On the contrary, our scheme handles random numbers and rather than time-stamp technique to avert this problem.

6.2. Authentication Proof with BAN Logic

We use Burrows-Abadi-Needham (BAN) logic [25] to demonstrate that the user and server participating in communication are each correctly assigned the session key . The basic symbols of BAN logic are as follows:(i): formula is hashed with .(ii): perceives formula .(iii): combine formula using .(iv): formula is fresh.(v): said formula .(vi): trusts formula .(vii): can manage formula .(viii): and assign a secret key .

The ban logic also provides the following basic rules:(1)Message meaning rule: .(2)Nonce verification rule: .(3)The believe rule: .(4)Freshness conjuncatenation rule: .(5)Jurisdiction rule: .

Using ban logic, we will accomplish the following goals:(i)Goal 1: .(ii)Goal 2: .

The login and authentication messages used in our scheme can be translated into an ideal form shown as follows:(i)Message 1: : , , .(ii)Message 2: : , .

To proceed with the proof, we have defined the following assumptions:(i)A1: (ii)A2: (iii)A3: (iv)A4: (v)A5: (vi)A6:

Our verification procedure is as follows:Based on Message 1, we could derive:(i)S1: Based on assumption A4, we adapt the message meaning rule to derive:(ii)S2: Based on assumption A1 and the freshness conjuncatenation rule, we derive:(iii)S3: Based on S2, S3 and the nonce verification rule, we derive:(iv)S4: Based on A4, S4 and the jurisdiction rule, we derive:(v)S5: Based on V5, assumption A2, and SK, we derive:(vi)S6. (Goal 2.)Based on Message 2, we could derive:(vii)S7: Based on assumption A3, we adapt the message meaning rule to derive:(viii)S8: Based on assumption A2 and the freshness conjuncatenation rule, we derive:(ix)S9: Based on S8, S9 and the nonce verification rule, we derive:(x)S10: Based on A3, S10 and the jurisdiction rule, we derive:(xi)S11: Based on V11, assumption A1, and SK, we derive:(xii)S12. (Goal 1.)

Based on (Goal.1) and (Goal.2), we can assure that our proposed scheme provides the mutual authentication and agreement of the session key , which is correctly distributed between and .

7. Formal Security Proof Using AVISPA Tool

In this section, we demonstrate that our proposed scheme can resist both passive and active attacks by simulating its use in the Automated Validation of Internet Security Protocols and Applications (AVISPA) tool [26].

7.1. Overview of AVISPA Tool

The AVISPA is a formal tool that is generally used to verify protocol security. The protocol specification is written in High Level Protocols Specification Language (HLPSL) [27] and is translated into the Intermediate Format (IF) by a Translator HLPSL2IF. The result is then treated as the input value of the different back-end procedures. In this paper, we first stipulate our authentication mechanism based on HLPSL and then derive the results of the simulation using two back-ends OFMC and CL-AtSe.

7.2. Stipulating the Proposed Scheme

This section supports descriptions of the specifications of our proposed scheme in HLPSL. We have assigned the fundamental roles for a user and a server for each phase, and we then stipulate the other roles for the session, environment, and goal. Box 1 shows that the role specification of the user for our proposed scheme.

Box 1: Role specification in HLPSL for the user .

During the registration phase, sends to through a secure channel using the operation and a symmetric key . The type declaration expressed that the channel is effected by the Dolev-Yao threat model [28]. Under this threat model, the attacker can, some malignancy action such as intercept, eavesdrop on any messages by agents. The declaration expressed that the personal private information is only known to . operation is used to generate a random number during the login and authentication phase. then computes , , , , and and sends the login request to via a public network. The declaration expresses that has recently generated a random number for to communicate. finally receives the authentication message from via a public channel.

The role specification of the server for our scheme is shown in Box 2. In the registration phase, receives the registration request message from . After receiving the message, issues a smart card which contains parameters and sends it to using operation and symmetric key . During the login and authentication phase, receives the login request message from . Then, similar to user ’s role, Server uses operation to generate a random number . The declaration expresses that has recently generated a random number for to communicate. The declaration expresses that authenticates user .

Box 2: Role specification in HLPSL for the server .

The rest segment in HLPSL, session, environment, and goal is described in Box 3. Each segment’s specifics are as follows:(i)Session segment: the participants in the communication, including the user and server, and other basic roles being instanced as concrete arguments(ii)Environment segment: cover the global constant, session composition, and intruder knowledge(iii)Goal segment: secrecy goals and authentication goals.

Box 3: Role specification in HLPSL for the session, environment, and goal.
7.3. Simulation Results

This section describes the output results of the simulation conducted for our proposed scheme. The results of the simulation under the OFMC and CL-AtSe back-ends are shown in Box 4, which clearly shows that our scheme is SAFE under each back-end. Therefore, it is obvious that our proposed scheme can prevent passive and active attacks, including replay and man-in-the-middle attacks.

Box 4: Simulation results under the OFMC and CL-AtSe back-ends.

8. Performance Analysis of the Proposed Scheme

In this section, we compare the execution time and cost of computation for our proposed technique with the technique [9, 10, 1214]. In general, cost of computation in authentication protocol is analyzed by operations performed in each work within the protocols. Accordingly, the cost of computational analysis focuses on the activities performed by members, like users and servers. The following is a definition of the parameters for evaluation of the calculation cost:(i) is the time of executing a one-way hashing function.(ii) is the time of executing a XOR operation.(iii) is the time of executing a modular exponentiation.

Table 3 contains a summary of the calculation overhead comparison. The results show that An [9], Chou et al. [10], Chang et al. [12], Kumari et al. [13], Kaul and Awasthi [14], and our technique require the total computation cost overheads 12 + 14 + 4, 36 + 31, 24 + 14, 21 + 24, 28 + 36, and 27 + 15, respectively. On the basis of [29], we adopt that the actual execution time for the complexity notations is as follows: =0.0005s and =0.522s. Since the XOR operation time is short, does not need to be considered. As shown in Table 3, we observed that the execution time of our proposed scheme requires only 0.0135s ( 27 0.0005s), so it can be regarded as a negligible significance, whereas the execution time of An’s scheme [9] using modular exponentiation operation required 2.094s ( 12 0.0005s + 4 0.522s), so this scheme turned out to be ineffective. Thus, we conclude that our proposed technology considers efficiency.

Table 3: Performance comparison.

We also analyze the memory capacity of smart card and estimate the message exchange cost. Based on [13], we assume that output length of all values, such as , , , , and random numbers, is 128 bits long. As shown in Table 3, in Kaul ans Awasthi’s scheme [14], the memory capacity of smart card requires (5 × 128) = 640 bits. The communication message consists of two packets: login request and authentication request . Thus, message exchange cost of Kaul and Awasthi’s scheme is (6 × 128) = 768 bits. In our proposed scheme, the smart card requires (5 × 128) = 640 bits, and the messages composed of and require (6 × 128) = 768 bits. In conclusion, the results show that the memory capacity and communication overhead of our proposed scheme are relatively better as those of the other schemes [9, 10, 13]. In addition, the proposed technology can defend against a variety of existing attacks. This is shown in Table 2.

9. Conclusions

In this paper, we demonstrate that Kaul and Awasthi’s scheme includes some critical vulnerabilities, and we propose an extended version to overcome these defects. Our proposed scheme has been thoroughly estimated in terms of a variety of security features. In addition, the performance comparison for the proposed scheme in relation to the other studies has been analyzed, and we conclude that the proposed scheme properly considers the efficiency and robustness.

Conflicts of Interest

The authors declare no conflicts of interest.

Authors’ Contributions

Dongwoo Kang developed the idea of the proposed authentication scheme and carried out the security analysis. Jaewook Jung and Youngsook Lee conducted the performance analysis of the proposed idea and wrote the manuscript under the supervision of Professor Dongho Won and Hyoungshick Kim.

Acknowledgments

This research was supported by Basic Science Research Program through the National Research Foundation of Korea (NRF) funded by the Ministry of Education (NRF-2010-0020210).

References

  1. L. Lamport, “Password authentication with insecure communication,” Communications of the ACM, vol. 24, no. 11, pp. 770–772, 1981. View at Publisher · View at Google Scholar · View at Scopus
  2. W.-H. Yang and S.-P. Shieh, “Password authentication schemes with smart cards,” Computers & Security, vol. 18, no. 8, pp. 727–733, 1999. View at Publisher · View at Google Scholar · View at Scopus
  3. M.-S. Hwang and L.-H. Li, “A new remote user authentication scheme using smart cards,” IEEE Transactions on Consumer Electronics, vol. 46, no. 1, pp. 28–30, 2000. View at Publisher · View at Google Scholar · View at Scopus
  4. H.-M. Sun, “An efficient remote use authentication scheme using smart cards,” IEEE Transactions on Consumer Electronics, vol. 46, no. 4, pp. 958–961, 2000. View at Publisher · View at Google Scholar · View at Scopus
  5. H.-Y. Chien, J.-K. Jan, and Y.-M. Tseng, “An efficient and practical solution to remote authentication: smart card,” Computers & Security, vol. 21, no. 4, pp. 372–375, 2002. View at Publisher · View at Google Scholar · View at Scopus
  6. M. L. Das, A. Saxena, and V. P. Gulati, “A dynamic ID-based remote user authentication scheme,” IEEE Transactions on Consumer Electronics, vol. 50, no. 2, pp. 629–631, 2004. View at Publisher · View at Google Scholar · View at Scopus
  7. Y.-Y. Wang, J.-Y. Liu, F.-X. Xiao, and J. Dan, “A more efficient and secure dynamic ID-based remote user authentication scheme,” Computer Communications, vol. 32, no. 4, pp. 583–585, 2009. View at Publisher · View at Google Scholar · View at Scopus
  8. M. K. Khan, S.-K. Kim, and K. Alghathbar, “Cryptanalysis and security enhancement of a more efficient & secure dynamic ID-based remote user authentication scheme,” Computer Communications, vol. 34, no. 3, pp. 305–309, 2011. View at Publisher · View at Google Scholar · View at Scopus
  9. Y.-H. An, “Security improvements of dynamic ID-based remote user authentication scheme with session key agreement,” in Proceedings of the 15th International Conference on Advanced Communication Technology: Smart Services with Internet of Things!, ICACT 2013, pp. 1072–1076, January 2013. View at Scopus
  10. J. S. Chou, C. H. Huang, Y. S. Huang, and Y. Chen, “Efficient two-pass anonymous identity authentication using smart card,” IACR Cryptology ePrint Archive, p. 402, 2013. View at Google Scholar
  11. R. Song, “Advanced smart card based password authentication protocol,” Computer Standards & Interfaces, vol. 32, no. 5, pp. 321–325, 2010. View at Publisher · View at Google Scholar · View at Scopus
  12. Y.-F. Chang, W.-L. Tai, and H.-C. Chang, “Untraceable dynamic-identity-based remote user authentication scheme with verifiable password update,” International Journal of Communication Systems, vol. 27, no. 11, pp. 3430–3440, 2014. View at Publisher · View at Google Scholar · View at Scopus
  13. S. Kumari, M. K. Khan, and X. Li, “An improved remote user authentication scheme with key agreement,” Computers and Electrical Engineering, vol. 40, no. 6, pp. 1997–2012, 2014. View at Publisher · View at Google Scholar · View at Scopus
  14. S. D. Kaul and A. K. Awasthi, “Security Enhancement of an Improved Remote User Authentication Scheme with Key Agreement,” Wireless Personal Communications, vol. 89, no. 2, pp. 621–637, 2016. View at Publisher · View at Google Scholar · View at Scopus
  15. A. T. B. Jin, D. N. C. Ling, and A. Goh, “Biohashing: Two factor authentication featuring fingerprint data and tokenised random number,” Pattern Recognition, vol. 37, no. 11, pp. 2245–2255, 2004. View at Publisher · View at Google Scholar · View at Scopus
  16. W. Jeon, J. Kim, J. Nam, Y. Lee, and D. Won, “An enhanced secure authentication scheme with anonymity for wireless environments,” IEICE Transactions on Communications, vol. 95, no. 7, pp. 2505–2508, 2012. View at Publisher · View at Google Scholar · View at Scopus
  17. J. Nam, M. Kim, J. Paik, Y. Lee, and D. Won, “A provably-secure ECC-based authentication scheme for wireless sensor networks,” Sensors, vol. 14, no. 11, pp. 21023–21044, 2014. View at Publisher · View at Google Scholar · View at Scopus
  18. S. Park, S. Kim, and D. Won, “ID-based group signature,” Electronics Letters, vol. 33, no. 19, pp. 1616-1617, 1997. View at Publisher · View at Google Scholar · View at Scopus
  19. J. Moon, Y. Choi, J. Jung, and D. Won, “An improvement of robust biometrics-based authentication and key agreement scheme for multi-server environments using smart cards,” PLoS ONE, vol. 10, no. 12, Article ID e0145263, 2015. View at Google Scholar
  20. P. Kocher, J. Jaffe, and B. Jun, “Differential power analysis,” Advances in Cryptology CRYPTOΓ99, pp. 388–397, 1999. View at Google Scholar
  21. J. Moon, Y. Choi, J. Kim, and D. Won, “An Improvement of Robust and Efficient Biometrics Based Password Authentication Scheme for Telecare Medicine Information Systems Using Extended Chaotic Maps,” Journal of Medical Systems, vol. 40, no. 3, pp. 1–11, 2016. View at Publisher · View at Google Scholar · View at Scopus
  22. D. Mishra, A. Das, and S. Mukhopadhyay, “A secure user anonymity-preserving biometric-based multi-server authenticated key agreement scheme using smart cards,” Expert Systems with Applications, vol. 41, no. 18, pp. 8129–8143, 2014. View at Publisher · View at Google Scholar · View at Scopus
  23. A. K. Das and A. Goswami, “A secure and efficient uniqueness-and-anonymity-preserving remote user authentication scheme for connected health care,” Journal of Medical Systems, vol. 37, no. 3, pp. 1–16, 2013. View at Publisher · View at Google Scholar · View at Scopus
  24. B. Vaidya, J. H. Park, S.-S. Yeo, and J. J. P. C. Rodrigues, “Robust one-time password authentication scheme using smart card for home network environment,” Computer Communications, vol. 34, no. 3, pp. 326–336, 2011. View at Publisher · View at Google Scholar · View at Scopus
  25. M. Burrows, M. Abadi, and R. M. Needham, “A logic of authentication,” in Proceedings of the Royal Society of London A: Mathematical, Physical and Engineering Sciences, vol. 426, pp. 233–271, 1989.
  26. AVISPA, Automated validation of internet security protocols and applications, http://www.avispa-project.org/.
  27. D. von Oheimb, “The high-level protocol specification language HLPSL developed in the EU project AVISPA,” in Proceedings of APPSEM 2005 workshop, pp. 1–17, 2005.
  28. D. Dolev and A. C. Yao, “On the security of public key protocols,” IEEE Transactions on Information Theory, vol. 29, no. 2, pp. 198–208, 1983. View at Publisher · View at Google Scholar · View at MathSciNet · View at Scopus
  29. Q. Jiang, J. Ma, G. Li, and L. Yang, “An efficient ticket based authentication protocol with unlinkability for wireless access networks,” Wireless Personal Communications, vol. 77, no. 2, pp. 1489–1506, 2014. View at Publisher · View at Google Scholar · View at Scopus