Bio-AKA: An efficient fingerprint based two factor user authentication and key agreement scheme

The fingerprint has long been used as one of the most important biological features in the field of biometrics. It is person-specific and remain identical though out one’s lifetime. Physically uncloneable functions (PUFs) have been used in authentication protocols due to the unique physical feature of it. In this paper, we take full advantage of the inherent security features of user’s fingerprint biometrics and PUFs to design a new user authentication and key agreement scheme, namely Bio-AKA, which meets the desired security characteristics. To protect the privacy and strengthen the security of biometric data and to improve the robustness of the proposed scheme, the fuzzy extractor is employed. The scheme proposed in the paper can protect user’s anonymity without the use of password and allow mutual authentication with key agreement. The experimental results show superior robustness and the simplicity of our proposed scheme has been validated via our performance and security analysis. The scheme can be an ideal candidate for real life applications that requires remote user authentication

A Robust and Effective Smart-Card-Based Remote User Authentication Mechanism Using Hash Function

In a remote user authentication scheme, a remote server verifies whether a login user is genuine and trustworthy, and also for mutual authentication purpose a login user validates whether the remote server is genuine and trustworthy. Several remote user authentication schemes using the password, the biometrics, and the smart card have been proposed in the literature. However, most schemes proposed in the literature are either computationally expensive or insecure against several known attacks. In this paper, we aim to propose a new robust and effective password-based remote user authentication scheme using smart card. Our scheme is efficient, because our scheme uses only efficient one-way hash function and bitwise XOR operations. Through the rigorous informal and formal security analysis, we show that our scheme is secure against possible known attacks. We perform the simulation for the formal security analysis using the widely accepted AVISPA (Automated Validation Internet Security Protocols and Applications) tool to ensure that our scheme is secure against passive and active attacks. Furthermore, our scheme supports efficiently the password change phase always locally without contacting the remote server and correctly. In addition, our scheme performs significantly better than other existing schemes in terms of communication, computational overheads, security, and features provided by our scheme

An Improved Timestamp-Based Password Authentication Scheme Using Smart Cards

With the recent proliferation of distributed systems and networking, remote authentication has become a crucial task in many networking applications. Various schemes have been proposed so far for the two-party remote authentication; however, some of them have been proved to be insecure. In this paper, we propose an efficient timestamp-based password authentication scheme using smart cards. We show various types of forgery attacks against a previously proposed timestamp-based password authentication scheme and improve that scheme to ensure robust security for the remote authentication process, keeping all the advantages that were present in that scheme. Our scheme successfully defends the attacks that could be launched against other related previous schemes. We present a detailed cryptanalysis of previously proposed Shen et. al scheme and an analysis of the improved scheme to show its improvements and efficiency.Comment: 6 page

Security improvement of two dynamic ID-based authentication schemes by Sood-Sarje-Singh

In 2010, Sood-Sarje-Singh proposed two dynamic ID-based remote user authentication schemes. The first scheme is a security improvement of Liao et al.’s scheme and the second scheme is a security improvement of Wang et al.’s scheme. In both cases, the authors claimed that their schemes can resist many attacks. However, we find that both schemes have security flaws. In addition, their schemes require a verification table and time-synchronization, making the schemes unfeasible and unsecured for electronic services. In order to remedy the security flaws of Sood et al.’s schemes, we propose a robust scheme which resists the well-known attacks and achieves all the desirable security goals.Peer ReviewedPostprint (published version