| LEADER |
03026nam a22002417a 4500 |
| 001 |
1716465 |
| 024 |
|
|
|3 10.33948/0584-027-002-010
|
| 041 |
|
|
|a eng
|
| 044 |
|
|
|b السعودية
|
| 100 |
|
|
|9 524544
|a Das, Ashok Kumar
|e Author
|
| 245 |
|
|
|a A Robust Anonymous Biometric Based Remote User Authentication Scheme Using Smart Cards
|
| 260 |
|
|
|b جامعة الملك سعود
|c 2015
|
| 300 |
|
|
|a 193 - 210
|
| 336 |
|
|
|a بحوث ومقالات
|b Article
|
| 520 |
|
|
|b Several biometric-based remote user authentication schemes using smart cards have been proposed in the literature in order to improve the security weaknesses in user authentication system. In 2012, An proposed an enhanced biometric-based remote user authentication scheme using smart cards. It was claimed that the proposed scheme is secure against the user impersonation attack, the server masquerading attack, the password guessing attack, and the insider attack and provides mutual authentication between the user and the server. In this paper, we first analyze the security of An’s scheme and we show that this scheme has three serious security flaws in the design of the scheme: (i) flaw in user’s biometric verification during the login phase, (ii) flaw in user’s password verification during the login and authentication phases, and (iii) flaw in user’s password change locally at any time by the user. Due to these security flaws, An’s scheme cannot support mutual authentication between the user and the server. Further, we show that An’s scheme cannot prevent insider attack. In order to remedy the security weaknesses found in An’s scheme, we propose a new robust and secure anonymous biometric-based remote user authentication scheme using smart cards. Through the informal and formal security analysis, we show that our scheme is secure against all possible known attacks including the attacks found in An’s scheme. The simulation results of our scheme using the widely-accepted AVISPA (Automated Validation of Internet Security Protocols and Applications) tool ensure that our scheme is secure against passive and active attacks. In addition, our scheme is also comparable in terms of the communication and computational overheads with An’s scheme and other related existing schemes. As a result, our scheme is more appropriate for practical applications compared to other approaches.
|
| 653 |
|
|
|a الهوية البيومترية
|a البطاقات الذكية
|a أمن المعلومات
|
| 692 |
|
|
|b Remote User Authentication
|b Biometrics
|b Smart Cards
|b Hash Function
|b Cryptanalysis
|b Security
|
| 773 |
|
|
|c 010
|e Journal of King Saud University (Computer and Information Sciences)
|f Maǧalaẗ ǧamʼaẗ al-malīk Saud : ùlm al-ḥasib wa al-maʼlumat
|l 002
|m مج27, ع2
|o 0584
|s مجلة جامعة الملك سعود - علوم الحاسب والمعلومات
|v 027
|x 1319-1578
|
| 700 |
|
|
|9 524975
|a Goswami, Adrijit
|e Co-Author
|
| 856 |
|
|
|u 0584-027-002-010.pdf
|
| 930 |
|
|
|d y
|p y
|q n
|
| 995 |
|
|
|a science
|
| 999 |
|
|
|c 973589
|d 973589
|
