ارسل ملاحظاتك

ارسل ملاحظاتك لنا







يجب تسجيل الدخول أولا

A Robust Anonymous Biometric Based Remote User Authentication Scheme Using Smart Cards

المصدر: مجلة جامعة الملك سعود - علوم الحاسب والمعلومات
الناشر: جامعة الملك سعود
المؤلف الرئيسي: Das, Ashok Kumar (Author)
مؤلفين آخرين: Goswami, Adrijit (Co-Author)
المجلد/العدد: مج27, ع2
محكمة: نعم
الدولة: السعودية
التاريخ الميلادي: 2015
الصفحات: 193 - 210
DOI: 10.33948/0584-027-002-010
ISSN: 1319-1578
رقم MD: 973589
نوع المحتوى: بحوث ومقالات
اللغة: الإنجليزية
قواعد المعلومات: science
مواضيع:
كلمات المؤلف المفتاحية:
Remote User Authentication | Biometrics | Smart Cards | Hash Function | Cryptanalysis | Security
رابط المحتوى:
صورة الغلاف QR قانون
حفظ في:
المستخلص: Several biometric-based remote user authentication schemes using smart cards have been proposed in the literature in order to improve the security weaknesses in user authentication system. In 2012, An proposed an enhanced biometric-based remote user authentication scheme using smart cards. It was claimed that the proposed scheme is secure against the user impersonation attack, the server masquerading attack, the password guessing attack, and the insider attack and provides mutual authentication between the user and the server. In this paper, we first analyze the security of An’s scheme and we show that this scheme has three serious security flaws in the design of the scheme: (i) flaw in user’s biometric verification during the login phase, (ii) flaw in user’s password verification during the login and authentication phases, and (iii) flaw in user’s password change locally at any time by the user. Due to these security flaws, An’s scheme cannot support mutual authentication between the user and the server. Further, we show that An’s scheme cannot prevent insider attack. In order to remedy the security weaknesses found in An’s scheme, we propose a new robust and secure anonymous biometric-based remote user authentication scheme using smart cards. Through the informal and formal security analysis, we show that our scheme is secure against all possible known attacks including the attacks found in An’s scheme. The simulation results of our scheme using the widely-accepted AVISPA (Automated Validation of Internet Security Protocols and Applications) tool ensure that our scheme is secure against passive and active attacks. In addition, our scheme is also comparable in terms of the communication and computational overheads with An’s scheme and other related existing schemes. As a result, our scheme is more appropriate for practical applications compared to other approaches.

ISSN: 1319-1578

عناصر مشابهة