Ashok Kumar Das scite author profile

Recently, in 2014, He and Wang proposed a robust and efficient multi-server authentication scheme using biometrics-based smart card and elliptic curve cryptography (ECC). In this paper, we first analyze He-Wang's scheme and show that their scheme is vulnerable to a known session-specific temporary information attack and impersonation attack. In addition, we show that their scheme does not provide strong user's anonymity. Furthermore, He-Wang's scheme cannot provide the user revocation facility when the smart card is lost/stolen or user's authentication parameter is revealed. Apart from these, HeWang's scheme has some design flaws, such as wrong password login and its consequences, and wrong password update during password change phase. We then propose a new secure multiserver authentication protocol using biometric-based smart card and ECC with more security functionalities. Using the BurrowsAbadi-Needham (BAN) logic, we show that our scheme provides secure authentication. In addition, we simulate our scheme for the formal security verification using the widely-accepted and used AVISPA (Automated Validation of Internet Security Protocols and Applications) tool, and show that our scheme is secure against passive and active attacks. Our scheme provides high security along with low communication cost, computational cost, and variety of security features. As a result, our scheme is very suitable for battery-limited mobile devices as compared to HeWang's scheme.

show abstract

Analysis and improvement on an efficient biometric-based remote user authentication scheme using smart cards

Das

2011

IET Inf. Secur.

220

210

View full text Add to dashboard Cite

The author first reviews the recently proposed Li-Hwang's biometric-based remote user authentication scheme using smart cards; then shows that the Li-Hwang's scheme has some design flaws in their scheme. In order to withstand those flaws in their scheme, an improvement of their scheme is further proposed. The author also shows that the improved scheme provides strong authentication with the use of verifying biometric, password as well as random nonces generated by the user and the server as compared to that for the Li-Hwang's scheme and other related schemes.

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Ashok Kumar Das

Secure Signature-Based Authenticated Key Establishment Scheme for Future IoT Applications

Design and Analysis of Secure Lightweight Remote User Authentication and Key Agreement Scheme in Internet of Drones Deployment

Provably Secure Authenticated Key Agreement Scheme for Smart Grid

A Secure Biometrics-Based Multi-Server Authentication Protocol Using Smart Cards

Analysis and improvement on an efficient biometric-based remote user authentication scheme using smart cards

Contact Info

Product

Resources

About