More efficient key-hash based fingerprint remote authentication scheme using mobile device

Today, the world is taking large leaps of progress in technology. The technology is turning the vision of achieving transparency, speed, accuracy, authenticity, friendliness and security in various services and access control mechanisms, into reality. Consequently, new and newer ideas are coming for...

Full description

Saved in:
Bibliographic Details
Published in:Computing 2014-09, Vol.96 (9), p.793-816
Main Authors: Khan, Muhammad Khurram, Kumari, Saru, Gupta, Mridul K.
Format: Article
Language:English
Subjects:
Access control
Access control to computer data
Analysis
Artificial Intelligence
Authentication
Authentication protocols
Biometrics
Chaos theory
Computer Appl. in Administrative Data Processing
Computer Communication Networks
Computer information security
Computer Science
Cybersecurity
Fingerprinting
Fingerprints
Fractal analysis
Information Systems Applications (incl.Internet)
Mathematics
Mobile communication systems
Registration
Remote computing
Servers
Smart cards
Software Engineering
Solitons
Studies
Citations: Items that this one cites
Items that cite this one
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Today, the world is taking large leaps of progress in technology. The technology is turning the vision of achieving transparency, speed, accuracy, authenticity, friendliness and security in various services and access control mechanisms, into reality. Consequently, new and newer ideas are coming forth by researchers throughout the world. Khan et al. (Chaos Solitons Fractals 35(3):519–524, 2008 ) proposed remote user authentication scheme with mobile device, using hash-function and fingerprint biometric. In 2012, Chen et al. pointed out forged login attack through loss of mobile device on Khan et al.’s scheme and subsequently proposed a scheme to improve on this drawback. Truong et al. (Proceedings of 26th IEEE International Conference on Advanced Information Networking and Applications, pp 678–685, 2012 ) demonstrated that in Chen et al.’s scheme, an adversary can successfully replay an intercepted login request. They also showed that how an adversary can make fool of both the participants of Chen et al.’s protocol by taking advantage of the fact that the user is not anonymous in scheme. Further, they proposed an improvement to Chen et al.’s scheme to cut off its problems. Through this paper, we show that Chen et al.’s scheme has some other drawbacks too and the improvement proposed by Truong et al. is still insecure and vulnerable. We also propose an improved scheme which overcomes the flaws and inherits the goodness of both the schemes, Chen et al.’s scheme and Truong et al.’s scheme.
ISSN:0010-485X
1436-5057
DOI:10.1007/s00607-013-0308-2