On the Security of a Three Factor Remote User Authentication Scheme Using Fuzzy Extractor

  • Chien-Ming Chen
  • Yanyu Huang
  • Xiaoting Deng
  • Tsu-Yang WuEmail author
Conference paper
Part of the Smart Innovation, Systems and Technologies book series (SIST, volume 109)


A secure authenticated key exchange protocol is an important key to establish a secure wireless communication. Various research have been conducted to study the efficiency and security of these authenticated key exchange protocol. A recent work by Giri et al. proposed a three factor remote user authentication scheme using Fuzzy Extractor for single server environment. However we found that their protocol is still vulnerable against an online password guessing attack. We also found that their protocol does not provide the perfect forward secrecy. To solve such problems, we propose a simple but effective improvement.



The work of Chien-Ming Chen was supported in part by Shenzhen Technical Project under Grant number JCYJ20170307151750788 and in part by Shenzhen Technical Project under Grant number QJSCX20170327161755. The work of Tsu-Yang Wu was supported in part by the Science and Technology Development Center, Ministry of Education, China under Grant no. 2017A13025 and the Natural Science Foundation of Fujian Province under Grant no. 2018J01636.


  1. 1.
    Chen, C.M., Fang, W., Liu, S., Wu, T.Y., Pan, J.S., Wang, K.H.: Improvement on a chaotic map-based mutual anonymous authentication protocol. J. Inf. Sci. Eng. 34(2) (2018)Google Scholar
  2. 2.
    Chen, C.M., Li, C.T., Liu, S., Wu, T.Y., Pan, J.S.: A provable secure private data delegation scheme for mountaineering events in emergency system. IEEE Access 5(1), 3410–3422 (2017)Google Scholar
  3. 3.
    Chen, C.M., Xu, L., Wu, T.Y., Li, C.R.: On the security of a chaotic maps-based three-party authenticated key agreement protocol. J. Netw. Intell. 1(2), 61–66 (2016)Google Scholar
  4. 4.
    Giri, D., Maitra, T.: A three factor remote user authentication scheme using collision resist fuzzy extractor in single server environment. In: ITM Web of Conferences. vol. 13, p. 01020. EDP Sciences (2017)Google Scholar
  5. 5.
    Guo, C., Chang, C.C.: Chaotic maps-based password-authenticated key agreement using smart cards. Commun. Nonlinear Sci. Numer. Simul. 18(6), 1433–1440 (2013)MathSciNetzbMATHGoogle Scholar
  6. 6.
    Huang, X., Xiang, Y., Chonka, A., Zhou, J., Deng, R.H.: A generic framework for three-factor authentication: preserving security and privacy in distributed systems. IEEE Trans. Parallel Distrib. Syst. 22(8), 1390–1397 (2011)Google Scholar
  7. 7.
    Jiang, Q., Khan, M.K., Lu, X., Ma, J., He, D.: A privacy preserving three-factor authentication protocol for e-health clouds. J. Supercomput. 72(10), 3826–3849 (2016)Google Scholar
  8. 8.
    Ku, W.C., Chen, C.M., Lee, H.L.: Cryptanalysis of a variant of peyravian-zunic’s password authentication scheme. IEICE Trans. Commun. 86(5), 1682–1684 (2003)Google Scholar
  9. 9.
    Ku, W.C., Chen, C.M., Lee, H.L.: Weaknesses of lee-li-hwang’s hash-based password authentication scheme. ACM SIGOPS Oper. Syst. Rev. 37(4), 19–25 (2003)Google Scholar
  10. 10.
    Lamport, L.: Password authentication with insecure communication. Commun. ACM 24(24), 770–772 (1981)Google Scholar
  11. 11.
    Li, C.T., Chen, C.L., Lee, C.C., Weng, C.Y., Chen, C.M.: A novel three-party password-based authenticated key exchange protocol with user anonymity based on chaotic maps. Soft Comput. 22(8), 2495–2506 (2018)zbMATHGoogle Scholar
  12. 12.
    Li, C.T., Hwang, M.S.: An efficient biometrics-based remote user authentication scheme using smart cards. J. Netw. Comput. Appl. 33(1), 1–5 (2010)Google Scholar
  13. 13.
    Li, C.T., Lee, C.C., Weng, C.Y., Chen, C.M.: Towards secure authenticating of cache in the reader for RFID-based IOT systems. Peer-To-Peer Netw. Appl. 11(1), 198–208 (2018)Google Scholar
  14. 14.
    Li, X., Niu, J.W., Ma, J., Wang, W.D., Liu, C.L.: Cryptanalysis and improvement of a biometrics-based remote user authentication scheme using smart cards. J. Netw. Comput. Appl. 34(1), 73–79 (2011)Google Scholar
  15. 15.
    Li, X., Xiong, Y., Ma, J., Wang, W.: An efficient and security dynamic identity based authentication protocol for multi-server architecture using smart cards. J. Netw. Comput. Appl. 35(2), 763–769 (2012)Google Scholar
  16. 16.
    Liao, Y.P., Wang, S.S.: A secure dynamic ID based remote user authentication scheme for multi-server environment. Comput. Stand. Interfaces 31(1), 24–29 (2009)Google Scholar
  17. 17.
    Mishra, D., Das, A.K., Mukhopadhyay, S.: A secure user anonymity-preserving biometric-based multi-server authenticated key agreement scheme using smart cards. Expert. Syst. Appl. 41(18), 8129–8143 (2014)Google Scholar
  18. 18.
    Odelu, V., Das, A.K., Goswami, A.: A secure biometrics-based multi-server authentication protocol using smart cards. IEEE Trans. Inf. Forensics Secur. 10(9), 1953–1966 (2015)Google Scholar
  19. 19.
    Sun, H.M., He, B.Z., Chen, C.M., Wu, T.Y., Lin, C.H., Wang, H.: A provable authenticated group key agreement protocol for mobile environment. Inf. Sci. 321, 224–237 (2015)MathSciNetzbMATHGoogle Scholar
  20. 20.
    Wang, D., Wang, P.: Two birds with one stone: two-factor authentication with security beyond conventional bound. IEEE Trans. Dependable Secur. Comput. (2016)Google Scholar
  21. 21.
    Wang, K.H., Chen, C.M., Fang, W., Wu, T.Y.: A secure authentication scheme for internet of things. Pervasive Mob. Comput. 42, 15–26 (2017)Google Scholar
  22. 22.
    Wang, K.H., Chen, C.M., Fang, W., Wu, T.Y.: On the security of a new ultra-lightweight authentication protocol in IoT environment for RFID tags. J. Supercomput. 74(1), 65–70 (2018)Google Scholar
  23. 23.
    Yeh, K.H.: A lightweight authentication scheme with user untraceability. Front. Inf. Technol. Electron. Eng. 16(4), 259–271 (2015)Google Scholar
  24. 24.
    Yoon, E.J., Yoo, K.Y.: Robust biometrics-based multi-server authentication with key agreement scheme for smart cards on elliptic curve cryptosystem. J. Supercomput. 63(1), 235–255 (2013)Google Scholar
  25. 25.
    Zhu, H., Zhang, Y., Xia, Y., Li, H.: Password-authenticated key exchange scheme using chaotic maps towards a new architecture in standard model. IJ Netw. Secur. 18(2), 326–334 (2016)Google Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  • Chien-Ming Chen
    • 1
  • Yanyu Huang
    • 1
  • Xiaoting Deng
    • 1
  • Tsu-Yang Wu
    • 2
    • 3
    • 4
    Email author
  1. 1.Harbin Institute of Technology (Shenzhen)ShenzhenChina
  2. 2.College of Computer Science and EngineeringShandong University of TechnologyShandongChina
  3. 3.Fujian Provincial Key Laboratory of Big Data Mining and ApplicationsFujian University of TechnologyFuzhouChina
  4. 4.National Demonstration Center for Experimental Electronic Information and Electrical Technology Education (Fujian University of Technology)Fujian University of TechnologyFuzhouChina

Personalised recommendations