Advertisement

A Secure Three-Factor Remote User Authentication Scheme Using Elliptic Curve Cryptosystem

  • Rifaqat Ali
  • Arup Kumar Pal
Conference paper
Part of the Lecture Notes in Electrical Engineering book series (LNEE, volume 453)

Abstract

Recently, three factors such as biometric, smart card, and password based authentication schemes have drawn considerable attention in the field of information security. In this paper, the authors have presented an elliptic curve cryptosystem based authentication scheme using biometric, smart card, and password and also analyzed the formal and informal security of the authentication scheme. In this scheme, the parameters of elliptic curve are derived from the biometric features like iris, fingerprints, etc., which is suitable to withstand the forgery. The formal and informal security analysis are done based on the BAN logic and suggested propositions, respectively. The security analysis ensures that the presented scheme can withstand various kinds of malicious attacks. In addition, the scheme is also comparable with other related schemes in the context of communication cost, computation cost, and smart card storage. The scheme is suitable to ensure high degree of security with reduced comparatively overhead.

Keywords

Authentication BAN logic Biometric Key agreement Elliptic curve cryptography (ECC) Smart card 

References

  1. 1.
    L. Lamport, Password authentication with insecure communication. Commun. ACM 24(11), 770–772 (1981)MathSciNetCrossRefGoogle Scholar
  2. 2.
    C.-C. Lee, L.-H. Li, M.-S. Hwang, A remote user authentication scheme using hash functions. ACM SIGOPS Oper. Syst. Rev. 36(4), 23–29 (2002)CrossRefGoogle Scholar
  3. 3.
    M. Peyravian, C. Jeffries, Secure remote user access over insecure networks. Comput. Commun. 29(5), 660–667 (2006)CrossRefGoogle Scholar
  4. 4.
    X.-M. Wang et al., Cryptanalysis and improvement on two efficient remote user authentication scheme using smart cards. Comput. Stand. Interfaces 29(5), 507–512 (2007)CrossRefGoogle Scholar
  5. 5.
    S. Kumari, M.K. Khan, X. Li, An improved remote user authentication scheme with key agreement. Comput. Electr. Eng. 40(6), 1997–2012 (2014)CrossRefGoogle Scholar
  6. 6.
    C.T. Li, M.S. Hwang, An efficient biometrics-based remote user authentication scheme using smart cards. J. Netw. Comput. Appl. 33(1), 1–5 (2010)CrossRefGoogle Scholar
  7. 7.
    C.H. Lin, Y.Y. Lai, A flexible biometrics remote user authentication scheme. Comput. Stand. Interfaces 27(1), 19–23 (2004)CrossRefGoogle Scholar
  8. 8.
    B.T. Nathan, R. Meenakumari, S. Usha, Formation of Elliptic Curve Using Finger Print for Network Security. In Process Automation, Control and Computing (PACC), 2011 International Conference on IEEE, pp. 1–5Google Scholar
  9. 9.
    X. Li, J.W. Niu, J. Ma, W.D. Wang, C.L. Liu, Cryptanalysis and improvement of a biometrics-based remote user authentication scheme using smart cards. J. Netw. Comput. Appl. 34(1), 73–79 (2011)CrossRefGoogle Scholar
  10. 10.
    U. Subramaniam, K. Subbaraya, A biometric based secure session key agreement using modified elliptic curve cryptography. Int. Arab J. Inf. Technol. (IAJIT) 12(2) (2015)Google Scholar
  11. 11.
    C.-T. Li, A new password authentication and user anonymity scheme based on elliptic curve cryptography and smart card. IET Inf. Secur. 7(1), 3–10 (2013)CrossRefGoogle Scholar
  12. 12.
    L. Zhang et al., Two-factor remote authentication protocol with user anonymity based on elliptic curve cryptography. Wireless Pers. Commun. 81(1), 53–75 (2015)CrossRefGoogle Scholar
  13. 13.
    Y. Zhang et al., An efficient password authentication scheme using smart card based on elliptic curve cryptography. Inf. Technol. Control 43(4), 390–401 (2014)Google Scholar
  14. 14.
    X. Xu, P. Zhu, Q. Wen, Z. Jin, H. Zhang, L. He, A secure and efficient authentication and key agreement scheme based on ECC for telecare medicine information systems. J. Med. Syst. 38(6) (2014)Google Scholar
  15. 15.
    L. Wang, Analysis and enhancement of a password authentication and update scheme based on elliptic curve cryptography. J. Appl. Math. (2014)Google Scholar
  16. 16.
    H. Arshad, M. Nikooghadam, Three-factor anonymous authentication and key agreement scheme for telecare medicine information systems. J. Med. Syst. 38(12) (2014)Google Scholar
  17. 17.
    Z. Tan, A user anonymity preserving three-factor authentication scheme for telecare medicine information systems. J. Med. Syst. 38(3), 1–9 (2014)CrossRefGoogle Scholar
  18. 18.
    Y. Lu et al., An enhanced biometric-based authentication scheme for telecare medicine information systems using elliptic curve cryptosystem. J. Med. Syst. 39(3), 1–8 (2015)CrossRefGoogle Scholar
  19. 19.
    H.L. Yeh et al., Robust elliptic curve cryptography-based three factor user authentication providing privacy of biometric data. IET Inf. Secur. 7(3), 247–252 (2013)CrossRefGoogle Scholar
  20. 20.
    M. Burrows, M. Abadi, R. Needham, A logic of authentication. ACM Trans. Comput. Syst. 8(1), 1836 (1990)CrossRefzbMATHGoogle Scholar

Copyright information

© Springer Nature Singapore Pte Ltd. 2018

Authors and Affiliations

  1. 1.Department of Computer Science and EngineeringIndian Institute of Technology (Indian School of Mines)DhanbadIndia

Personalised recommendations