| Under the open network environment, remote user authentication is an effective means of communicating parties to ensure secure communications. With the development of biometric technology, biometric-based user authentication technology has been widespread concerned. As palmprint can be easily captured with high recognition accuracy, so it has received more attention than other biometric feature by users. On the basis of the good authentication and recognition performance, cancelable palmprint technology can protect the user’s biometric security and privacy, and therefore has a broad development prospect. Under the single-server and the multi-server authentication environment, our paper first analyzes the safety and function of the biometric-based remote authentication protocol, and then finds the loopholes and shortcomings and proposes a new authentication protocol for addressing those problems. The main research results are as follows:We study the secure biometric-based remote user authentication with key agreement scheme using extended chaotic maps put forward by Lee et al. We found that scheme has problems in four areas, including:1) User Spoofing Attack;2) Server’s Secret Key is at Risk;3) The hash function problem;4) biometric information is easily guessed in the case of the smart card is lost. To solve these problems, we propose an improved single-server remote authentication protocol based on smart cards and cancelable palmprint features. Through security analysis, performance and functionality analysis, we find the proposed protocol can effectively achieve mutual authentication and ensure the actual functionality and security requirements under a single-server remote authentication environment.We study the uniqueness-and-anonymity-preserving remote user authentication scheme for connected health care put forward by Chang et al. Through analysis, we find that password information in the registration phase is transmitted in clear text in this scheme. The scheme uses improper BioHash algorithm, lacks three-factor authentication, can not resist tampering attacks, key agreement is not implemented and there are loopholes in the password change phase. To solve these problems, we propose a uniqueness-and-anonymity-preserving cancelable-palmprint-based remote user authentication using smart card for connected health care. The proposed scheme can resist the loopholes and shortcomings of friendliness and security to users existed in the scheme of Chang et al, with better security and privacy protection.We studied the towards secure and efficient user authentication scheme using smart card for multi-server environments put forward by Chen et al. We find that the protocol vulnerabilities still exist, such as there is no password verification in the login phase, the leakage of biometric information, repeat registration attacks, unrealized anonymous operation and so on. Focused on this particular multi-server application environment and the vulnerability in the Chen et al’ scheme, we designed a more practical remote authentication protocol using the cancelable palmprint features under multi-server environments to achieve an anonymous user operation.In summary, the schemes proposed in this paper effectively ensure the security and privacy of the biometric-based remote authentication protocol under different environments, the criterion of the performance is user’s protocol needs we summarized. The results show that the proposed authentication protocol in our paper has a higher practical performance. We also BAN logic to verify the correctness of these authentication schemes. Corresponding research can contribute not only to the application of the removable palm print features, but also to the development of network communications authentication techniques. |
PDF Full Text Request