(IJCNS) International Journal of Computer and Network Security, 91
Vol. 2, No. 1, January 2010
An Improved Biometric Remote User
Authentication Scheme Based on Nonce
Keerti Srivastava, Amit K Awasthi, R.C.Mittal
keerti.psit@gmail.com awasthi@psit.in
Group of Cryptology Research, Department of Applied sciences Pranveer Singh Institute of
Technology, Kanpur, U.P INDIA
Department of Mathematics Indian Institute Of Technology, Roorkee, U.A, INDIA
Abstract: Today, In the online transactions (e-banking, mobile
banking etc.), a remote user authentication is a tool to
authenticate remote users; various authentication schemes have
been proposed so far. Khan et al. in 2006 contributed a
significant and novel idea to further strengthen and arrive at the
secure communication network, their idea carried a concept of
chaotic hash-based fingerprint biometric remote user
authentication scheme, but even this was vulnerable to a few
deadly attacks. The current paper identifies some attacks and
proposes new improved scheme thereon.
Keywords: Authentication, spoofing attack, smart card, security
improvements.
1. Introduction
In 1981, Lamport [9] proposed authentication scheme using
cryptographic hash function. However, high hash overhead
and the necessity for password resetting decrease its
suitability for practical use. Since then, many improved
password authentication schemes e.g. [16] [13] [2] [19] have
been proposed. One of the common features of these
schemes is that the server has to securely store a verification
table. If the verification table is stolen by the adversary, the
system may be broken. To resist such a stolen-verifier
attack, in 1990 Hwang et al.[20] proposed a non-interactive
password authentication scheme and its enhanced version,
which additionally uses smart cards. In Hwang et al.'s
schemes, the server does not require any verification table.
In 2000, Hwang and Li [14] proposed a verification-free
password authentication scheme using smart cards based on
ElGamal's public-key technique [18]. However, Hwang-Li's
scheme doesn't allow users freely choosing and changing
their passwords. Furthermore, Hwang-Li's scheme was
found to be vulnerable to various impersonation attacks [4],
[3], [8]. To improve the efficiency, H.M.Sun proposed a
light weight verification table free password authentication
scheme [7] using smart cards based on cryptographic hash
functions. The major drawback of Sun’s scheme is that the
password is not easily memorizable and the user can not
freely chooses or changes his/her password. Various
password protection mechanism in use, carry the risk of
theft, willingly-unwillingly key disclosure to unauthorized
user. Biometric dovetailed with typical remote user
authentication scheme has made it infallible, as biometric
works on physical behaviors, fingerprints, voice recognition
etc.
In 2006, [12] Khan et al formulated biometric remote user
authentication scheme with chaos in its deterministic from
with in the real word omnipresence for a more secure design
of communication protocol [23] [11]. Chaotic cryptography
with its random behavior constitutes a potential protection
asset in modern cryptography. Khan et al schemes based on
new family of one-way collision free chaotic hash function
[1] showed its supremacy over modular exponentiation-
based authentication schemes e.g. Diffie-Helman [1] El
Gamal [18] and RSA based encryption algorithms [7].
Khan's scheme however is exposed to privileged insider
attacks to the remote system [22] and is also exposed to
impersonation attack, as the adversary can be authenticated
even if attacker does not have the valid password [6]. As a
remedy to these pitfalls, this paper presents an efficient
improvement on them with more security. as a result
proposed scheme can withstand the previously proposed
attacks.
2. Chaotic Hash Function
This section briefly reviews chaotic hash function [12]
[11].This is a one way function/transformation which makes
them an ideal candidate to be used for the collision free one
way hash function. After applying this function an arbitrary
input becomes a fixed-size string, called as hash value [10].
In 2005, Wang et al.[15] created a chaotic hash algorithm
based on n-D nonlinear autoregressive filter. The chaotic
hash function is an iterative hash function. It can be
represented by
, where is a round function,
is input value of , is the message sub block,
is the inter hash value and is the final hash value.
3. Review of Khan et al. scheme
This section briefly reviews the Khan et al.'s scheme which
is composed of four phases: registration, login,
authentication, and password change. Information held by
remote system:
92 (IJCNS) International Journal of Computer and Network Security,
Vol. 2, No. 1, January 2010

USER REMOTE SYSTEM login application software and enters identity and
Choose identity password and imprints a fingerprint biometric at the
sensor. If is successfully verified by his/her fingerprint
Choose password biometric, a mobile device will perform the following
operations:
Input fingerprint 1. Computes and verifies
Impression whether . If not equal, the device terminates the
Compute operation otherwise it performs further operations.
⊕x) 2. Computes where is the current
timestamps of the device .
Store 3. At the end of the login phase, sends the login message
in mobile device to the remote system over an insecure network.

Figure 1. REGISTRATION PHASE 3.3. Authentication Phase

When the remote system receives the message
from the user, the remote system and the user perform the
USER REMOTE SYSTEM following operations:
Input 1. The remote system checks either the format of is
Imprint fingerprint invalid or , where is the current time stamp of the
Verify fingerprint remote system. then rejects the login request.
compute 2. If Where denotes the expected valid
time interval for transmission delay, then the remote system
Verify rejects the login request. Otherwise performs following
Pick up , Compute steps.
3.The remote system computes
. if is equal to the received
Check , Pick up
. it means the user is authentic, the remote system accepts
Check
the login request and performs next step otherwise rejected.
4. For mutual authentication, the remote system computes
Verify
and then sends a mutual
authentication message to the .
5. Upon receiving the message the user verifies that
either is invalid or then the user terminates
this session; otherwise performs next step.
6. Computes and compares
Check if this is true, the user believes that the remote party is
authentic and mutual authentication completes.
Figure 2. LOGIN PHASE
3.4. Password change Phase
3.1. Registration Phase Whenever wants to change or update his/her old
Fig.1shows the registration phase of Khan et al.'s scheme. In password to the new one , he/she opens the login
the registration phase user chooses his/her identity application on his/her mobile device and enters his/her
and password and interactively submits these to the old password , new password and also imprints a
registration center. also imprints his/her fingerprint fingerprint at the sensor. If is successfully verified by
impression at the sensor, and then registration system his/her fingerprint at the device performs the following
performs the following operations. operations.
1. Compute
1. Computes where is the private key of 2. Verifies whether or not, if the two are equal, the
the remote system and is a bit-wise exclusive-OR- mobile device performs further operations.
operation and is a collision free one-way chaotic hash 3. Computes .
function. 4. Store on the user's mobile device and replaces the old
2. Computes , where the value of . Next the new password is successfully
extracted fingerprint template of the user is. updated and phase is terminated.
3. The remote system personalizes the secure
information and saves it into the mobile
4. Weaknesses and drawbacks of Khan et al.
device send it to the system of the .
scheme
3.2. Login Phase
Fig 2 shows the login phase of the Khan et al.'s scheme. If
wants to login the remote system, he or she opens the
 (IJCNS) International Journal of Computer and Network Security, 93
Vol. 2, No. 1, January 2010

In this section, we will demonstrate that Khan et al. scheme USER REMOTE SYSTEM
is vulnerable to an impersonation attack and an insider Choose
attack. identity
Choose
4.1. Privileged Insider Attack password

Khan et al.'s scheme is vulnerable to privileged insider Input

attacks [22]. In the registration phase of Khan et al.'s fingerprint
scheme, the user ’s password will be revealed to the Impression
remote system because it is directly transmitted to the Imprint
remote system. In practice, user offers the same password nonce
to access several remote servers for then convenience. Compute
Thus a privileged insider of the remote system may try to
use ’s password to impersonate the legal to login
to the other remote systems so that has registered with
outside this system. If the targeted outside remote system
adopts the normal password authentication scheme, it is
possible that the privileged insider of the remote system
could successfully impersonate to login to it by
using . Although it is also possible that all the privileged
insiders of the remote system can be trusted and that does
not use the same password to access several systems, the
implementers and the users of the scheme should be aware Figure 3. REGISTRATION PHASE
of such a potential weakness.

4.2. Spoofing Attack by using Lost or Stolen Mobile USER REMOTE SYSTEM
Device Input ,
Input fingerprint
Impression
Khan et al.'s. Scheme is vulnerable to spoofing attack by ,
using lost or stolen mobile devices (smart card) by Verify
monitoring the power consumption [5], [17]. An adversary
Pick up
can intercept the mutual authentication message ( ) Compute
and re-send the forge message i.e., to the user and it
could not be verified by step-(6) in authentication phase of
Check
Khan et al.'s scheme, because is open on the mobile Check
device. Precisely, if an attacker gets a user's mobile device
and extracts secure value from it, then Verify
attacker could simply be authenticated by using without
knowing valid password. Check
Figure 4. LOGIN PHASE
4.3. Impersonation attack
5.1. Registration Phase
Khan et al.'s scheme is vulnerable to impersonation attacks
using lost or stolen mobile devices. Namely, a user can be
Fig 3 shows the registration phase of proposed scheme. In
authenticated to a remote system even if he or she does not
the registration Phase user Ui chooses his/her identity
have the valid password . Precisely, if an attacker gets a
user's mobile device and extracts secure value from the and password , a random nonce and interactively
mobile device, then he or she can simply be authenticated by submits; , encrypted with public key
using without the user's password. to the registration centre. Ui also imprints his/her
fingerprint impression with nonce i.e. at the
5. Proposed biometric authentication nonce sensor, and then registration system performs the following
operations:
based scheme 1. Decrypt the encrypted message by the server private key
and get .
This section proposes an improvement of Khan et al.'s 2. Compute from and .
scheme, that can remove the above security flaws. The 3. Computes and where
proposed scheme is also composed of four phases: the private key of the remote system is, is a bit-wise
registration, login, authentication, password change. exclusive-OR operation, is a collision free one-way
Information held by Remote System: . chaotic hash function.
94 (IJCNS) International Journal of Computer and Network Security,
Vol. 2, No. 1, January 2010

4. Computes where Si is the analysis the enhanced security features of our improved
extracted fingerprint template of the user. scheme.
5. The remote system personalizes the secure information
and saves it into the mobile device and 6.1. Resistance to guessing attack
send to the user Ui.
A guessing attack involves an adversary tries to get
5.2. Login Phase long-term private keys (user's password or server secret
and private key), but using non invertible chaotic hash
Fig 4 shows the login phase of the proposed scheme. If Ui
wants to login the remote system, he or she opens the login
function for any attacker it becomes difficult to extract
application software, enters identity and password by knowing .although the adversary can
and imprints a fingerprint biometric at the sensor. If obtain the secret information stored in the stolen smart
Ui is successfully verified by his/her fingerprint biometric, a card by analyzing the leaked information [21] however
mobile device will perform the following operations: adversary could not be able to extract .
1. Computes , and verifies
whether or not. If equal the user's device 6.2. Resistance to parallel session, reflection attack
performs further operation; otherwise it terminates the
operation. In parallel session attack, with knowing the correct
2. Computes , where the current password of the user, an attacker can masquerade as the
timestamps of the device is. legal user by creating a valid login message out of some
3. At the end of the login phase, Ui sends the login message eavesdropped communication between the user and the
to the remote system over a secure network. server. But our proposed scheme is free from parallel session
attack.
5.3. Authentication Phase
6.3. Resistance to insider attack
In the authentication phase, when the remote system
receives the message from the user, the If an insider attacker has obtained ’s password
remote system and user perform following operations. .he can try to impersonate to access other server. In
1. The remote system checks if the format of is the registration phase of the improved scheme, sends
invalid or if where is the current time stamp encrypted password with appropriate nonce,
of the remote system, then rejects the login request. i.e. thus will not be revealed to the
2. If Where denotes the expected valid attacker without knowing remote system's private key.
time interval for transmission delay, and then the remote Since in the proposed scheme insider attacker can not
system rejects the login request. obtain , So the improved scheme can with stand the
3. The remote system insider attack.
computes , if . It
means the user is authentic and the remote system 6.4. Resistance to server spoofing attack
accepts the login request and performs the next step,
otherwise the login request is rejected. The spoofing attack completely solved by providing mutual
4. For mutual authentication, the remote system authentication between user and server. Since remote system
computes and then sends a S sends mutual authentication message to the user in
login phase and If an attacker intercepts it and resend the
mutual authentication message ; to the Ui
forged message i.e to user U, but it will not be verified
5. Upon receiving the message , the user verifies
by authentication phase since .
that either is invalid or , and then the user Ui
Therefore proposed scheme can withstand the spoofing
terminates this session; otherwise performs the next attack.
step.
6. Ui compute and compares
7. Conclusion
. If equal, the user believes that the remote
party is an authentic and it holds mutual authentication Here, this paper has demonstrated that khan et al.[12]
between the user and server. remote user authentication scheme is vulnerable to an
impersonation attack, insider attack and pointed out the
6. Security Analysis drawbacks of khan et al.'scheme for practical uses.
Finally this paper proposes a more secure remote user
Next, this section shows that the improved scheme is authentication scheme with better resistance to the
impersonation attack, the stolen smart card attack, the
secure against the impersonation attack, privileged
privileged insider attack.
insider attack, the stolen verifier attack and this section
 (IJCNS) International Journal of Computer and Network Security, 95
Vol. 2, No. 1, January 2010

References [19] T.H.Chen and W.B.Lee. A new method for using hash
function to solve remote user authentication. Computers
[1] A.J.Menezes, P.C.Oorschot, and S.A.Vanstone. and Electrical Engineering, (34):53-62, 2008.
Handbook of applied cryptography. CRC Press, 1997. [20] T.Hwang, Y.Chen, and C.S.Laih. Non-interactive
[2] A.Shimizu. A dynamic password authentication method password authentication without password tables. IEEE
by one-way function. IEICE Transactions, d-1(7)(J- Region 10 Conference on Computer and Communication
73):1-15. System,Hong Kong, pages 429-31.
[3] C.C.Chang and K.F.Hwang. Some forgery attack on a [21] T.S.Messerges, E.A.Dabbish, and R.H.Sloan.
remote user authentication scheme using smart card. Examining smart-card security under the threat of power
Informatica, (14(3)):289-294, 2003. analysis attacks. IEEE Transaction on Computers,
[4] C. K. Chan and L. M. Cheng. Cryptanalysis of a remote 51(5):541-552, 2002.
user authentication scheme using smart cards. IEEE [22] W.C.Ku, H.M.Chuang, and M.J.Tsaur. Vulnerabilities
Transactions on Consumer Electronics, 46(4):992-93, of wu-chieu improved password authentication scheme
2000. using smart cards. IEICE Transaction Fundamentals,
[5] E.J.Yoon, E.K.Ryu, and K.Y.Yoo. Attacks on the shen et A(11)(E88):3241-43, 2005.
al's timestamp- based password authentication scheme [23] X.M.Wang, Z.Jiashu, and Z.Wenfang. Keyed hash
using smart cards. IEICE Transactions on Fundamental, function based on composite nonlinear autogressive lter.
A(1)(E88):319-21, 2005. Acta Phy Sinica, 54:5566-5573, 2005.
[6] E.J.Yoon, E.K.Ryu, and K.Y.Yoo. An improvement of
hwang-lee-twang; simple remote user authentication.
Computer Security, (24):50-56, 2005.
[7]H.M.Sun.An eficient remote user authentication scheme
using smart cards. IEEE Transaction on Consumer
Electronics, 46(4):958-61, 2000.
[8] H.T.Yeh, H.M.Sun, and B.T.Hsieh. Security of a remote
user authentication scheme using smart cards. IEICE
Transactions on Communication, B(1)(E87):192-94,
2004.
[9] L.Lamport. Password authentication with insecure
communication. Communications of the ACM, (24):770-
72, 1981.
[10] M.Bellare, R.Canethi, and H.Krawzk. Keying hash
function for message authentication. LNCS-1996
Advances in Cryptology-CRYPTO'96, (1109):1-15,
1996.
[11] M.K.Khan, Z.Jiashu, and T.Lei. Chaotic secure
content-based hidden transmission of biometric
templates. Chaos,Solitons and fractals, 32(5):1749-59,
2007.
[12] M.K.Khan, Z.Jiashu, and X.M.Wang. Chaotic hash
based fingerprint biometric remote user authentication
scheme on mobile devices. Chaos,Solitons and fractals,
35(3):519-24, 2006.
[13] M.Sandirigama, A.Shimizu, and M.T.Noda. Simple
and secure password authentication protocol(sas). IEICE
Transaction Communication, B(6)(E83):1363-65, 2000.
[14] M.S.Hwang and L.H.Li. A new remote user
authentication scheme using smart card. IEEE
Transaction Consumer Electronics, 46(1):28-30, 2000.
[15] M.Wang, J.Z.Lu, and X.F.Li. Remote password
authentication scheme based on smart cards. Computer
Application, 25(10):2289-90, 2005.
[16] N.H.Haller. The s/key(tm) one time password
system,proc. Internet Society Symposium on Network
and Distributed System Seurity, pages 151-158, 1994.
[17] P.Kochar, J.Jae, and B.Jun. Differential power analysis.
Advances in Cryptology(CRYPTO'99), pages 388-97,
1999.
[18] T.Elgamal. A public key cryptosystem and a signature
scheme based on discrete logarithm. IEEE Transactiions
on Information theory, 31(4):469-72, 1985.