The Wayback Machine - https://web.archive.org/web/20221125023224/https://onlinelibrary.wiley.com/doi/10.1002/sec.1010
Security and Communication Networks
Research Article
Full Access

Analysis and improvement of a multi-factor biometric authentication scheme

Liling Cao,

Corresponding Author

Liling Cao

Department of Electronic and Information Engineering, Tongji University, Shanghai, China

Department of Engineering Science and Technology, Shanghai Ocean University, Shanghai, China

Correspondence: Liling Cao, Department of Electronic and Information Engineering, Tongji University, Shanghai, China.

E-mail: llcao@shou.edu.cn

Search for more papers by this author
Wancheng Ge,

Wancheng Ge

Department of Electronic and Information Engineering, Tongji University, Shanghai, China

Search for more papers by this author
First published: 07 May 2014
Citations: 14

This paper is sponsored by the Rohde & Schwarz Ltd., Germany

Get access to the full version of this article. View access options below.
Institutional Login
Loading institution options...
Log in to Wiley Online Library

If you have previously obtained access with your personal account, please log in.

Purchase Instant Access
    • Unlimited viewing of the article/chapter PDF and any associated supplements and figures.
    • Article/chapter can be printed.
    • Article/chapter can be downloaded.
    • Article/chapter can not be redistributed.

Abstract

In order to enhance the security in wireless communication, authentication schemes come to be more crucial and widely deployed recently, especially those which are referred to as multi-factor biometric authentication that base on password, biometrics, and smart card protections. A new scheme in this way was proposed in 2010 by Li and Hwang. Then Das extended the work of Li et al. and made an improvement of their weak scheme in 2011. However, in 2012, Younghwa An demonstrated that Das's protocol failed to achieve mutual authentication for the server and the user. In this paper, it is described that Younghwa An's scheme cannot withstand the following two attacks. (i) It is still vulnerable to replay attack, then an adversary can masquerade as the legal server. (ii) It cannot provide user anonymity and resistance to user masquerading attack, because an adversary can execute the re-registration process by intercepting the IDi in the login phase. Therefore, an improvement to Younghwa An's scheme is presented in this paper. Then, security formal analysis of the modified scheme using the Burrows–Abadi–Needham logic is given, which demonstrates that the modified scheme with slight high computation costs can protect against the several possible attacks. Copyright © 2014 John Wiley & Sons, Ltd.

The full text of this article hosted at iucr.org is unavailable due to technical difficulties.