Analysis and enhancements of an efficient biometricbased remote user authentication scheme using smart cards

Transcription

1 Analysis and enhancements of an efficient biometricbased remote user authentication scheme using smart cards Sana Ibjaoun 1,2, Anas Abou El Kalam 1, Vincent Poirriez 2 1 University Cadi Ayyad, Marrakesh, Morocco Abdellah Ait Ouahman 1, Mina de Montfort 3 2 University of Valenciennes and Hainaut Cambrésis, Valenciennes, France 3 Artimia, Paris, France Abstract Recently, many biometrics-based user authentication schemes using smart cards have been proposed to improve the security weaknesses in user authentication system. In this paper, we analyze the security of An s authentication scheme [9], and we show that An s authentication scheme is still insecure against various attacks. To fix the security problems identified we propose an enhanced scheme. A detailed security analysis of the proposed scheme is presented followed by its efficiency comparison. Furthermore, we formally proof the security of the enhanced using AVISPA tool. Keywords Biometric; finger vein; authentication;smart card; formal verification; AVISPA I. INTRODUCTION The biometrics authentication system offers several advantages over other security methods. Passwords might be divulged or forgotten, and smart cards might be shared, lost, or stolen. In contrast, personal biometrics, such as finger vein, have no such drawbacks. It is ideally suited for both high security and remote authentication applications due to the nonreturnable nature and user convenience [18]. Remote authentication is a form of e-authentication in which user credentials, as proof of identities, are submitted over a network connection. Remote authentication poses unique security challenges given its open, uncontrolled and unsupervised nature. There are two problems in applying personal biometrics to remote authentication. One of the most important is obtaining easily some biometric characteristics, so that the results can never be changed. Another is the difficulty of checking whether the device is capable of verifying that a person is alive since the biometric capture devices are remotely located [17]. Because of such problems, the best approach is to integrate biometrics with passwords or cryptographic keys and smart cards to construct a secure three-factor authentication scheme. The reliability of biometrics authentication over traditional password-based authentication gave rise to several biometricsbased user authentication schemes [1-6]. Based on the one-way hash function, biometrics verification and smart card, [7, 8] proposed an efficient biometric-based remote user authentication scheme, in which the computation cost is relatively low compared with other related schemes. Recently, in [9] Y. An showed that Das s scheme [8] neither provides proper authentication nor resists the man-in-the-middle attacks. He then presented an improved scheme to fix the problem. In this article, we show that An s scheme is still insecure, because it has several security weaknesses and it does not provide mutual authentication as the user/server impersonation attack is still possible. We remedy this situation by suggesting a new robust and secure scheme. We also demonstrate how our scheme is efficient. Furthermore, the security of the enhanced scheme will be demonstrated by formal proofs using AVISPA tool. The rest of this paper is organized as follows. Related works are introduced in section 2. Section 3 analyzes An s scheme and its security. Then section 4 proposes a new biometric based remote user authentication scheme using smart card, which is efficient and provides mutual authentication. Section 5 discusses the security analysis of our scheme and gives comparisons with other related scheme. After that in section 6, we formally evaluate our scheme using AVISPA. Finally, in section 7 we draw up our conclusions and give some future works. II. RELATED WORKS Several three-factor authentication schemes has been proposed in the literature In [7] Li and Hwang proposed an efficient biometrics-based remote user authentication scheme using smart cards. Their scheme is based on biometrics verification, smart card and one-way hash function, and it also uses a random nonce rather than a synchronized clock, and thus it is very efficient in computational cost. Li and Hwang s scheme is composed of four phases: registration phase, login phase, authentication phase and password change phase. There are three participants, the registration center (R) which is assumed /16/$ IEEE

2 to be a trusted party, the server (S i ) and the user (C i ). The communication with R is assumed to use a secure channel. Li and Hwang s scheme is very efficient in terms of communication and storage space, but it suffers from the impersonation attacks and the man-in-the-middle attack [8]. In [8] Das pointed out also that Li and Hwang s scheme does not resolve security drawbacks in password change phase, and in verification of biometrics. Based on this weakness, Das proposed an improvement of Li and Hwang s scheme. His system is secure against the user impersonation attack, the server masquerading attack, the parallel session attack, and the stolen password attack, and provide mutual authentication. The improvement is also composed of four phases, and the password change phase is the same as that of Li and Hwang s scheme. Later, in [9] An showed that Das s authentication scheme is still vulnerable to the various attacks such as user/server impersonation attack, and therefore does not provide mutual authentication between the user and the server. An propose an enhanced scheme to remove these security problems of Das s authentication scheme. An ensures that his system remains secure even if the secret information stored in the smart card is revealed to an attacker. In An s scheme the password change phase is not provided. III. SECURITY ANALYSIS OF AN S SCHEME A. Review of An s scheme In this section, we review the An s scheme [9]. This scheme has three phases: registration phase, login phase, and authentication phase. However, this scheme does not specify the procedure to changing the user s password locally as suggested in Li Hwang s scheme [7] and Das s scheme [8]. We use the notations in Table 1 for describing An s scheme and its security analysis. C i S i SC i R i ID i PID i PW i B i h(.) W(.) X S R c R s TABLE I. Client (user) Server Smart Card of Ci NOTATION USED IN AN S SCHEME Trust registration center Identity of user Pseudonym of user Password of Ci Biometric template of the user One-way hash function Watermarking function A secret information maintained by the server A random number chosen by the client A random number chosen by the server // Concatenation of messages XOR operation Registration phase Before logging in the remote server S i, a user C i initially has to register to the trusted registration center R i as explained in the following steps. (R1) C i generates a random number K that is kept secret to him. C i then submits his identity ID i and password information PW i K to R i through a secure channel. In addition, the user submits his biometrics information B i K on the specific device to R i. C i sends the message { ID i, PW i K, B i K} to R i via a secure channel. (R2) R i computes f i = h(b i K), r i = h(pw i K) fi and e i = h(id i //X S ) r i, where X S is a secret value generated by the server. (R3) R i stores (ID i, h(.), f i, e i ) on the user s smart card and sends it to the user via a secure channel. In addition, C i stores the previously generated secret number K into his smart card. Login phase When the user C i wants to login to the remote server S i, the user has to perform the following steps in order to send the login request message to S i for authentication purpose. (L1) C i inserts his smart card into a card reader and inputs the personal biometrics information B i on the specific device to verify user s biometrics. If the biometrics information h(b i K) matches the template f i stored in the system, C i passes the biometrics verification, otherwise, the login process is terminated immediately. (L2) C i inputs the ID i and PW i, and then the smart card computes the following equations, where R c is a random number generated by the user: r i '= h(pw i K) f i, M1= e i r i ', M2=M1 R c, M3= h(m1//r c ). (L3) Finally, C i sends the login request message {ID i, M2, M3} to S i for authentication. Authentication phase After receiving the request login message, the remote server S i has to perform the following steps with the user C i to authenticate each other. (A1) S i first checks the format of ID i. If it is valid, S i computes M4 = h(id i //X S ), M5 = M2 M4. S i then verifies whether the condition M3 = h(m4//m5) holds or not. If this condition holds, Si generates a random number R s and computes M6=M4 R s, M7=h(M4// R s ) and sends the message {M6, M7} to the user C i. (A2) After receiving the reply message {M6, M7} from S i, C i computes M8= M6 M1 and then checks if the condition M7= h(m1//m8) holds or not. If the condition holds, C i computes M9 = h(m1//rc//m8). Then C i sends the message {M9} to Si for mutual authentication. (A3) Finally, after receiving the message {M9} from C i, S i verifies the condition M9 = h(m4//m5//r s ). If the

3 condition is true, S i will accept the user login request and C i will be treated as a legitimate user. B. Security analysis In this section, we analyze the security of An s scheme. We show that an attacker X can mount different types of attacks on the scheme. Authors in [10, 11] show that it is possible to extract the values stored inside a smart card. So we assume that X can extract out parameters stored inside a user s smart card. Use of the Hash function Hash functions allow securely computing a short digest of a long message. Mathematically speaking, a hash function is a function that maps a variable length input message to an output message digest of fixed length. Cryptographic hash functions (such as SHA-1 [5]) are by design extremely sensitive to changes in the input data: even changing one bit in the data results in a totally different hash value. In this way, the cryptographic hash function cannot be applied when the input data are with noise such as biometrics. In registration phase of An s scheme, the registration center R i computes f i = h(b i K) based on the user s biometric information B i K. After that, f i is stored in the smart card for purpose of authentication. As input biometric patterns belonging to the same person may slightly differ from time to time, for example finger vein. Due to the sensitive property of the one-way hash function h(.), even if there is a small perturbation in the user s biometric input B i the verification condition f i = f i may never succeed. Thus, this may cause a serious issue for the legal user to pass the biometric verification during the login phase. As a result, An s scheme fails to provide the strong biometric verification procedure. Offline password guessing In An's scheme, an attacker X can easily identify the login request corresponding to a smart card since both contain the identity of user. If X extracts the values {ID i, h(.), f i, e i, K} from the smart card SC i of user C i and intercepts the login request = {ID i, M2, M3} from open network, then he can mount offline password guessing attack as following: X computes : (1) e i f i = [h(id i // X S ) r i ] f i = [h(id i // X S ) h(pw i K) f i ] f i = [h(id i // X S ) h(pw i K)] X assumes PW' as user's possible password and computes (2) M1' = [e i f i ] h(pw i ' K) and R c ' = M2 M1' and M3' = h(m1' // R c ') and finally compares M3' with M3. For M3' different from M3, he repeats from step (2) with some other guess for user s password. But if M3' = M3, then X succeeded to extract the password PW i of C i. User / Server impersonation Attack As explained in previous subsection, X can guess a user s password if he obtains the smart card of user. In a successful process of password guessing we have also M1' = h(id i // X S ). In fact, h(id i // X S ) is the key value required to compute a valid login request or valid reply messages. Besides, X has easy access to user s identity ID i from SC i = {ID i, h(.), f i, e i, K} or from the login request = {ID i, M2, M3} of C i. Having and ID i and M1' = h(id i // X S ) in hand, X can easily impersonate the user C i or the legal server S i. Mutual authentication An's scheme fails to resist user impersonation attack and server impersonation attack as described in previous section. In fact, X can deceive the legal user or the legal server. Therefore, the scheme loses mutual authentication feature. IV. ENHANCED BIOMETRIC-BASED REMOTE USER AUTHENTICATION SCHEME In this section, we propose a new user authentication scheme, which not only can withstand the various attacks discussed in section III.B, but also provide mutual authentication between the user and the server. Our scheme also provides password change phase. Before to explain our scheme, it should be noted that the cryptographic hash function cannot be applied when the input data are with noise such as biometrics (section III. B). To address this issue we propose to use digital watermarking in order to perform biometric verification of a user for our proposed scheme. The aim of watermarking in our scheme is to protect biometric data (template) hidden into arbitrary image carrier (synthetic image). The synthetic image has the same form as a biometric template. The proposed scheme is divided into two phases: registration phase and authentication phase. Detailed steps of these phases are described in the following. We use the same notations as in Table 1. A. Registration phase In order to login to the system, the remote user C i needs to perform the following steps as shown in Fig. 1. R1: C i submits his identity ID i and password information P i (P i = PW i f i ) to R i through a secure channel. Where f i = W(B i ). W(B i ) represent the digital watermarking of a synthetic image by his biometric information B i. R2: R i computes h(id i //X S ), e i = h(id i //X S ) h(p i ) and then selects a random pseudonym PID i for the user C i. R3: R i stores {h(.), e i, PID i } on the user s smart card and sends it to the user via a secure channel. R4: C i computes u i = (ID i //PW i ) K i and v i =(ID i //PW i ) f i, where K i represent the private key used to extract the digital watermarking. R5: C i stores {u i, v i } on his smart card. B. Authentication phase Local Authentication: When the user C i wants to login the remote server S i, the user has to perform the following steps.

4 M7 = h(id i //X S ) R S M8 = h[h(id i //X S ) // R S ] Where R S is a random number generated by S i. S7: Then, S i sends the message {M6, M7, M8} to C i. S8: After receiving the reply message, SC i computes: M9 = h(m2//r c ) = h[(h(id i //X S ) R c ) // R c ] After that C i checks the condition M9 = M6. If does not holds, SC i stops the communication. Otherwise, the remote server S i has been successfully authenticated to SC i, and SC i computes: Fig. 1. Registration phase of the enhanced scheme S1: C i inserts his smart card SC i into a card reader, inputs the biometrics information B i on the specific device and inputs his ID i and PW i. S2: Based on the information provided by C i, SC i computes the following equations: f i = (ID i //PW i ) v i and K i = (ID i //PW i ) u i From f i we will extract B i ' using K i. This biometric data (B i ') will be compared with B i provides by the user C i. SC i then checks if the biometrics information B i and B i matches or not. If there is a match, the information B i, ID i and PW i provided by C i are correct. Therefore, C i passes the local authentication. Otherwise, SC i terminates this session (not legal user). Remote Authentication: Once the user C i has been successfully authenticated to the smart card SC i. S3: SC i computes the following: M1 = e i h(p i ) = h(id i //X S ) h(pw i f i ) h(pw i f i ) = h(id i //X S ) M2 = M1 R c = h(id i //X S ) R c M3 = h[h(id i //X S ) // R c ] Where R c is a random number generated by SC i. S i. S4: C i sends the login request message {PID i, M2, M3} to S5: After receiving the request login message, the remote server S i first extracts the received PID i and then finds the entry (PID i, ID i ) in the ID table. If it is found in the ID table, S i computes the following: M4 = h(id i //X S ) R c h(id i //X S ) = R c. M5 = h[h(id i // X S ) // M4] S6: S i checks the condition M3 = M5. If does not hold, S i rejects the authentication request of C i. Otherwise, S i computes the following: M6 = h[(h(id i //X S ) M4) // M4] = h[(h(id i //X S ) R c ) // R c ] M10 = M7 M1 = h(id i //X S ) R S h(id i //X S ) = R S Using M8, SC i checks the integrity of R c. Then compute: M11 = h[h(id i //X S )//R c //M10] = h[h(id i //X S )//R c //R S ] S9: C i sends the message {M11} to S i. S10: Finally, after receiving the message M11, S i computes: M12 = h[h(id i //X S ) // M4 // R S ] and verifies whether the condition M11 = M12 holds. If it does not hold, this phase terminates immediately. Otherwise, S i considers C i as a legitimate user. In this way, we have established mutual authentication, the user is connected to the remote server and can access to desired service. Fig. 2 gives a summary of messages exchange in remote authentication. Fig. 2. Remote authentication phase of the enhanced scheme C. Password change phase When a user wants to change his password, he follows the instructions below: First, the user C i inserts his smart card SC i and inputs his biometric information B i, password PW i and ID i. Using this information the smart card SC i computes the following: f i = (ID i //PW i ) v i

5 K i = (ID i //PW i ) u i From f i we will extract B i ' using Ki. This biometric data (B i ') will be compared with B i provides by the user C i. If it matches, the provided information B i, ID i and PW i are correct and the user C i passes the biometric verification. Otherwise, SC i terminates the session. After that, the new password PW i (new) is requested from the user and SC i computes: u i (new) = (ID i //PW i ) K i (ID i //PW i ) [ID i //PW i (new)] = [ID i // PW i (new)] K i v i (new) = (ID i //PW i ) f i (ID i //PW i ) [ID i //PW i (new)] = [ID i //PW i (new)] f i e i (new) = h(id i //X S ) h(pw i f i ) h(pw i f i ) h(pw i (new) f i ) = h(id i //X S ) h(pw i (new) f i ) Finally, SC i replaces u i, v i and e i by u i (new), v i (new) and e i (new). V. SECURITY ANALYSIS AND COMPARISONS In this section, we will analyze the security of our scheme. We assume that an attacker can access a user s smart card and extract the secret values stored in the smart card by some means [10, 11]. We assume also that the attacker can intercept the messages communicating between the user and the server. Besides, we will compare Chun-Ta Li [7] scheme, A.K. Das scheme [8], Younghwa An [9] scheme, and our scheme in terms of performance. A. Security analysis The security of our scheme is analyzed in the following: Use of the digital watermarking for the protection of the biometric template: One of the problems detected in Li, Das and An s schemes is the use of the hash function for the protection of the biometric template. The hash function is a very sensitive function; small variations can generate a different result from where the use of this function for the verification of the biometric template is not adequate. In our system, we propose to use digital watermarking for the protection of the biometric template; in this way we will be able to compare (matching) between two biometric templates. Password Change: Our system offers the possibility to change the password locally without interaction with the server. Before each change, the smart card verifies the accuracy of the user ID i, the old password PW i and the biometric data B i. Thus, our system offers a secure and simple way to change the password. Password-Guessing Attack: We suppose that an attacker X can access the smart card of a legitimate user and extract the information e i, v i, u i, PID i and h(.). We suppose also that the attacker intercept messages {M2, M3}, and was able to get the value of f i. The attacker X is going to suppose that PW x is the user's password and will computes: e i h(pw x f i ) = M1x (If PW x is correct then M1x = M1 = h(id i // X S )) After he will computes R cx = M2 M1x et M3x = h(m1x // R cx ) and compare M3x with M3. If M3x and M3 are different then the attacker choses a different password and repeats the calculations. On the other side, if M3x = M3 then the attacker was able to guess the correct password of the user. But, the attacker X can only success this attack if he had f i which it not possible because f i is not stored in plaintext inside the smart card. Actually, f i is stored in a secure way in v i = (ID i //PW i ) f i. That is, in order to extract f i an attacker X needs to know ID i and PW i. More than that X has no access to the user ID i since this one in not stored in plaintext inside the smart card also. From the above we can conclude that the attacker X cannot guess the user password PW i. Hence, the proposed scheme withstands password-guessing attack. User / Server Impersonation Attack: To impersonate a user / server, the attacker will need to know: h (ID i // X S ) and ID i. Which is impossible because it requires knowledge of PW i and f i (Obtaining PW i and f i is not possible, as explained in the previous section about password-guessing attack). Even using M2, the attacker cannot deduce h(id i // X S ) since R c is a random number. Mutual Authentication: In the proposed system, it is clear that the user C i challenges the server S i by the message M2 and the server responds to the challenge by the M6 message. Then, S i also challenges C i by the message M7 and receives the response in the message M11. In addition, since our system resists to impersonation attack in both directions (user / server), it ensures mutual authentication. TABLE II. User impersonation Server impersonation Password guessing Mutual authentication SECURITY COMPARISON OF THE RELATED SCHEME AND OUR SCHEME Chun- Ta Li A.K. Das Y. An Our scheme Possible Possible Possible Impossible Possible Possible Possible Impossible Possible Possible Possible Impossible No No No Yes The security analysis of the related scheme and the proposed scheme is summarized in Table 2. Our scheme is more secure than other schemes. In addition, the proposed scheme provides mutual authentication between the user and the server.

6 B. Performance comparisons In this section, we compare the performances of our improved scheme with the three discussed schemes [7-9]. Performance comparison is shown in Table 3. In terms of computational operations in registration and authentication phases, the proposed scheme has almost the same number of operations as An s scheme and less operations than Das. In addition, it allows password change and provides mutual authentication. As a result, our scheme is also efficient in computation. TABLE III. Computational operations in registration phase Computational operations in authentication phase PERFORMANCES COMPARISON WITH OTHER RELATED SCHEMES Chun- Ta Li A.K. Das Y. An 3H 3H 3H Our scheme 2H + 1W 7H 10H 9H 9H Password change Yes a Yes No Yes Computation operations in password change 3H 2H - 2H With: H: represent the one-way hashing, W: represent the watermarking function. a. No verification of the old password VI. FORMAL VERIFICATION OF THE PROPOSED SCHEME In this section, we simulate our scheme for the formal security verification using the widely accepted AVISPA tool [12] A. Overview of AVISPA AVISPA (Automated Validation of Internet Security Protocols and Applications) is a push-button tool for the automated validation of Internet security-sensitive protocols and applications. It provides a modular and expressive formal language for specifying protocols and their security properties, and integrates different back-ends that implement a variety of state-of-the-art automatic analysis techniques [13]. The current version of the tool integrates four back-ends: the On-the-fly Model-Checker OFMC, which performs several symbolic techniques to explore the state space in a demanddriven way. The Constraint-Logic-based Attack Searcher CL- AtSe, which provides a translation from any security protocol specification written as transition relation in an intermediate format into a set of constraints that are effectively used to find whether there are attacks on protocols. The SAT-based Model- Checker SATMC, which builds a propositional formula and then the formula is fed to a state-of-the-art SAT solver to verify whether there is an attack or not. Finally, the TA4SP protocol analyzer, which verifies protocols by implementing tree automata based on automatic approximations. All the backends of the tool analyze protocols under the assumptions of perfect cryptography and that the protocol messages are exchanged over a network that is under the control of a Dolev- Yao intruder [14, 15]. That is, the back-ends analyze protocols by considering the standard protocol independent, asynchronous model of an active intruder who controls the network but cannot break cryptography; in particular, the intruder can intercept messages and analyze them if he possesses the corresponding keys for decryption, and he can generate messages from his knowledge and send them under any party name. Upon termination, each back-end of the AVISPA Tool outputs the result of its analysis using a common and precisely defined output format. The output states whether the input problem was solved (giving a description of the considered protocol goal or, in case it was violated, the related attack trace), some of the system resources were exhausted, or the problem was not tackled by the required back-end for some reason [16]. Protocols to be studied by the AVISPA tool have to be specified in HLPSL (standing for High Level Protocols Specification Language), and written in a file with extension hlpsl. This language is based on roles: basic roles for representing each participant role, and composition roles for representing scenarios of basic roles. Each role is independent from the others, getting some initial information by parameters, communicating with the other roles by channels [13]. A HLPSL specification written from a protocol is first translated into a lower level specification by a translator, called the hlpsl2if, which in turn generates a specification in an intermediate format, called the Intermediate Format (IF). The output format (OF) of AVISPA is generated using one of the four back-ends specified above. The analysis of the OF is made as follows. The first printed section, called SUMMARY, indicates whether the protocol is safe, unsafe, or whether the analysis is inconclusive. The second section, called DETAILS, explains under what condition the protocol is declared safe, or what conditions have been used for finding an attack, or finally why the analysis was inconclusive. The remaining sections, called PROTOCOL, GOAL and BACKEND, are the name of the protocol, the goal of the analysis and the name of the back-end used, respectively. After some possible comments and the statistics, the trace of the attack (if any) is finally printed in a standard Alice-Bob format. B. Specifying our scheme We have built an AVISPA model for the messages sequences of our protocol, we have two basic roles, namely role_c and role_s, which represent the participants as the user C i and the remote server S i, respectively. Fig. 3 shows the specification in HLPSL for the role C i, and Fig. 4 shows the specification in HLPSL for the role S i.

7 Fig. 3. Role specification in HLPSL for the user Ci of our scheme Fig. 5. The result of analysis using OFMC & CL-AtSe Fig. 4. Role specification in HLPSL for the user Ci of our scheme Our AVISPA model is built to validate two security properties: The secrecy of the user s identity ID i, the server secret X S, and the two random values R C and R S. The mutual authentication between C i and S i based on R C and R S. As shown in Fig. 5, the OFMC and CL-AtSe report the model SAFE, which could be interpreted as proof that no attack trace has been found that violates the specified security properties. VII. CONCLUSION In this paper, we analyzed the security of An s scheme and we show that An s scheme is susceptible to many threats. Once an attacker obtains the smart card of a legal user, he can guess user s password and impersonate the user. Further, the attacker can also cheat the user by masquerading as the legal server. Consequently, the scheme fails to provide mutual authentication. Besides, the password change phase is not provided in this scheme. To overcome these security weaknesses we have proposed a new scheme. In the proposed scheme an attacker cannot figure out the identity of user either from the smart card or by intercepting all login authentication messages transmitted over insecure network. Analysis and comparison show improved performance of the proposed scheme. Finally, we formally prove using AVISPA tool that the proposed scheme ensure mutual authentication between users and server. The use of smart cards to hold encryption keys enables applications such as biometric ATMs and access of services from public terminals. In future works, we would like to implement a prototype of our system for the on-line payment and experimentally evaluate its performances. REFERENCES [1] L. Lamport, Password authentication with insecure communication, Communications of the ACM, vol. 24, no. 11, pp , [2] M. S. Hwang and L. H. Li, A new remote user authentication scheme using smart cards, IEEE Transactions on Consumer Electronics, vol. 46, no. 1, pp , 2000.

8 [3] E. J. Yoon, E. K. Ryu, and K. Y. Yoo, Further improvement of an efficient password based remote user authentication scheme using smart cards, IEEE Transactions on Consumer Electronics, vol. 50, no. 2, pp , [4] M. L. Das, A. Saxena, and V. P. Gulati, A dynamic ID-based remote user authentication scheme, IEEE Transactions on Consumer Electronics, vol. 50, no. 2, pp , [5] C. W. Lin, C. S. Tsai, and M. S. Hwang, A new strongpassword authentication scheme using one-way Hash functions, Journal of Computer and Systems [6] C. S. Bindu, P. Reddy, and B. Satyanarayana, Improved remote user authentication scheme preserving user anonymity, International Journal of Computer Science and Network Security, vol. 83, pp , [7] C. T. Li and M. S. Hwang, An efficient biometrics-based remote user authentication scheme using smart cards, Journal of Network and Computer Applications, vol. 33, no. 1, pp. 1 5, [8] A. K. Das, Analysis and Improvement on an efficient biometric-based remote user authentication scheme using smart cards, IET Information Security, vol. 5, no. 3, pp , [9] Younghwa An, Security Analysis and Enhancements of an Effective Biometric-Based Remote User Authentication Scheme Using Smart Cards, Journal of Biomedicine and Biotechnology Volume 2012, Article ID , 6 pages. [10] P. Kocher, J. Jaffe, and B. Jun, Differential power analysis, Proceedings of Advances in Cryptology, pp , [11] T. S. Messerges, E. A. Dabbish, and R. H. Sloan, Examining smart-card security under the threat of power analysis attacks, IEEE Transactions on Computers, vol. 51, no. 5, pp , [12] AVISPA PROJECT: Automated Validation of Internet Security Protocols and Applications. URL [13] AVISPA v1.1 user manual. June 30, URL [14] DOLEV, D. ; YAO, A. C.: On the security of public key protocols. In: 22 nd Annual Symposium on Foundations of Computer Science (sfcs 1981) (1981) ISBN [15] HERZOG, JONATHAN: A computational interpretation of Dolev-Yao adversaries. In: Theoretical Computer Science Bd. 340 (2005), Nr. 1, S [16] Luca Vigano, Automated Security Protocol Analysis With the AVISPA Tool, Electronic Notes in Theoritical Computer Science (ENTCS), volume 155, May 2006, pages [17] Matyas J V, Riha Z. Toward reliable user authentication through biometrics. IEEE Security Privacy 2003; 1(3): [18] Uludag U, Pankanti S, Jain A K. Biometric cryptosystems: Issues and challenges. Proceedings of the IEEE 2004; 92(6):