Journal of Internet Computing and Services (인터넷정보학회논문지)

Korean Society for Internet Information (한국인터넷정보학회)
권호 표지
DOI QR코드

DOI QR Code

Security Enhanced User Authentication Scheme with Key Agreement based on Fuzzy Extraction Technology

보안성이 향상된 퍼지추출 기술 기반 사용자 인증 및 키 동의 스킴

  • Choi, Younsung (Department of Cyber Security, Howon University) ;
  • Won, Dongho (Department of Computer Engineering, Sungkyunkwan University)
  • Received : 2015.08.24
  • Accepted : 2016.03.10
  • Published : 2016.06.30
Download PDF
⟨ Previous Next ⟩

Abstract

Information and network technology become the rapid development, so various online services supplied by multimedia systems are provided through the Internet. Because of intrinsic open characteristic on Internet, network systems need to provide the data protection and the secure authentication. So various researchers including Das, An, and Li&Hwang proposed the biometric-based user authentication scheme but they has some security weakness. To solve their problem, Li et al. proposed new scheme using fuzzy extraction, but it is weak on off-line password attack, authentication without biometrics, denial-of-service and insider attack. So, we proposed security enhanced user authentication scheme with key agreement to address the security problem of authentication schemes.

정보기술과 네트워크 기술의 발전에 따라 멀티미디어 시스템을 이용한 다양한 서비스들이 인터넷을 통해서 제공되고 있다. 하지만 이러한 인터넷 기술의 근본적 특징인 개방성 때문에 네트워크를 기반으로 하는 시스템에서는 데이터 보호 기술과 안전하게 사용자를 인증하는 기법을 제공해야만 한다. 그래서 Das, An 그리고 Li&Hwang 과 같은 다양한 연구자들은 스마트카드, 패스워드, 그리고 생체정보를 기반한 사용자 인증 스킴을 제안하였으나, 다양한 보안 취약점이 발견되었다. 이러한 문제를 해결하기 위해 Li 등은 퍼지추출 기술을 활용한 새로운 인증 스킴을 제안하였으나, 그들의 스킴도 여전히 off-line password attack, authentication without biometrics, denial-of-service, insider attack 등의 보안 문제점을 가지고 있었다. 그래서 본 논문에서는 Li 등이 제안한 사용자 인증 스킴의 보안 문제점을 해결할 수 있는 보안성이 향상된 퍼지추출기술 기반의 사용자 인증 및 키 동의 스킴을 제안한다.

Keywords

References

  1. Lin, Chu-Hsing, and Yi-Yi Lai. "A fingerprint-based user authentication scheme for multimedia systems." Multimedia and Expo, 2004. ICME'04. Vol. 2. IEEE, 2004. http://dx.doi.org/10.1109/ICME.2004.1394355.
  2. Xiong Li, Jianwei Niu, Muhammad Khurram Khan, Junguo Liao and Xiaoke Zhao, "Robust three-factor remote user authentication scheme with key agreement for multimedia systems." Security and Communication Networks (2014). http://dx.doi.org/10.1002/ sec.961.
  3. Lamport, Leslie. "Password authentication with insecure communication." Communications of the ACM 24.11 (1981): 770-772. http://dx.doi.org/10.1145/358790.358797.
  4. Chuang, Ming-Chin, and Meng Chang Chen. "An anonymous multi-server authenticated key agreement scheme based on trust computing using smart cards and biometrics." Expert Systems with Applications 2014. http://dx.doi.org/10.1016/j.eswa.2013.08.040
  5. An, Younghwa. "Security analysis and enhancements of an effective biometric-based remote user authentication scheme using smart cards." BioMed Research International 2012. http://dx.doi.org/10.1155/2012/519723
  6. Xiong Lia, Jian-Wei Niub, Jian Maa, Wen-Dong Wanga, Cheng-Lian Liuc, "Cryptanalysis and improvement of a biometrics-based remote user authentication scheme using smart cards." Journal of Network and Computer Applications 34.1 (2011): 73-79. http://dx.doi.org/10.1016/j.jnca.2010.09.003
  7. Jongho Moon, Younsung Choi, jaewook Jung, Dongho Won, "An Improvement of Robust Biometrics-Based Authentication and Key Agreement Scheme for Multi-Server Environments Using Smart Cards." PloS one 10.12 (2015), http://dx.doi.org/10.1371/journal.pone.0145263
  8. Younsung Choi, Donghoon Lee, Jiye Kim, Jaewook Jung, Junghyun Nam and Dongho Won, "Security enhanced user authentication protocol for wireless sensor networks using elliptic curves cryptography." Sensors 14.6, 2014. http://dx.doi.org/10.3390/s140610081
  9. Dodis, Yevgeniy, Leonid Reyzin, and Adam Smith. "Fuzzy extractors: How to generate strong keys from biometrics and other noisy data." Advances in cryptology-Eurocrypt 2004. http://dx.doi.org/10.1007/978-3-540-24676-3_31
  10. Choi, Younsung, Youngsook Lee, and Dongho Won. "Security Improvement on Biometric Based Authentication Scheme for Wireless Sensor Networks Using Fuzzy Extraction." International Journal of Distributed Sensor Networks, 2016. http://dx.doi.org/10.1155/2016/8572410
  11. Lauter, Kristin. "The advantages of elliptic curve cryptography for wireless security." IEEE Wireless communications 11.1 (2004): 62-67. http://dx.doi.org/10.1109/MWC.2004.1269719
  12. Messerges, T. S.; Dabbish, E. A.; Sloan, R. H, "Examining smart-card security under the threat of power analysis attacks". Computers. IEEE Transactions on Computers, 2002, 51(5). http://dx.doi.org/10.1109/TC.2002.1004593
  13. Nam, Junghyun, et al. "Dictionary Attacks against Password-Based Authenticated Three-Party Key Exchange Protocols." TIIS 7.12 (2013): 3244-3260. http://www.dbpia.co.kr/Article/NODE02405172 https://doi.org/10.3837/tiis.2013.12.016
  14. Younsung Choi, Donghoon Lee, Jiye Kim, Jaewook Jung and Dongho Won.. "Cryptanalysis of Robust Three-Factor Remote User Authentication Scheme with Key Agreement for Multimedia System." The International Conference on Digital Security and Forensics (DigitalSec2014). The Society of Digital Information and Wireless Communication, 2014. http://sdiwc.net/digital-library/cryptanalysis-of-robust-t hreefactor-remote-user-authentication-scheme-with-ke y-agreement-for-multimedia-system.html
  15. Das, Amal K. "Analysis and improvement on an efficient biometric-based remote user authentication scheme using smart cards." Information Security, IET 5.3 (2011): 145-151. http://dx.doi.org/10.1049/iet-ifs.2010.0125
  16. Li, Chun-Ta, and Min-Shiang Hwang. "An efficient biometrics-based remote user authentication scheme using smart cards." Journal of Network and computer applications 33.1 (2010): 1-5. http://dx.doi.org/10.1016/j.jnca.2009.08.001