Security Analysis and Enhancements of an Effective Biometric-Based Remote User Authentication Scheme Using Smart Cards

Recently, many biometrics-based user authentication schemes using smart cards have been proposed to improve the security weaknesses in user authentication system. In 2011, Das proposed an efficient biometric-based remote user authentication scheme using smart cards that can provide strong authentication and mutual authentication. In this paper, we analyze the security of Das's authentication scheme, and we have shown that Das's authentication scheme is still insecure against the various attacks. Also, we proposed the enhanced scheme to remove these security problems of Das's authentication scheme, even if the secret information stored in the smart card is revealed to an attacker. As a result of security analysis, we can see that the enhanced scheme is secure against the user impersonation attack, the server masquerading attack, the password guessing attack, and the insider attack and provides mutual authentication between the user and the server.


Introduction
Recently, user authentication scheme in e-commerce and mcommerce has become one of important security issues. However, the security weaknesses in the remote user authentication scheme have been exposed seriously due to the careless password management and the sophisticated attack techniques. Several schemes [1][2][3][4][5][6] have been proposed to enhance the various security problems in user authentication schemes.
In traditional identity-based remote user authentications, the security of the remote user authentication is based on the passwords, but simple passwords are easy to break by simple dictionary attacks. To resolve the single-password authentication problems, several biometrics-based remote user authentication schemes [7][8][9][10][11][12][13] have been designed. Generally, biometrics-based remote user authentication is inherently more secure and reliable than the traditional authentication scheme. There are some advantages of using biometrics keys as compared to traditional passwords.
(i) Biometric keys cannot be lost or forgotten.
(ii) Biometric keys are very difficult to copy or share. (iii) Biometric keys are extremely hard to forge or distribute. (iv) Biometric keys cannot be guessed easily.
(v) Someone's biometrics is not easy to break than others.
In 2010, Li and Hwang [12] proposed an efficient biometrics-based remote user authentication scheme using smart cards. They claimed that their scheme not only keeps good properties (e.g., without synchronized clock, freely changes password, mutual authentication) but also provides nonrepudiation. But Das [13], in 2011, pointed out that Li-Hwang's scheme does not resolve security drawbacks in login and authentication, security drawbacks in password change phase, and security drawbacks in verification of biometrics. Then, Das proposed more efficient biometrics-based remote user authentication scheme using smart cards which is secure against the user impersonation attack, the server masquerading attack, the parallel session attack, and the stolen password attack, and provide mutual authentication.
In this paper, we analyze the security of Das's authentication scheme, and we have shown that Das's authentication scheme is still vulnerable to the various attacks and does not provide mutual authentication between the user and the server. Also, we proposed the enhanced scheme to remove these security problems of Das's authentication scheme, even if the secret information stored in the smart card is revealed to an attacker. To analyze the security analysis of Das's authentication scheme, we assume that an attacker could obtain the secret values stored in the smart card by monitoring the power consumption [14,15] and intercept messages communicating between the user and the server. Also, we assume that an attacker may possess the capabilities to thwart the security schemes.
(a) An attacker has total control over the communication channel between the user and the server in the login and authentication phase. That is, the attacker may intercept, insert, delete, or modify any message across the communication procedures.
(b) An attacker may (i) either steal a user's smart card and then extract the secret values stored in the smart card, (ii) or steal a user's password, but cannot commit both of (i) and (ii) at a time.
Obviously, if both of the user's smart card and password was stolen at the same time, then there is no way to prevent an attacker from impersonating as the user. Therefore, a remote user authentication scheme should be secure if only one case out of (i) and (ii) is happening. This paper is organized as follows. In Section 2, we briefly review Das's authentication scheme. In Section 3, we describe the security analysis of Das's authentication scheme. The enhanced scheme is presented in Section 4, and security analysis of the enhanced scheme is given in Section 5. Finally, the conclusions are presented in Section 6.

Reviews of Das's Scheme
In 2011, Das proposed an improved biometrics-based remote user authentication scheme using smart cards. This scheme is composed of three phases: registration phase, login phase, and authentication phase. The notations used in this paper are as follows shown in Table 1.

Registration Phase.
Before logging in the remote server S i , a user C i initially has to register to the trusted registration centre R i as the following steps.
(R1) C i submits his identity ID i and password PW i to R i through a secure channel. Also, the user submits his biometrics information B i on the specific device to R i .
where X s is a secret value generated by the server.
(R3) R i stores (ID i , h(), f i , e i , r i ) on the user's smart card and sends it to the user via a secure channel. When the user C i wants to log in the remote server S i , the user has to perform the following steps.
(L1) C i inserts his smart card into a card reader and inputs the personal biometrics information B i on the specific device to verify the user's biometrics. If the biometrics information matches the template stored in the system, C i passes the biometrics verification.
(L2) C i inputs the ID i and PW i , and then the smart card computes r i = h(PW i ) ⊕ f i . If r i equals r i , the smart card computes the following equations, where R c is a random number generated by the smart card:

Authentication Phase.
After receiving the request login message, the remote server S i has to perform the following steps with the user C i to authenticate each other.
or not. If they are equal, S i computes the following equations, where R s is a random number generated by the server: (A4) Then, S i sends the message {M 6 , M 7 , M 8 } to C i .
(A5) After receiving the reply message, C i verifies whether

Security Analysis of Das's Scheme
In this section, we will analyze the security of Das's scheme.
To analyze the security weaknesses, we assume that an attacker could obtain the secret values stored in the smart card by monitoring the power consumption [14,15] and intercepting messages communicating between the user and the server. Under this assumption, we will discuss the various attacks, such as the user impersonation attack, the server masquerading attack, the password guessing attack, the insider attack, and the mutual authentication between the user and the server.

User Impersonation Attack.
If the attacker can obtain the secret values (e i , r i ) from the user's smart card illegally by some means and intercept the message {ID i , M 2 , M 3 } in the login phase, the attacker can perform the user impersonation attack as the following steps. The procedure of the user impersonation attack is illustrated in Figure 1.
(UA1) The attacker A i computes the following equations, where R ac is a random number chosen by the attacker:

Password Guessing Attack.
If an attacker can extract the secret values (r i , f i ) from the legal user's smart card by some means, the attacker can easily find out PW i by performing the password guessing attack, in which each guess PW * i for PW i can be verified as the following steps.
(PA1) The attacker A i computes the secret parameter r i * = h(PW * i ) ⊕ f i from the registration phase. (PA2) A i verifies the correctness of PW * i by checking r i = r * i . (PA3) A i repeats the above steps until a correct password PW * i is found. Thus, the attacker can perform the password guessing attack, and can successfully impersonate the legal user with the guessed user password.

Insider Attack.
In the registration phase, if the user's password PW i and biometrics information B i are revealed to the server, the insider of the server may directly obtain the user's password and biometrics information. Thus, the insider of the server as an attacker can impersonate as the legal user to access the user's other accounts in other server if the user uses the same password for the other accounts.

Mutual Authentication.
Generally, if authentication scheme is insecure against user impersonation attack and server masquerading attack, the authentication schemes cannot provide mutual authentication between the user and the remote server. Therefore, Das's scheme fails to provide mutual authentication as described in Sections 3.1 and 3.2. Namely, if the attacker can obtain the secret values (e i , r i ) from the legal user's smart card by some means and intercept the messages communicating between the user and the server, the attacker can make the forged messages easily by computing M a1 = e i ⊕ r i , M a2 = M a1 ⊕ R ac , and M a3 = h(R ac ) in the login phase. Also, the attacker can make the forged messages easily by computing M a6 = M a4 ⊕ R as , M a7 = h(M 2 M a5 ), and M a8 = h(R as ) in the authentication phase.

The Enhanced Scheme
In this section, we propose an enhanced Das's scheme which not only can withstand the various attacks, but also provide mutual authentication between the user and the server. The enhanced scheme is divided into three phases: registration phase, login phase, and authentication phase.

Registration Phase.
Before logging to the remote server S i , a user C i initially has to register to the trusted registration centre R i as the following steps. The registration phase is illustrated in Figure 2.
(R1) C i submits his identity ID i and password information (PW i ⊕ K) to R i through a secure channel. Also the user submits his biometrics information (B i ⊕ K) via the specific device to R i , where K is a random number generated by C i .
where X s is a secret value generated by the server. (R3) R i stores (ID i , h(), f i , e i ) on the user's smart card and sends it to the user via a secure channel. And C i stores random number K into the smart card issued by R i .

Login Phase.
When the user C i wants to login the remote server S i , the user has to perform the following steps. The login phase and authentication phase are illustrated in Figure 3.
(L1) C i inserts his smart card into a card reader and inputs the biometrics information B i on the specific device to verify user's biometrics. If the biometrics information h(B i ⊕K ) matches f i stored in the system, C i passes the biometrics verification.
(L2) C i inputs the ID i and PW i , and then the smart card computes the following equations, where R c is a random number generated by the user: (L3) C i sends the login request message {ID i ,M 2 ,M 3 } to S i .

Authentication Phase.
After receiving the request login message, the remote server S i has to perform the following steps with the user C i to authenticate each other.
Inputs ID i and PW i Computes

Security Analysis of the Enhanced Scheme
In this scheme, we will provide the security analysis of the enhanced scheme based on the password and biometrics information. To analyze the security of the enhanced scheme, we assume that an attacker can access a user's smart card and extract the secret values stored in the smart card by some means [14,15], and intercept the messages communicating between the user and the server.  The security analysis of the related scheme and the enhanced scheme is summarized in Table 2.

User Impersonation
The enhanced scheme is relatively more secure than Li-Hwang's and Das's scheme. In addition, the enhanced scheme provides mutual authentication between the user and the server.

Conclusions
In this paper, we analyzed the security of Das's scheme. And we have shown that Das's scheme is not secure against the various attacks and fails to provide mutual authentication between the user and the server. Also, we proposed the enhanced scheme to overcome these security weaknesses, while preserving all their merits, even if the secret information stored in the smart card is revealed. As a result of security analysis, the enhanced scheme is secure against the user impersonation attack, the server masquerading attack, and the password guessing attack, the insider attack and provides mutual authentication between the user and the server.