• 文献检索
  • 文档翻译
  • 深度研究
  • 学术资讯
  • Suppr Zotero 插件Zotero 插件
  • 邀请有礼
  • 套餐&价格
  • 历史记录
应用&插件
Suppr Zotero 插件Zotero 插件浏览器插件Mac 客户端Windows 客户端微信小程序
定价
高级版会员购买积分包购买API积分包
服务
文献检索文档翻译深度研究API 文档MCP 服务
关于我们
关于 Suppr公司介绍联系我们用户协议隐私条款
关注我们

Suppr 超能文献

核心技术专利:CN118964589B侵权必究
粤ICP备2023148730 号-1Suppr @ 2026

文献检索

告别复杂PubMed语法,用中文像聊天一样搜索,搜遍4000万医学文献。AI智能推荐,让科研检索更轻松。

立即免费搜索

文件翻译

保留排版,准确专业,支持PDF/Word/PPT等文件格式,支持 12+语言互译。

免费翻译文档

深度研究

AI帮你快速写综述,25分钟生成高质量综述,智能提取关键信息,辅助科研写作。

立即免费体验

使用生物哈希函数的增强安全性多因素生物特征认证方案。

Security enhanced multi-factor biometric authentication scheme using bio-hash function.

作者信息

Choi Younsung, Lee Youngsook, Moon Jongho, Won Dongho

机构信息

Department of Cyber Security, Howon University, Impi-Myeon, Gunsan-Si, Jeonrabuk-Do 573-718, Korea.

Department of Computer Engineering, Sungkyunkwan University, 2066 Seoburo, Suwon, Gyeonggido 440-746, Korea.

出版信息

PLoS One. 2017 May 1;12(5):e0176250. doi: 10.1371/journal.pone.0176250. eCollection 2017.

DOI:10.1371/journal.pone.0176250
PMID:28459867
原文链接:https://pmc.ncbi.nlm.nih.gov/articles/PMC5411053/
Abstract

With the rapid development of personal information and wireless communication technology, user authentication schemes have been crucial to ensure that wireless communications are secure. As such, various authentication schemes with multi-factor authentication have been proposed to improve the security of electronic communications. Multi-factor authentication involves the use of passwords, smart cards, and various biometrics to provide users with the utmost privacy and data protection. Cao and Ge analyzed various authentication schemes and found that Younghwa An's scheme was susceptible to a replay attack where an adversary masquerades as a legal server and a user masquerading attack where user anonymity is not provided, allowing an adversary to execute a password change process by intercepting the user's ID during login. Cao and Ge improved upon Younghwa An's scheme, but various security problems remained. This study demonstrates that Cao and Ge's scheme is susceptible to a biometric recognition error, slow wrong password detection, off-line password attack, user impersonation attack, ID guessing attack, a DoS attack, and that their scheme cannot provide session key agreement. Then, to address all weaknesses identified in Cao and Ge's scheme, this study proposes a security enhanced multi-factor biometric authentication scheme and provides a security analysis and formal analysis using Burrows-Abadi-Needham logic. Finally, the efficiency analysis reveals that the proposed scheme can protect against several possible types of attacks with only a slightly high computational cost.

摘要

随着个人信息和无线通信技术的快速发展,用户认证方案对于确保无线通信安全至关重要。因此,人们提出了各种多因素认证方案来提高电子通信的安全性。多因素认证涉及使用密码、智能卡和各种生物特征识别技术,为用户提供最大程度的隐私和数据保护。曹和葛分析了各种认证方案,发现Younghwa An的方案容易受到重放攻击(即对手伪装成合法服务器)以及用户伪装攻击(即不提供用户匿名性,允许对手在登录期间拦截用户ID来执行密码更改过程)。曹和葛改进了Younghwa An的方案,但仍存在各种安全问题。本研究表明,曹和葛的方案容易受到生物特征识别错误、错误密码检测缓慢、离线密码攻击、用户伪装攻击、ID猜测攻击、拒绝服务攻击的影响,并且他们的方案无法提供会话密钥协商。然后,为了解决曹和葛方案中发现的所有弱点,本研究提出了一种安全增强的多因素生物特征认证方案,并使用Burrows-Abadi-Needham逻辑进行了安全分析和形式化分析。最后,效率分析表明,所提出的方案仅需略微高一点的计算成本就能抵御几种可能类型的攻击。

https://cdn.ncbi.nlm.nih.gov/pmc/blobs/abeb/5411053/1ad850daa373/pone.0176250.g013.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/abeb/5411053/071d8a0a44e6/pone.0176250.g001.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/abeb/5411053/99047549af88/pone.0176250.g002.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/abeb/5411053/74a5284c4ff7/pone.0176250.g003.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/abeb/5411053/51b7b777d424/pone.0176250.g004.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/abeb/5411053/a004b98f92f6/pone.0176250.g005.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/abeb/5411053/4d5415392d59/pone.0176250.g006.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/abeb/5411053/95b087c97a72/pone.0176250.g007.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/abeb/5411053/2d7ec0a56466/pone.0176250.g008.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/abeb/5411053/c82c785a8173/pone.0176250.g009.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/abeb/5411053/402fa2fc536a/pone.0176250.g010.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/abeb/5411053/60552ed50acb/pone.0176250.g011.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/abeb/5411053/d0dfb26add67/pone.0176250.g012.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/abeb/5411053/1ad850daa373/pone.0176250.g013.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/abeb/5411053/071d8a0a44e6/pone.0176250.g001.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/abeb/5411053/99047549af88/pone.0176250.g002.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/abeb/5411053/74a5284c4ff7/pone.0176250.g003.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/abeb/5411053/51b7b777d424/pone.0176250.g004.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/abeb/5411053/a004b98f92f6/pone.0176250.g005.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/abeb/5411053/4d5415392d59/pone.0176250.g006.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/abeb/5411053/95b087c97a72/pone.0176250.g007.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/abeb/5411053/2d7ec0a56466/pone.0176250.g008.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/abeb/5411053/c82c785a8173/pone.0176250.g009.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/abeb/5411053/402fa2fc536a/pone.0176250.g010.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/abeb/5411053/60552ed50acb/pone.0176250.g011.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/abeb/5411053/d0dfb26add67/pone.0176250.g012.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/abeb/5411053/1ad850daa373/pone.0176250.g013.jpg

相似文献

1
Security enhanced multi-factor biometric authentication scheme using bio-hash function.使用生物哈希函数的增强安全性多因素生物特征认证方案。
PLoS One. 2017 May 1;12(5):e0176250. doi: 10.1371/journal.pone.0176250. eCollection 2017.
2
Security analysis and enhancements of an effective biometric-based remote user authentication scheme using smart cards.基于智能卡的有效生物特征远程用户认证方案的安全性分析与增强
J Biomed Biotechnol. 2012;2012:519723. doi: 10.1155/2012/519723. Epub 2012 Jul 31.
3
Secure anonymity-preserving password-based user authentication and session key agreement scheme for telecare medicine information systems.用于远程医疗信息系统的基于密码的安全匿名用户认证和会话密钥协商方案。
Comput Methods Programs Biomed. 2016 Oct;135:167-85. doi: 10.1016/j.cmpb.2016.07.028. Epub 2016 Jul 29.
4
Cryptanalysis and Enhancement of Anonymity Preserving Remote User Mutual Authentication and Session Key Agreement Scheme for E-Health Care Systems.针对电子医疗保健系统的匿名保护远程用户相互认证和会话密钥协商方案的密码分析与增强。
J Med Syst. 2015 Nov;39(11):140. doi: 10.1007/s10916-015-0318-z. Epub 2015 Sep 5.
5
Security enhanced anonymous multiserver authenticated key agreement scheme using smart cards and biometrics.使用智能卡和生物特征识别技术的安全增强型匿名多服务器认证密钥协商方案
ScientificWorldJournal. 2014;2014:281305. doi: 10.1155/2014/281305. Epub 2014 Sep 8.
6
A robust anonymous biometric-based authenticated key agreement scheme for multi-server environments.一种适用于多服务器环境的基于健壮匿名生物特征的认证密钥协商方案。
PLoS One. 2017 Nov 9;12(11):e0187403. doi: 10.1371/journal.pone.0187403. eCollection 2017.
7
An Improvement of Robust Biometrics-Based Authentication and Key Agreement Scheme for Multi-Server Environments Using Smart Cards.一种基于稳健生物特征的多服务器环境下使用智能卡的认证与密钥协商方案的改进
PLoS One. 2015 Dec 28;10(12):e0145263. doi: 10.1371/journal.pone.0145263. eCollection 2015.
8
Robust Multiple Servers Architecture Based Authentication Scheme Preserving Anonymity.基于健壮多服务器架构的匿名认证方案
Sensors (Basel). 2019 Jul 17;19(14):3144. doi: 10.3390/s19143144.
9
A secure biometrics-based authentication key exchange protocol for multi-server TMIS using ECC.基于椭圆曲线密码的 TMIS 多服务器安全生物认证密钥交换协议
Comput Methods Programs Biomed. 2018 Oct;164:101-109. doi: 10.1016/j.cmpb.2018.07.008. Epub 2018 Jul 18.
10
A Secure and Robust User Authenticated Key Agreement Scheme for Hierarchical Multi-medical Server Environment in TMIS.TMIS 中分层多医疗服务器环境的安全稳健的用户认证密钥协商方案。
J Med Syst. 2015 Sep;39(9):92. doi: 10.1007/s10916-015-0276-5. Epub 2015 Aug 6.

引用本文的文献

1
A Survey of Internet of Things (IoT) Authentication Schemes.物联网(IoT)认证方案综述。
Sensors (Basel). 2019 Mar 6;19(5):1141. doi: 10.3390/s19051141.
2
An improved anonymous authentication scheme for roaming in ubiquitous networks.一种改进的普适网络中漫游的匿名认证方案。
PLoS One. 2018 Mar 5;13(3):e0193366. doi: 10.1371/journal.pone.0193366. eCollection 2018.

本文引用的文献

1
Cryptanalysis and Enhancement of Anonymity Preserving Remote User Mutual Authentication and Session Key Agreement Scheme for E-Health Care Systems.针对电子医疗保健系统的匿名保护远程用户相互认证和会话密钥协商方案的密码分析与增强。
J Med Syst. 2015 Nov;39(11):140. doi: 10.1007/s10916-015-0318-z. Epub 2015 Sep 5.
2
Security enhanced anonymous multiserver authenticated key agreement scheme using smart cards and biometrics.使用智能卡和生物特征识别技术的安全增强型匿名多服务器认证密钥协商方案
ScientificWorldJournal. 2014;2014:281305. doi: 10.1155/2014/281305. Epub 2014 Sep 8.
3
Security enhanced user authentication protocol for wireless sensor networks using elliptic curves cryptography.
使用椭圆曲线密码学的无线传感器网络安全增强用户认证协议。
Sensors (Basel). 2014 Jun 10;14(6):10081-106. doi: 10.3390/s140610081.
4
Security analysis and improvements of two-factor mutual authentication with key agreement in wireless sensor networks.无线传感器网络中基于密钥协商的双因素相互认证的安全性分析与改进
Sensors (Basel). 2014 Apr 9;14(4):6443-62. doi: 10.3390/s140406443.
5
A secure and efficient uniqueness-and-anonymity-preserving remote user authentication scheme for connected health care.一种用于连接式医疗保健的安全高效的保持唯一性和匿名性的远程用户认证方案。
J Med Syst. 2013 Jun;37(3):9948. doi: 10.1007/s10916-013-9948-1. Epub 2013 May 10.
6
Security analysis and enhancements of an effective biometric-based remote user authentication scheme using smart cards.基于智能卡的有效生物特征远程用户认证方案的安全性分析与增强
J Biomed Biotechnol. 2012;2012:519723. doi: 10.1155/2012/519723. Epub 2012 Jul 31.
7
Random multispace quantization as an analytic mechanism for BioHashing of biometric and random identity inputs.随机多空间量化作为一种对生物特征和随机身份输入进行生物哈希处理的解析机制。
IEEE Trans Pattern Anal Mach Intell. 2006 Dec;28(12):1892-901. doi: 10.1109/TPAMI.2006.250.