Efficient biometric and password based mutual authentication for consumer USB mass storage devices

Download

[thumbnail of Efficient Biometric and Password Based Mutual Authentication full_text.pdf]

Preview

Text - Accepted Version
· Please see our End User Agreement before downloading. | Preview

Advice

Please see our End User Agreement.

It is advisable to refer to the publisher's version if you intend to cite from this work. See Guidance on citing.

Tools

Lists

Giri, D., Sherratt, R. S. ORCID: https://orcid.org/0000-0001-7899-4445, Maitra, T. and Amin, R. (2015) Efficient biometric and password based mutual authentication for consumer USB mass storage devices. IEEE Transactions on Consumer Electronics, 61 (4). pp. 491-499. ISSN 0098-3063 doi: 10.1109/TCE.2015.7389804

Abstract/Summary

A Universal Serial Bus (USB) Mass Storage Device (MSD), often termed a USB flash drive, is ubiquitously used to store important information in unencrypted binary format. This low cost consumer device is incredibly popular due to its size, large storage capacity and relatively high transfer speed. However, if the device is lost or stolen an unauthorized person can easily retrieve all the information. Therefore, it is advantageous in many applications to provide security protection so that only authorized users can access the stored information. In order to provide security protection for a USB MSD, this paper proposes a session key agreement protocol after secure user authentication. The main aim of this protocol is to establish session key negotiation through which all the information retrieved, stored and transferred to the USB MSD is encrypted. This paper not only contributes an efficient protocol, but also does not suffer from the forgery attack and the password guessing attack as compared to other protocols in the literature. This paper analyses the security of the proposed protocol through a formal analysis which proves that the information is stored confidentially and is protected offering strong resilience to relevant security attacks. The computational cost and communication cost of the proposed scheme is analyzed and compared to related work to show that the proposed scheme has an improved tradeoff for computational cost, communication cost and security.

Altmetric Badge

Item Type	Article
URI	https://reading-clone.eprints-hosting.org/id/eprint/54675
Identification Number/DOI	10.1109/TCE.2015.7389804
Refereed	Yes
Divisions	Life Sciences > School of Biological Sciences > Department of Bio-Engineering
Uncontrolled Keywords	Authentication, Security, Biometric, Consumer Storage, Password, MSD, USB.
Publisher	IEEE
Download/View statistics	View download statistics for this item

Download Statistics

Downloads

Downloads per month over past year

Deposit Details

Date Deposited:	22 Feb 2016 11:50	Date item deposited into CentAUR
Last Modified:	09 Jun 2024 03:25	Date item last modified

References

[1] D.P. Jablon, “Strong password-only authentication key exchange,” SIGCOMM Comput. Commun. Rev. vol. 26, no. 5, pp. 5-26, Oct. 1996. [2] W. Diffie, and M.E. Hellman, “New directions in cryptography,” IEEE Trans. Inf. Theor. vol. 22, no. 6, pp. 644-654, Nov 1976. [3] F. Hao, and S.F. Shahandashti, “The SPEKE protocol revisited,” Security Standardisation Research, Lecture Notes in Computer Science. vol. 8893, pp. 26-38. [4] D. Harkins, “Simultaneous Authentication of Equals: A secure, password-based key exchange for mesh networks,” in Proc. 2nd IARIA Int. Conf. Sensor Technologies and Applications, Cap Esterel, pp. 839-844, Aug 2008. [5] M.-S. Hwang, and L.-H. Li, “A new remote user authentication scheme using smart cards,” IEEE Trans. Consum. Electron. vol. 46, no. 1, pp. 28-30, Feb. 2000. [6] H.–M. Sun, “An efficient remote use authentication scheme using smart cards,” IEEE Trans. Consum. Electron. vol. 46, no. 4, pp. 958-961, Nov. 2000. [7] C.-K. Chan, and L.M. Cheng, “Cryptanalysis of a remote user authentication scheme using smart cards,” IEEE Trans. Consum. Electron. vol. 46, no. 4, pp. 992-993, Nov. 2000. [8] J.-J. Shen, C.-W. Lin, and M.-S. Hwang, “A modified remote user authentication scheme using smart cards,” IEEE Trans. Consum. Electron. vol. 49, no. 2, pp. 414-416, May 2003. [9] W.-C. Ku, and S.-M. Chen, “Weaknesses and improvements of an efficient password based remote user authentication scheme using smart cards,” IEEE Trans. Consum. Electron. vol. 50, no. 1, pp. 204-207, Feb 2004. [10] E.-J. Yoon, E.-K. Ryu, and K.-Y. Yoo, “Efficient remote user authentication scheme based on generalized Elgamal signature scheme,” IEEE Trans. Consum. Electron. vol. 50, no. 2, pp. 568-570, May 2004. [11] F.-Y. Yang, T.-D. Wu, and S.-H. Chiu, “A secure control protocol for USB mass storage devices,” IEEE Trans. Consum. Electron. vol. 56, no. 4, pp. 2339-2343, Nov. 2010. [12] B. Ruppert, and R. Wanner, “Protecting against insider attacks,” SANS Institute InfoSec Reading Room, April. 2009. [13] D.-J. Kim, and K.-S. Hong, “Multimodal biometric authentication using teeth image and voice in mobile environment,” IEEE Trans. Consum. Electron. vol. 54, no. 4, pp. 1790-1797, Nov. 2008. [14] C.-T. Li, and M.-S. Hwang, “An efficient biometrics-based remote user authentication scheme using smart cards,” J. Network and Computer Applications. vol. 33, no. 1, pp. 1-5, Jan. 2010. [15] A.K. Das, “Analysis and improvement on an efficient biometric based remote user authentication scheme using smart cards,” IET Information Security. vol. 5, no. 3, pp. 145-151, Sept. 2011. [16] Y. An, “Security analysis and enhancements of an effective biometric-based remote user authentication scheme using smart cards,” J. Biomedicine and Biotechnology. Article ID 519723, pp. 1-6, Sept. 2012. [17] X. Li, J. Niu, M. K. Khan, J. Liao, and X. Zhao, “Robust three-factor remote user authentication scheme with key agreement for multimedia systems,” J. Security and Communication Networks, ISSN 1939-0122. Mar. 2014. [18] D. He, N. Kumar, J.-H. Lee, and R.S. Sherratt, “Enhanced three-factor security protocol for consumer USB mass storage devices,” IEEE Trans. Consum. Electron. vol. 60, no. 1, pp. 30-37, Feb. 2014. [19] L. Jiping, D. Yaoming, X. Zenggang, and L. Shouyin, “An improved biometric-based user authentication scheme for c/s system,” Int. J. Distributed Sensor Networks. Article ID 275341, pp. 1-9, April 2014. [20] P. Sarkar, “A simple and generic construction of authenticated encryption with associated data,” ACM Trans. Inf. Syst. Secur., vol. 13, no. 4, Article 33, Dec. 2010. [21] Y. Dodis, L. Reyzin, and A. Smith, “Fuzzy extractors: How to generate strong keys from biometrics and other noisy data,” in Proc. Int. Conf. Theory and Applications of Cryptographic Techniques, Interlaken, Switzerland, Lecture Notes in Computer Science, vol. 3027, pp 523-540, 2004. [22] X. Boyen, “Reusable cryptographic fuzzy extractors,” in Proc. 11th ACM Conf. Computer and Communications Security, Washington, DC, pp 82-91, Oct. 2004. [23] P.C. Kocher, J. Jaffe, and B. Jun, “Differential power analysis,” in Proc. 19th Annual Int. Cryptology Conf. Advances in Cryptology, Santa Barbara, CA, pp 388-397, Aug. 1999. [24] T.S. Messerges, E.A. Dabbish, and R.H. Sloan, “Examining smart-card security under the threat of power analysis attacks,” IEEE Trans. Comput. vol. 51, no. 5, pp. 541-552, May 2002. [25] N.R. Potlapally, S. Ravi, A. Raghunathan, and N.K. Jha, “A study of the energy consumption characteristics of cryptographic algorithms and security protocols,” IEEE Trans. Mobile Comput. vol. 5, no. 2, pp. 128-143, Feb. 2006.

University Staff: Request a correction | Centaur Editors: Update this record

Search Google Scholar