Online transactions with mobile devices through internet environment have become popular worldwide. Therefore, many authentication schemes have been proposed to protect users from various potential attacks in e-transactions with online service providers from mobile devices. In 2013, Khan et. al. propose a keyhash based scheme on mobile devices to resist known kinds of attacks that previous schemes cannot resist. However, we prove that Khan et. al.’s scheme still cannot withstand impersonation, denial of service, and three-factor attacks. This motivates our proposal of an improved scheme to further overcome the found limitations in Khan’s scheme. The main idea of our proposed method is that the user ID and the secret key of the server are hashed together to prevent user impersonation. We also prove that our method can also resist against known attacks, such as server and user impersonation attack, replay attack, password guessing attack, malicious user attack, mobile device loss attack, attacks due to ID theft, attacks using login request.
CITATION STYLE
Phan, D. T., Truong, T. T., Tran, M. T., & Duong, A. D. (2014). Two-way biometrics-based authentication scheme on mobile devices. Lecture Notes in Computer Science (Including Subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 8860, 177–190. https://doi.org/10.1007/978-3-319-12778-1_14
Mendeley helps you to discover research relevant for your work.