Chaotic hash-based fingerprint biometric remote user authentication scheme on mobile devices

Download Chaotic hash-based fingerprint biometric remote user authentication scheme on mobile devices

Post on 26-Jun-2016




0 download


  • Abstract

    the whole authentication system. To reduce this risk, Hwang and Li [2] presented a novel id-based remote user

    0960-0779/$ - see front matter 2006 Elsevier Ltd. All rights reserved.

    * Corresponding authors. Tel.: +86 28 87601756/87634091.E-mail addresses: (M.K. Khan), (J. Zhang).

    Chaos, Solitons and Fractals 35 (2008) 519524 the large scale proliferation of mobile technology, remote user authentication in e-commerce and m-commercehas become an indispensable part to access the precious resources. Remote authentication is a mechanism to authen-ticate remote users over insecure communication network. It is evident that with the passage of time, the volume ofmobile user authentication is overwhelmingly increasing because of easiness in accessing the resources at any remotelocation. Generally mobile devices used in the remote authentication are cell phones, personal digital assistant(PDA), and notebook computers. To spread the technology, commercial companies are providing remote authentica-tion of mobile users to access their resources remotely e.g. online banking and mobile commerce. A typical represen-tation of the mobile user remote authentication system is depicted in Fig. 1.

    Password-based remote authentication schemes have been widely deployed to verify the legitimacy of the remoteusers. In 1981, Lamport [1] proposed a password-based authentication scheme using password tables to verify remoteuser over insecure network channel. In Lamports scheme passwords are stored in database on the remote machine. But,if the passwords are compromised or stolen by the attacker, then it could have catastrophic aect on the integrity ofThis paper presents an ecient and practical chaotic hash-based ngerprint biometric remote user authenticationscheme on mobile devices e.g. cell phone and PDA. Our scheme is completely based on the new family of one-way col-lision free chaotic hash functions, which are much ecient than modular exponentiation-based authentication schemese.g. RSA. Proposed scheme is two-factor authentication scheme and a user has to identify him with: something heknows (e.g. password) and something he is (e.g. ngerprint biometric). Security analysis shows that the proposedscheme provides secure, robust, and trustworthy remote authentication of mobile users over insecure network. In addi-tion, computational costs and eciency of the proposed scheme are encouraging for the practical implementation in thereal environment. 2006 Elsevier Ltd. All rights reserved.

    1. IntroductionChaotic hash-based ngerprint biometric remoteuser authentication scheme on mobile devices

    Muhammad Khurram Khan *, Jiashu Zhang *, Xiaomin Wang

    Research Group for Biometrics and Security, Sichuan Province Key Lab of Signal and Information Processing,

    Southwest Jiaotong University, Chengdu 610031, Sichuan, PR China

    Accepted 22 May 2006doi:10.1016/j.chaos.2006.05.061

  • 520 M.K. Khan et al. / Chaos, Solitons and Fractals 35 (2008) 519524authentication method without using the password table, and their scheme is based on El Gamal public key encryptionmethod [3]. Their scheme stores user credentials on the smart card and there is no need to maintain passwords on theremote system.

    Due to the security pitfalls of password-based authentication systems, there is a need to introduce newauthentication technology with or without traditional authentication schemes. The problems with passwords arethat they can be easily guessed, shared with others, and can be hacked or cracked. To improve the security,biometric has shown itself a proven state-of-the-art authentication technology, which cannot be shared with other,and is dicult to hack and guess. Recently, biometric-based authentication systems are becoming very popularbecause of their ability to dierentiate between a legitimate user and imposter by verifying their physiological orbehavioral characteristics [4]. Most commonly use biometric techniques are face, ngerprint, iris, voice, and palmprint etc., but ngerprint-based biometric authentication systems have attracted more attention and mostlydeployed [5].

    To overcome the drawbacks and pitfalls of only-password-based remote authentication systems, in this paper, wepropose an ecient and practical chaotic hash-based ngerprint biometric remote user authentication scheme onmobile devices. Because mobile devices have low computational power e.g. PDA, so our scheme is completely basedon the one-way collision free chaotic hash functions, which are computationally faster than modular exponentiationse.g. Die-Hellman, El Gamal, and RSA based encryption algorithms [6]. Our scheme allows users to choose andchange their passwords freely and securely, and length of passwords is according to users need and ease which hecan easily remember. Furthermore, user and remote system authenticate each other and perform mutual authentication.Moreover, there is no need to save the password tables and biometric database on the remote server. In addition, the

    Fig. 1. Remote user authentication using mobile devices.computation cost, security, and eciency of the presented scheme are embarking for the real application in the practicalenvironment. Besides, to the best of our knowledge this is the rst attempt in the development of chaotic hash-basedngerprint biometrics remote user authentication scheme on mobile devices.

    Rest of the paper is organized as follows: Section 2 briey reviews chaotic cryptography and hash functions, Section3 presents our ecient and practical chaotic hash-based biometric remote user authentication scheme, Section 4 per-forms security analysis of the proposed scheme, and Section 5 concludes this paper.

    2. Chaotic cryptography and hash functions

    Chaos is a deterministic process, which is ubiquitously present in the world. Because of its random like behavior,sensitivity to initial conditions and parameter values, ergodicity, and confusion and diusion properties; chaotic cryp-tography has become an important branch of modern cryptography and has huge potential in protecting the assets[7,17].

    A hash function is a one-way transformation that takes an arbitrary input and returns a xed-size string, named ashash value or message digest [8]. Recent work on collision frequencies reveals many undiscovered aws in conventionalcryptographic hash algorithms [9,10], and it is still a challenging open problem for further study of secure hash function.

  • Utilizing some interesting characteristics of chaos, such as the sensitivity to initial condition and control parameter,ergodicity and mixing property, a chaotic hash algorithm was constructed in [11], which is based on an n-D nonlinearautoregressive lter. The iteration process of chaotic systems is one-way, which make them an ideal candidate to beused for the collision free one-way hash functions [13]. Combined the properties of chaos with cipher block chaining(CBC) mode in hashing process, the chaotic hash function can meet the requirements of cryptographic hash, thoughits further security analysis is very necessary for a reliable security system. Simultaneously, it can be eciently imple-mented by lter structure. So in the currently proposed remote authentication scheme, we use it to take over the con-ventional cryptographic hash functions. The basic crux of this paper is to use the excellent achievements of chaotic

    where T n


    ThLet L be the bit-length of hash value and satisfy LP 128. First of all, the original messageM is padded such that its

    Step 2. Append padding bits (100. . .0)2 with length n (1 6 n 6 L, such that m nmodL 64 at the tail of M.

    s s

    M.K. Khan et al. / Chaos, Solitons and Fractals 35 (2008) 519524 521Step 3. Append the rear blank part of sth subblock with the length of original message. Also, this shows that the ori-ginal messages length is less than 2L/2.

    Step 4. Calculate k pair of coecients {ci} satised Kelber conditions, set initial vector H 0 f0gL1 and secret keySK = {/0,r

    (0),ph}, where /0 is initial input signal, r(0) is the initial status of lter, and ph is break point of

    h(), respectively.Fig.After padding, M is constituted by subblocks with L bits and each subblock is indicated as Mi (1 6 i 6 s).Note that the last subblock Ms M1s MLs is not yet full, more precisely, the rear part of the sth subblock,MsM65 ML, is blank.length is multiple of L. Then M can be split into L-bit subblocks denoted by M = (M1,M2, . . . ,Ms), whereMi m1i m2i m3i mLi .

    Step 1. Input original message M with length m bits, m > 0.n is order of lter, z = (z1, . . . ,zn) 2 Z = I denotes the vector of state variables, ci is lter coecient, / isof lter, h() is a piecewise linear map dened by h:I! I, h(w) = mk w + rk, w 2Wk I, k 2 {1, . . . ,M}, and) is a modulo map given as modv v 2 v1


    v 2 lv 2 1 2 l; 1 2 l; l 2 G.e complete hashing process is described as follows.regime of [11] in the development of remote user ngerprint biometric authentication for mobile or electroniccommerce.

    For keeping the integrity of this paper, we briey elaborate the construction of this chaotic hash as follows:The chaotic hash function used in [11] is an iterative hash function, which can be denoted by Eq. (1) and illustrated

    in Fig. 2.

    Hi;/i F /i1;Hi1 Mi; i 1; 2; . . . ; sHM Hs


    where F is a round function, /i is input value of F, Mi is the ith message subblock, Hi is the ith inter hash value andH(M) is the nal hash value.

    The round function in Fig. 2, denoted by F(), is constructed on an n-dimensional autoregressive lter with change-able coecients, which is dened by Eq. (2):

    z1t 1 h modPni1

    cizi /

    ; zi 2 I ; / 2 U R

    zkt 1 zk1t; k 2; 3; . . . ; n

    8>: 22. Block diagram of CBC mode in hashing process [11]. /0 is initial input value, H0 is initial vector, Hs is nal hash value.

  • 1. Computes Ai = hc(IDi x), where x is the private key of the remote system and hc() is collision free one-way chaotichash function, as generated in Section 2.

    522 M.K. Khan et al. / Chaos, Solitons and Fractals 35 (2008) 519524In the authentication phase, remote system receives the message from the user and performs the followingoperations:3.3. Authentication phase2. Computes C1 = hc(Bi Tu), where Tu is the current timestamp of the device.3. At the end of login phase, Ui sends login message m = {IDi,C1,Tu} to the remote server over an insecure

    network.2. Computes Vi = Ai hc (pwi Si), where Si is the extracted ngerprint template of the user.3. Remote system personalizes the secure information {IDi,Ai,Vi,Si,hc()} and saves into the system of the Ui.

    3.2. Login phase

    If Ui wants to login into the system, he opens the login application software, enters IDi and pwi , and imprints

    ngerprint biometric at the sensor. If Ui is successfully veried by his ngerprint biometric, mobile device performsthe following operations:

    1. Computes Bi V i hcpwi Si, and veries whether Bi equals to the stored Ai or not. If they are equal, usersdevice performs further operations, otherwise terminates the operation.3.1. Registration phase

    In the registration phase, user Ui chooses his IDi and password pwi, and interactively submits to the registrationcenter. Ui also imprints his ngerprint impression at the sensor, and then registration system performs the followingoperations:iteration process. In the next section, we use chaotic hash function to implement our proposed remote authenticationscheme on mobile devices.

    3. Chaotic hash-based biometric authentication scheme

    In this section, we propose an ecient and practical chaotic hash-based ngerprint biometric remote userauthentication scheme on mobile devices. The presented scheme is composed of four phases namely,registration, login, authentication, and password change phase, which are presented in the followingsubsections.For j = 1 to L, modulate message block Mi by CSK mode:(a) q = rj, select the qth sub-lter r

    (j) = uq(r(j1),/,cq) and iterate one step;

    (b) Hji T nrj0 , where Tn() is a quantization function;(3) Hi H 1i H 2i HLi , /i rL0 .

    Step 6. Output the hash value HM Hs H 1sH 2s HLs .

    In the above hashing process, the message to be hashed is modulated into chaotic trajectory by CSK (chaotic shiftkeying) method, and a CBC mode [12] is introduced to expedite avalanche eect, so each bit of the nal hash value isrelated to all the bits of original message M

    0and secret key SK. Since the lter with varying parameters is a n-order

    chaotic system with uniform distribution, and the coarse-graining quantization of its trajectory is uniform quantization,thus the hash value can furthest preserve uniform distribution in hash space while digital realization. Simultaneously,the algorithm has strong one-way property due to the irreversibility of quantization, h() and mod() operations duringStep 5. Algorithm:For i=1 to s, repeatedly process for each subblock:(1) / = /i-1;(2) R = Hi1 Mi = {r1, r2, . . . , rL}.

  • 4. Security analysis of the proposed scheme

    M.K. Khan et al. / Chaos, Solitons and Fractals 35 (2008) 519524 523the valid value of C1.5. Server spoong attack is completely solved by providing the mutual authentication between user and remote system.

    Remote system sends mutual authentication message {C2,Ts} to the user. If an attacker intercepts it and resends theforge message i.e. {CA,TA} to the user, it will be veried in steps 5 and 6 of the authentication phase because thevalue of C2 is computed by C2 = hc(hc(IDi x) Ts). In addition, replay of this message can be exposed becauseof the time stamp.

    6. The proposed scheme can prevent from the parallel session attack [14] and reection attack [15], because remoteserver and user check whether Tu = Ts, respectively.

    7. In the password change phase, user has to verify himself by ngerprint biometric and it is not possible toimpersonate a legal user, because biometric is unique [4,5]. Furthermore, the value of Bi is also compared withthe value of Ai on the mobile device. If these two values are not same, user is not allowed to change thepassword. Moreover, if the mobile device e.g. PDA or cell phone is stolen or theft, unauthorized users cannot change new password. Hence, our scheme is protected from the denial-of-service attack through stolendevice [16].In this section, we perform security analysis of the presented scheme.

    1. It is very dicult for anyone to derive the servers secret key x from the hash value of Ai = hc(IDi x), because ofthe security property of one-way hash functions [6].

    2. To withstand replay attacks, neither the replay of an old login message {IDi,C1,Tu} nor the replay of the remotesystems response {C2,Ts} will work. It would be failed in steps 2 and 5 of the authentication phase, because ofthe time interval validation, respectively.

    3. From the login message {IDi,C1,Tu}, it is infeasible to compute Bi by using equation C1 = hc(Bi Tu), because it iscomputed by the secure one-way chaotic hash function.

    4. Proposed scheme protects from the forgery attack and impersonation attack. An attacker can attempt to modifylogin message {IDi,C1,Tu} into {IDi,CA,TA}. However, this impersonation attempt will be failed in the step 3 ofthe authentication phase, because an attacker has no way of obtaining the value of Bi hcIDi x to compute1. Checks either if the format of IDi is invalid or Ts = Tu, where Ts is the current time stamp of the remote system, thenrejects the login request.

    2. If (Ts Tu) > DT, where DT denotes the expected valid time interval for transmission delay, then remote systemrejects the login request.

    3. Computes C1 hchcIDi x T u. If C1 is equal to the received C1, it means user is authentic and remote systemaccepts the login request, and performs step 4 otherwise, the login request is rejected.

    4. For the mutual authentication, remote system computes C2 = hc(hc(IDi x) Ts) and then sends mutual authenti-cation message {C2,Ts} to the Ui.

    5. Upon receiving the message {C2,Ts}, user veries either Ts is invalid or Tu = Ts, then user Ui terminates this sessionotherwise performs step 6.

    6. Ui computes C2 hcBi T s and compares C2? C2. If they are equal, user believes that the remote party is

    authentic system and the mutual authentication between Ui and remote server is completed, otherwise Ui terminatesthe operation.

    3.4. Password change phase

    Whenever Ui wants to change or update his old password pwi to the new password pw0i, he opens the login appli-

    cation on his mobile device and enters his IDi and pwi , and also imprints ngerprint biometric at the sensor. If Ui is

    successfully veried, mobile device performs the following operations without any help of the remote system:

    1. Computes Bi V i hcpwii Si hcIDi x.2. Veries whether Bi equals to the stored Ai or not. If they are equal, mobile device performs further operations, other-

    wise terminates the operation.3. Computes V 0i Bi hcpw0i Si.4. Stores V 0i on the users mobile device and replaces the old value of Vi. Now, new password is successfully updated

    and this phase is terminated.

  • 5. Conclusion

    In this paper, we have proposed a novel chaotic hash-based ngerprint biometric remote user authentication schemeon mobile devices. The proposed scheme is completely based on one-way collision free chaotic hash functions, and doesnot maintain password tables and biometrics database on the remote server. Furthermore, users can choose their pass-words freely and change or update them securely whenever they want. Moreover, by comparing with the traditional

    [10] Wang X, Feng D, Lai X, Yu H, Collisions for hash functions MD4, MD5, HAVAL-128 and RIPEMD. Cryptology ePrint

    [16] Yoon EJ, Ryu EK, Yoo KY. An improvement of HwangLeeTangs simple remote user authentication scheme. Comput Secur

    524 M.K. Khan et al. / Chaos, Solitons and Fractals 35 (2008) 5195242005;24:506.[17] M.K. Khan, Z. Jiashu, T. Lei, Chaotic secure content-based hidden transmission of biometrics templates. Chaos, Solitons &

    Fractals, Elsevier Science, doi:10.1016/j.chaos.2005.12.015, in press.Archive, Report 2004/199 (online). Available from: .[11] Wang XM, Jiashu Z, Wenfang Z. Keyed hash function based on composite nonlinear autoregressive lter. Acta Phys Sinica

    2005;54:556673 (in Chinese).[12] Dedieu H, Kennedy MP, Hasler M. Chaos shift keying: modulation and demodulation of a chaotic carrier using self-

    synchronizing Chuas circuits. IEEE Trans Circ Syst II 1993;40:63442.[13] Xiao D, Liao XF, Deng S. One-way hash function construction based on the chaotic map with changeable-parameter. Chaos,

    Solitons & Fractals 2005;24:6571.[14] Hsu CL. Security of Chien et al.s remote user authentication scheme using smart cards. Comp Stand Interfaces 2004;26:1679.[15] Mitchell C. Limitations of challenge-response entity authentication. Electron Lett 1989;25:11956.Die-Hellman or RSA based algorithm, the eciency of the proposed algorithm is very high because it is not involvedin any time-consuming modular exponential computing. Another merit of the proposed algorithm is that it is faster andecient to implement on the mobile devices, which have lower computation power. Hence, our proposed scheme can beeasily realized in the practical environment.


    This project is supported by the National Science Foundation of China (Grants 60572027), the Program for NewCentury Excellent Talents in University of China (Grant No. NCET-05-0794), the Sichuan Youth Science and Tech-nology Foundation (Grants No. 03ZQ026-033), the National Key Laboratory of Anti-jamming Communication Foun-dation of UESTC, China (Grant No. 51434110104QT2201, No. 51435080104QT2201, and No. 51435030105QT2201),and the Southwest Jiaotong University Doctors Innovation Funds 2005.


    [1] Lamport L. Password authentication with insecure communication. Commun ACM 1981;11:7702.[2] Hwang MS, Li LH. A new remote user authentication scheme using smart cards. IEEE Trans Consum Electron 2000;1:2830.[3] El Gamal T. A public-key cryptosystem and a signature scheme based on discrete logarithms. IEEE Trans Inform Theory

    1985;4:46972.[4] Jain AK, Uludag U. Hiding biometric data. IEEE Trans Pattern Anal Mach Intell 2003;112003:14948.[5] Jain AK, Hong L, Bolle R. On-line ngerprint verication. IEEE Trans Pattern Anal Mach Intell 1997;19:30214.[6] Sun HM. An ecient remote user authentication scheme using smart cards. IEEE Trans Consum Electron 2000;46:95861.[7] Xiao D, Liao XF, Wong KW. An ecient entire chaos-based scheme for deniable authentication. Chaos, Solitons & Fractals

    2005;23:132731.[8] Bellare M, Canetti R, Krawczyk H. Keying hash functions for message authentication. Adv Cryptology Crypto 96 Proc, LNCS

    1996;1109:115.[9] Boer BD, Bosselaers A. Collisions for the compression function of MD5. Adv Cryptology Eurocrypt93 Proc, LNCS


    Chaotic hash-based fingerprint biometric remote user authentication scheme on mobile devicesIntroductionChaotic cryptography and hash functionsChaotic hash-based biometric authentication schemeRegistration phaseLogin phaseAuthentication phasePassword change phase

    Security analysis of the proposed schemeConclusionAcknowledgementsReferences


View more >