Embed Size (px)
Citation preview
Chaos, Solitons and Fractals 35 (2008) 519–524
www.elsevier.com/locate/chaos
Chaotic hash-based fingerprint biometric remoteuser authentication scheme on mobile devices
Muhammad Khurram Khan *, Jiashu Zhang *, Xiaomin Wang
Research Group for Biometrics and Security, Sichuan Province Key Lab of Signal and Information Processing,
Southwest Jiaotong University, Chengdu 610031, Sichuan, PR China
Accepted 22 May 2006
Abstract
This paper presents an efficient and practical chaotic hash-based fingerprint biometric remote user authenticationscheme on mobile devices e.g. cell phone and PDA. Our scheme is completely based on the new family of one-way col-lision free chaotic hash functions, which are much efficient than modular exponentiation-based authentication schemese.g. RSA. Proposed scheme is two-factor authentication scheme and a user has to identify him with: something heknows (e.g. password) and something he is (e.g. fingerprint biometric). Security analysis shows that the proposedscheme provides secure, robust, and trustworthy remote authentication of mobile users over insecure network. In addi-tion, computational costs and efficiency of the proposed scheme are encouraging for the practical implementation in thereal environment.� 2006 Elsevier Ltd. All rights reserved.
1. Introduction
With the large scale proliferation of mobile technology, remote user authentication in e-commerce and m-commercehas become an indispensable part to access the precious resources. Remote authentication is a mechanism to authen-ticate remote users over insecure communication network. It is evident that with the passage of time, the volume ofmobile user authentication is overwhelmingly increasing because of easiness in accessing the resources at any remotelocation. Generally mobile devices used in the remote authentication are cell phones, personal digital assistant(PDA), and notebook computers. To spread the technology, commercial companies are providing remote authentica-tion of mobile users to access their resources remotely e.g. online banking and mobile commerce. A typical represen-tation of the mobile user remote authentication system is depicted in Fig. 1.
Password-based remote authentication schemes have been widely deployed to verify the legitimacy of the remoteusers. In 1981, Lamport [1] proposed a password-based authentication scheme using password tables to verify remoteuser over insecure network channel. In Lamport’s scheme passwords are stored in database on the remote machine. But,if the passwords are compromised or stolen by the attacker, then it could have catastrophic affect on the integrity ofthe whole authentication system. To reduce this risk, Hwang and Li [2] presented a novel id-based remote user
0960-0779/$ - see front matter � 2006 Elsevier Ltd. All rights reserved.doi:10.1016/j.chaos.2006.05.061
* Corresponding authors. Tel.: +86 28 87601756/87634091.E-mail addresses: [email protected] (M.K. Khan), [email protected] (J. Zhang).
Fig. 1. Remote user authentication using mobile devices.
520 M.K. Khan et al. / Chaos, Solitons and Fractals 35 (2008) 519–524
authentication method without using the password table, and their scheme is based on El Gamal public key encryptionmethod [3]. Their scheme stores user credentials on the smart card and there is no need to maintain passwords on theremote system.
Due to the security pitfalls of password-based authentication systems, there is a need to introduce newauthentication technology with or without traditional authentication schemes. The problems with passwords arethat they can be easily guessed, shared with others, and can be hacked or cracked. To improve the security,biometric has shown itself a proven state-of-the-art authentication technology, which cannot be shared with other,and is difficult to hack and guess. Recently, biometric-based authentication systems are becoming very popularbecause of their ability to differentiate between a legitimate user and imposter by verifying their physiological orbehavioral characteristics [4]. Most commonly use biometric techniques are face, fingerprint, iris, voice, and palmprint etc., but fingerprint-based biometric authentication systems have attracted more attention and mostlydeployed [5].
To overcome the drawbacks and pitfalls of only-password-based remote authentication systems, in this paper, wepropose an efficient and practical chaotic hash-based fingerprint biometric remote user authentication scheme onmobile devices. Because mobile devices have low computational power e.g. PDA, so our scheme is completely basedon the one-way collision free chaotic hash functions, which are computationally faster than modular exponentiationse.g. Diffie-Hellman, El Gamal, and RSA based encryption algorithms [6]. Our scheme allows users to choose andchange their passwords freely and securely, and length of passwords is according to user’s need and ease which hecan easily remember. Furthermore, user and remote system authenticate each other and perform mutual authentication.Moreover, there is no need to save the password tables and biometric database on the remote server. In addition, thecomputation cost, security, and efficiency of the presented scheme are embarking for the real application in the practicalenvironment. Besides, to the best of our knowledge this is the first attempt in the development of chaotic hash-basedfingerprint biometrics remote user authentication scheme on mobile devices.
Rest of the paper is organized as follows: Section 2 briefly reviews chaotic cryptography and hash functions, Section3 presents our efficient and practical chaotic hash-based biometric remote user authentication scheme, Section 4 per-forms security analysis of the proposed scheme, and Section 5 concludes this paper.
2. Chaotic cryptography and hash functions
Chaos is a deterministic process, which is ubiquitously present in the world. Because of its random like behavior,sensitivity to initial conditions and parameter values, ergodicity, and confusion and diffusion properties; chaotic cryp-tography has become an important branch of modern cryptography and has huge potential in protecting the assets[7,17].
A hash function is a one-way transformation that takes an arbitrary input and returns a fixed-size string, named ashash value or message digest [8]. Recent work on collision frequencies reveals many undiscovered flaws in conventionalcryptographic hash algorithms [9,10], and it is still a challenging open problem for further study of secure hash function.
M.K. Khan et al. / Chaos, Solitons and Fractals 35 (2008) 519–524 521
Utilizing some interesting characteristics of chaos, such as the sensitivity to initial condition and control parameter,ergodicity and mixing property, a chaotic hash algorithm was constructed in [11], which is based on an n-D nonlinearautoregressive filter. The iteration process of chaotic systems is one-way, which make them an ideal candidate to beused for the collision free one-way hash functions [13]. Combined the properties of chaos with cipher block chaining(CBC) mode in hashing process, the chaotic hash function can meet the requirements of cryptographic hash, thoughits further security analysis is very necessary for a reliable security system. Simultaneously, it can be efficiently imple-mented by filter structure. So in the currently proposed remote authentication scheme, we use it to take over the con-ventional cryptographic hash functions. The basic crux of this paper is to use the excellent achievements of chaoticregime of [11] in the development of remote user fingerprint biometric authentication for mobile or electroniccommerce.
For keeping the integrity of this paper, we briefly elaborate the construction of this chaotic hash as follows:The chaotic hash function used in [11] is an iterative hash function, which can be denoted by Eq. (1) and illustrated
in Fig. 2.
Fig.
ðH i;/iÞ ¼ F ð/i�1;H i�1 �MiÞ; i ¼ 1; 2; . . . ; s
HðMÞ ¼ H s
�ð1Þ
where F is a round function, /i is input value of F, Mi is the ith message subblock, Hi is the ith inter hash value andH(M) is the final hash value.
The round function in Fig. 2, denoted by F(Æ), is constructed on an n-dimensional autoregressive filter with change-able coefficients, which is defined by Eq. (2):
z1ðt þ 1Þ ¼ h � modPni¼1
cizi þ /
� �; zi 2 I ; / 2 U ¼ R
zkðt þ 1Þ ¼ zk�1ðtÞ; k ¼ 2; 3; . . . ; n
8><>: ð2Þ
where n is order of filter, z = (z1, . . . ,zn)T 2 Z = In denotes the vector of state variables, ci is filter coefficient, / isinput of filter, h(Æ) is a piecewise linear map defined by h:I! I, h(w) = mk Æ w + rk, w 2Wk � I, k 2 {1, . . . ,M}, andmod(Æ) is a modulo map given as modðvÞ ¼ v� 2 � vþ1
2
� �¼ v� 2 � lv 2 ½�1þ 2 � l; 1þ 2 � lÞ; l 2 G.
The complete hashing process is described as follows.Let L be the bit-length of hash value and satisfy L P 128. First of all, the original message M is padded such that its
length is multiple of L. Then M can be split into L-bit subblocks denoted by M = (M1,M2, . . . ,Ms), whereMi ¼ m1
i m2i m3
i � � �mLi .
Step 1. Input original message M with length m bits, m > 0.Step 2. Append padding bits (100. . .0)2 with length n (1 6 n 6 L, such that ðmþ nÞmodL ¼ 64Þ at the tail of M.
After padding, M is constituted by subblocks with L bits and each subblock is indicated as Mi (1 6 i 6 s).Note that the last subblock Ms ¼ M1
s � � �MLs is not yet full, more precisely, the rear part of the sth subblock,
Ms½M65s � � �ML
s �, is blank.Step 3. Append the rear blank part of sth subblock with the length of original message. Also, this shows that the ori-
ginal message’s length is less than 2L/2.Step 4. Calculate k pair of coefficients {ci} satisfied Kelber conditions, set initial vector H 0 ¼ f0gL
1 and secret keySK = {/0,r(0),ph}, where /0 is initial input signal, r(0) is the initial status of filter, and ph is break point ofh(Æ), respectively.
2. Block diagram of CBC mode in hashing process [11]. /0 is initial input value, H0 is initial vector, Hs is final hash value.
522 M.K. Khan et al. / Chaos, Solitons and Fractals 35 (2008) 519–524
Step 5. Algorithm:
For i=1 to s, repeatedly process for each subblock: (1) / = /i-1;(2) R = Hi�1 �Mi = {r1, r2, . . . , rL}.For j = 1 to L, modulate message block Mi by CSK mode:
(a) q = rj, select the qth sub-filter r(j) = uq(r(j�1),/,cq) and iterate one step;(b) H ji ¼ T nðrðjÞ0 Þ, where Tn(Æ) is a quantization function;
(3) H i ¼ H 1i H 2
i � � �H Li , /i ¼ r
ðLÞ0 .
Step 6. Output the hash value HðMÞ ¼ H s ¼ H 1s H 2
s � � �H Ls .
In the above hashing process, the message to be hashed is modulated into chaotic trajectory by CSK (chaotic shiftkeying) method, and a CBC mode [12] is introduced to expedite avalanche effect, so each bit of the final hash value isrelated to all the bits of original message M
0and secret key SK. Since the filter with varying parameters is a n-order
chaotic system with uniform distribution, and the coarse-graining quantization of its trajectory is uniform quantization,thus the hash value can furthest preserve uniform distribution in hash space while digital realization. Simultaneously,the algorithm has strong one-way property due to the irreversibility of quantization, h(Æ) and mod(Æ) operations duringiteration process. In the next section, we use chaotic hash function to implement our proposed remote authenticationscheme on mobile devices.
3. Chaotic hash-based biometric authentication scheme
In this section, we propose an efficient and practical chaotic hash-based fingerprint biometric remote userauthentication scheme on mobile devices. The presented scheme is composed of four phases namely,registration, login, authentication, and password change phase, which are presented in the followingsubsections.
3.1. Registration phase
In the registration phase, user Ui chooses his IDi and password pwi, and interactively submits to the registrationcenter. Ui also imprints his fingerprint impression at the sensor, and then registration system performs the followingoperations:
1. Computes Ai = hc(IDi � x), where x is the private key of the remote system and hc(Æ) is collision free one-way chaotichash function, as generated in Section 2.
2. Computes Vi = Ai � hc (pwi � Si), where Si is the extracted fingerprint template of the user.3. Remote system personalizes the secure information {IDi,Ai,Vi,Si,hc(Æ)} and saves into the system of the Ui.
3.2. Login phase
If Ui wants to login into the system, he opens the login application software, enters IDi and pw�i , and imprintsfingerprint biometric at the sensor. If Ui is successfully verified by his fingerprint biometric, mobile device performsthe following operations:
1. Computes Bi ¼ V i � hcðpw�i � SiÞ, and verifies whether Bi equals to the stored Ai or not. If they are equal, user’sdevice performs further operations, otherwise terminates the operation.
2. Computes C1 = hc(Bi � Tu), where Tu is the current timestamp of the device.3. At the end of login phase, Ui sends login message m = {IDi,C1,Tu} to the remote server over an insecure
network.
3.3. Authentication phase
In the authentication phase, remote system receives the message from the user and performs the followingoperations:
M.K. Khan et al. / Chaos, Solitons and Fractals 35 (2008) 519–524 523
1. Checks either if the format of IDi is invalid or Ts = Tu, where Ts is the current time stamp of the remote system, thenrejects the login request.
2. If (Ts � Tu) > DT, where DT denotes the expected valid time interval for transmission delay, then remote systemrejects the login request.
3. Computes C�1 ¼ hcðhcðIDi � xÞ � T uÞ. If C�1 is equal to the received C1, it means user is authentic and remote systemaccepts the login request, and performs step 4 otherwise, the login request is rejected.
4. For the mutual authentication, remote system computes C2 = hc(hc(IDi � x) � Ts) and then sends mutual authenti-cation message {C2,Ts} to the Ui.
5. Upon receiving the message {C2,Ts}, user verifies either Ts is invalid or Tu = Ts, then user Ui terminates this sessionotherwise performs step 6.
6. Ui computes C�2 ¼ hcðBi � T sÞ and compares C�2? ¼ C2. If they are equal, user believes that the remote party isauthentic system and the mutual authentication between Ui and remote server is completed, otherwise Ui terminatesthe operation.
3.4. Password change phase
Whenever Ui wants to change or update his old password pwi to the new password pw0i, he opens the login appli-cation on his mobile device and enters his IDi and pw�i , and also imprints fingerprint biometric at the sensor. If Ui issuccessfully verified, mobile device performs the following operations without any help of the remote system:
1. Computes Bi ¼ V i � hcðpwi�i � SiÞ ¼ hcðIDi � xÞ.2. Verifies whether Bi equals to the stored Ai or not. If they are equal, mobile device performs further operations, other-
wise terminates the operation.3. Computes V 0i ¼ Bi � hcðpw0i � SiÞ.4. Stores V 0i on the user’s mobile device and replaces the old value of Vi. Now, new password is successfully updated
and this phase is terminated.
4. Security analysis of the proposed scheme
In this section, we perform security analysis of the presented scheme.
1. It is very difficult for anyone to derive the server’s secret key x from the hash value of Ai = hc(IDi � x), because ofthe security property of one-way hash functions [6].
2. To withstand replay attacks, neither the replay of an old login message {IDi,C1,Tu} nor the replay of the remotesystem’s response {C2,Ts} will work. It would be failed in steps 2 and 5 of the authentication phase, because ofthe time interval validation, respectively.
3. From the login message {IDi,C1,Tu}, it is infeasible to compute Bi by using equation C1 = hc(Bi � Tu), because it iscomputed by the secure one-way chaotic hash function.
4. Proposed scheme protects from the forgery attack and impersonation attack. An attacker can attempt to modifylogin message {IDi,C1,Tu} into {IDi,CA,TA}. However, this impersonation attempt will be failed in the step 3 ofthe authentication phase, because an attacker has no way of obtaining the value of B�i ¼ hcðIDi � xÞ to computethe valid value of C1.
5. Server spoofing attack is completely solved by providing the mutual authentication between user and remote system.Remote system sends mutual authentication message {C2,Ts} to the user. If an attacker intercepts it and resends theforge message i.e. {CA,TA} to the user, it will be verified in steps 5 and 6 of the authentication phase because thevalue of C2 is computed by C2 = hc(hc(IDi � x) � Ts). In addition, replay of this message can be exposed becauseof the time stamp.
6. The proposed scheme can prevent from the parallel session attack [14] and reflection attack [15], because remoteserver and user check whether Tu = Ts, respectively.
7. In the password change phase, user has to verify himself by fingerprint biometric and it is not possible toimpersonate a legal user, because biometric is unique [4,5]. Furthermore, the value of Bi is also compared withthe value of Ai on the mobile device. If these two values are not same, user is not allowed to change thepassword. Moreover, if the mobile device e.g. PDA or cell phone is stolen or theft, unauthorized users cannot change new password. Hence, our scheme is protected from the denial-of-service attack through stolendevice [16].
524 M.K. Khan et al. / Chaos, Solitons and Fractals 35 (2008) 519–524
5. Conclusion
In this paper, we have proposed a novel chaotic hash-based fingerprint biometric remote user authentication schemeon mobile devices. The proposed scheme is completely based on one-way collision free chaotic hash functions, and doesnot maintain password tables and biometrics database on the remote server. Furthermore, users can choose their pass-words freely and change or update them securely whenever they want. Moreover, by comparing with the traditionalDiffie-Hellman or RSA based algorithm, the efficiency of the proposed algorithm is very high because it is not involvedin any time-consuming modular exponential computing. Another merit of the proposed algorithm is that it is faster andefficient to implement on the mobile devices, which have lower computation power. Hence, our proposed scheme can beeasily realized in the practical environment.
Acknowledgements
This project is supported by the National Science Foundation of China (Grants 60572027), the Program for NewCentury Excellent Talents in University of China (Grant No. NCET-05-0794), the Sichuan Youth Science and Tech-nology Foundation (Grants No. 03ZQ026-033), the National Key Laboratory of Anti-jamming Communication Foun-dation of UESTC, China (Grant No. 51434110104QT2201, No. 51435080104QT2201, and No. 51435030105QT2201),and the Southwest Jiaotong University Doctors Innovation Funds 2005.
References
[1] Lamport L. Password authentication with insecure communication. Commun ACM 1981;11:770–2.[2] Hwang MS, Li LH. A new remote user authentication scheme using smart cards. IEEE Trans Consum Electron 2000;1:28–30.[3] El Gamal T. A public-key cryptosystem and a signature scheme based on discrete logarithms. IEEE Trans Inform Theory
1985;4:469–72.[4] Jain AK, Uludag U. Hiding biometric data. IEEE Trans Pattern Anal Mach Intell 2003;112003:1494–8.[5] Jain AK, Hong L, Bolle R. On-line fingerprint verification. IEEE Trans Pattern Anal Mach Intell 1997;19:302–14.[6] Sun HM. An efficient remote user authentication scheme using smart cards. IEEE Trans Consum Electron 2000;46:958–61.[7] Xiao D, Liao XF, Wong KW. An efficient entire chaos-based scheme for deniable authentication. Chaos, Solitons & Fractals
2005;23:1327–31.[8] Bellare M, Canetti R, Krawczyk H. Keying hash functions for message authentication. Adv Cryptology – Crypto ’96 Proc, LNCS
1996;1109:1–15.[9] Boer BD, Bosselaers A. Collisions for the compression function of MD5. Adv Cryptology – Eurocrypt’93 Proc, LNCS
1994;765:293–304.[10] Wang X, Feng D, Lai X, Yu H, Collisions for hash functions MD4, MD5, HAVAL-128 and RIPEMD. Cryptology ePrint
Archive, Report 2004/199 (online). Available from: <http://eprint.iacr.org/2004/199/>.[11] Wang XM, Jiashu Z, Wenfang Z. Keyed hash function based on composite nonlinear autoregressive filter. Acta Phys Sinica
2005;54:5566–73 (in Chinese).[12] Dedieu H, Kennedy MP, Hasler M. Chaos shift keying: modulation and demodulation of a chaotic carrier using self-
synchronizing Chua’s circuits. IEEE Trans Circ Syst II 1993;40:634–42.[13] Xiao D, Liao XF, Deng S. One-way hash function construction based on the chaotic map with changeable-parameter. Chaos,
Solitons & Fractals 2005;24:65–71.[14] Hsu CL. Security of Chien et al.’s remote user authentication scheme using smart cards. Comp Stand Interfaces 2004;26:167–9.[15] Mitchell C. Limitations of challenge-response entity authentication. Electron Lett 1989;25:1195–6.[16] Yoon EJ, Ryu EK, Yoo KY. An improvement of Hwang–Lee–Tang’s simple remote user authentication scheme. Comput Secur
2005;24:50–6.[17] M.K. Khan, Z. Jiashu, T. Lei, Chaotic secure content-based hidden transmission of biometrics templates. Chaos, Solitons &
Fractals, Elsevier Science, doi:10.1016/j.chaos.2005.12.015, in press.
