www.ietdl.

org
Published in IET Information Security
Received on 11th December 2011
Revised on 5th October 2012
Accepted on 21st November 2012
doi: 10.1049/iet-ifs.2011.0348

ISSN 1751-8709

Robust elliptic curve cryptography-based three

factor user authentication providing privacy of
biometric data
Hsiu-Lien Yeh1, Tien-Ho Chen2, Kuei-Jung Hu2, Wei-Kuan Shih2
1

Institute of Information System and Applications, National Tsing Hua University, Hsinchu 30013, Taiwan
Department of Computer Science, National Tsing Hua University, Hsinchu 30013, Taiwan
E-mail: s9865805@m98.nthu.edu.tw

Abstract: Recently, to achieve privacy protection using biometrics, Fan and Lin proposed a three-factor authentication scheme
based on password, smart card and biometrics. However, the authors have found that Fan and Lins proposed scheme (i) has aws
in the design of biometrics privacy, (ii) fails to maintain a verication table, making it vulnerable to stolen-verier attack and
modication attack, and (iii) is vulnerable to insider attacks. Thus, the authors propose an elliptic curve cryptography-based
authentication scheme that is improved with regard to security requirements. The authors proposed scheme overcomes the
aws of Fan and Lins scheme and is secured from attacks. Furthermore, the authors have presented a security analysis of
their scheme to show that their scheme is suitable for the biometric systems.

Introduction

With the current advance of network services, proper user

identication for remote user authentication over insecure
communication channels is increasingly essential. Contrary
to traditional password-based remote user authentication,
biometrics-based authentication has greater security and is
more reliable for remote user authentication [1]. In addition,
some three-factor authentication schemes have been
proposed in many publications [28]. Biometrics-based
authentication systems are increasingly common for remote
user identity authentication schemes. Owing to its
physiological or behavioural characteristics, remote
authentication schemes can provide enhanced security using
such techniques as ngerprint verication, iris analysis,
facial analysis, handwritten signature verication and
keystroke analysis [1, 9].
Recently, Lee et al. [2] proposed a remote user
authentication scheme based on smart card and ngerprint
without a verication table to maintain records. In [3], the
scheme of Lee et al. is vulnerable to the masquerade attacks
and replay attacks, and Khan and Zhang [4] Li and Hwang
[5] showed that Lin and Lais scheme is vulnerable to the
server spoong attack and does not provide proper mutual
authentication. In 2008, Rhee et al. [6] pointed out that
Khan and Zhangs scheme [4] is vulnerable to
impersonation attacks and ofine dictionary attacks. Later,
Li and Hwang [5] proposed the lower computation scheme
and it is based on smart card, the one-way hash function
and biometrics verication. However, Li et al. [7] point out
that Li and Hwangs scheme fails to provide proper mutual
authentication and is vulnerable to man-in-the-middle
IET Inf. Secur., 2013, Vol. 7, Iss. 3, pp. 247252
doi: 10.1049/iet-ifs.2011.0348

attacks. Unfortunately, the scheme of Li et al. fails to

securely update the new password and is also insecure.
The above-mentioned schemes consider privacy protection
using biometrics on the users side, without considering
biometric characteristics on the servers side. For privacy
protection using biometrics, the biometric data and settings
have to be considered. Some methods, such as those based
on error-correcting codes [10] and fuzzy encryption [11],
use biometric data to key encrypt and extract a secret and
then match the biometric template. In order to provide
mutual authentication, biometric data have to be stored on
the users side and the servers side. Storing biometric data
on the servers side leads to increasing concerns with regard
to privacy protection. In Fan and Lins scheme [9], user
data is only stored on the users side while still permitting
the server to perform the authentication. Thus, a three-factor
(smart card, password, biometric) authentication scheme
with privacy protection on biometrics is proposed. The
privacy of biometric recognition is protected because the
server can perform the authentication procedure without the
users actual biometric data. As the server does not need to
maintain a database of users passwords and biometric data,
privacy protection is enhanced. In addition, account setup
for users is less complicated.
It is still subject to privacy and security threats despite the
benets of Fan and Lins scheme. It is obvious that Fan and
Lins scheme needs to maintain a verication table in order
to provide protection from inside attacks. In this paper, our
authentication scheme employs a different approach. We
improve the scheme of Fan and Lin and enhance the
security and privacy protection. This leads to a robust
three-factor remote authentication protocol based on the
247

& The Institution of Engineering and Technology 2013

www.ietdl.org
elliptic curve cryptography (ECC). We propose a more secure
and practical authentication scheme.
The remainder of this paper is organised as follows. In
Section 2, we review the Fan and Lin scheme including
cryptanalysis of their scheme. In Section 3, we present the
ECC preliminaries for our scheme. In Section 4, we
propose a robust three-factor biometric-based authentication
scheme with ECC. Then, in Section 5, we provide the
security analysis and comparisons. Finally, we present some
concluding remarks in Section 6.

Review of Fan and Lins scheme

In this section, we briey review the scheme of Fan and Lin

[9] using a three-factor authentication scheme and state the
essential details. First, we summarise the notations used
throughout this paper as follows.

Ui: The ith user

IDi: The identity of the user Ui
PWi: The password of Ui
h(): A public one-way hash function
||: string concatenation operation
E(): A symmetric encryption function
K: The function of XOR operation with secret key k
Si: The iris template of the user Ui
Si(): The encryption function with biometric template Si
r: A random string
u: A random string
A: An extracting algorithm
: A string XOR operation
: A common channel
: A secure channel

2.1

Initialisation phase

In order to provide privacy protection, the server sets up

security parameters for users that have made a biometric
match. That is, the key pair ( pk, sk) for public-key
cryptosystems and a secret key (x) for secret-key
cryptosystems are prepared. The result (x, sk), called secret
parameter, is used by the server.
2.2

Registration phase

In this phase, user Ui has an identity IDi to register the license

and the detailed steps are stated as follows:
Step 1: Ui server: {IDi, h(PWi), SSi}.
After taking the Uis iris as the biometric characteristic, it
scans to a template Si through a capturer. Next, the Ui
computes SSi = r(Si) = r Si,
where user chooses a
random string r and encrypts it using a template Si. Then,
Ui sends {IDi, h(PWi), SSi} to the remote server via a
secure channel.
Step 2: Server Uis smart card: {IDi, yi, h(.), pk}.
After receiving a message from Ui, the remote server
computes yi = Ex(IDi||h(PWi)|| SSi) and records IDi in a
verication table, in order to check whether the login
identity is registered. Finally, the result {IDi, yi, h(), pk} is
stored in the smart card and delivers to Ui via a secure
channel.
Step 3: The sketch Si(r) is stored in the smart card using his/
her biometric template Si as an encryption key.
248
& The Institution of Engineering and Technology 2013

2.3

Login and authentication phase

During the login phase, Ui inserts a smart card into the card
reader and then enters a PWi* and allows to scan his/her
iris biometric characteristic in order to login to the remote
server. Then, the smart card performs the following
operations:
Step 1: Ui inputs the personal biometrics, Si*, and the random
string r is decrypted by the sketch Si (r) function using Si* to
retrieve (r = A(Si (r), Si*). Then, the smart card will compute
the value SSi* = r(Si*) = r Si*.
Step 2: Ui Server: {C0 = epk(IDi|| yi ||u)}
Ui randomly chooses string u to derive the C0 = epk(IDi|| yi ||
u) where epk() denotes the public key encryption function of
the server with the pk.
During the authentication phase, the server executes the
following operations to verify the legitimacy.
Step 1: The server checks whether the IDi is legitimacy.
According to the records of a verication table, the server
can verify whether IDi is legitimacy. First, the server must
decrypt the C0 message to obtain yi with the private key sk
and then the (IDi|| h(PWi) ||SSi) is derived from secret key x.
Step 2: Then, checks whether the value IDi of C0 and yi is
equal. If the validity of IDi is assured, the server can use
the h(PWi || SSi) later and proceed the remaining step.
Step 3: Server Ui: {C1 = Eu(SID||v)}.
The server randomly chooses the v and derives the u from
above step, besides it computes the C1 = Eu(SID||v), where
SID denotes the servers identity. Then, the server sends the
C1 message to Ui.
Step 4: After receiving the C1 message, the Ui can decrypt the
C1 to obtain (SID||v). Then, Uis smart card checks whether
the C1 come from the server or not and obtains the value of
v to proceed the next step.
Step 5: Ui Server: {C2 = Ev(IDi || h(PWi*) || SSi*)}.
Ui sends the {C2 = Ev(IDi || h(PWi*) || SSi*)}to the server.
Step 6: Checks h(PWi)? = h(PWi*) and veries if (SSi*, SSi)
is within the threshold.
When server checks that h(PWi) = h(PWi*) and the (SSi*,
SSi) is within the dened threshold, it means that the server
will accept the login request and the process is authorised.
Here, denotes the biometric matching algorithm.

2.4

Cryptanalysis of Fan and Lins scheme

In this section, we have analysed the security aws of Fan and

Lins scheme and found the following assumptions to prove
the weaknesses of their scheme.
Assumption 1: When the remote user logs in to the system, the
server will attempt to validate the users identity according to
the servers verication table. That is, the server veries that
the login identity and the identity stored in the verication
table are exactly the same. Otherwise, the user is unable to
pass the authentication and request is terminated.
The Fan and Lins proposed scheme requires storing the IDi to
the inside verication tables of remote server. If the adversary
successfully manages the server after owning the right of
authentication, the information of a verication table could
be stolen. Then, the adversary can read the verication table
IET Inf. Secur., 2013, Vol. 7, Iss. 3, pp. 247252
doi: 10.1049/iet-ifs.2011.0348

www.ietdl.org
and utilises Trojan Horse program to steal the login
information of a user. Further, the yi = Ex(IDi|| h(PWi)|| SSi)
will be easily retrieved by the adversary. Owing to the
encrypted data (yi) is easy to break by simple dictionary
attacks. The adversary may try to be derived the encrypted
data with mapping the identity or biometric data. In
addition, this property that need of a verication table may
not able to resist the stolen-verier attack and modication
attack [12]. Therefore a verication table is stored inside
computer and suffers easily from an adversarys attacks.
Assumption 2: During the authentication phase, the server has
own identity symbol and encrypts a message with a random
string. Then, the servers identity can be inspected using
users smart card. In a word, the user successfully logins
the server and proceeds the remaining operation.
Assume that the adversary uses the SID* to impersonate SID
and replays messages to the remote server to encrypt C1* with
a random string v. Then, the adversary sends the messages to
the user. Until the users smart card accepts the pretended
SID*. Thus, a user will encrypt the function with the
adversarys random string v and send the encryption
messages to the adversary. Since the adversary owns the
password and biometric data, the remote server can accept
by the adversarys login request.
Assumption 3: In registration phase, a user Ui has an identity
IDi to register the license for remote server. The privileged
server has the ownership of the user Uis authentication
key. Additionally, the Fan and Lins scheme must record
IDi to a verication table inside remote server. Assuming
remote server can perform to check whether IDi is
legitimacy and performing some steps of Fan and Lins
scheme in the authentication phase.
When Ui want to register to more than one server with the
same identity IDi and authentication key h(PWi), any server
can impersonate the eligible user and access other servers to
obtain a login request. The registration in Fan and Lins
scheme, a user Ui has the same authentication key for each
system or server with the same password. When an
adversary obtain Uis identity IDi and authentication key,
he/she can impersonate Ui to access the authentication
server. Once a users login information is stolen, the server
will accept the adversary login request. Furthermore, the
adversary can request to login and possibly pass the
authentication. Obviously, the insider attack is possible in
the assumption.

ECC preliminaries

In the section, we introduce some preliminary information

about the fundamentals of ECC. In 1985, Victor Miller and
Neil Koblitz proposed a secure and efcient ECC [13, 14].
An elliptic curve is a cubic equation of the form:
E: y 2 + axy + by = x 3 + cx 2 + dx + e, where a, b, c, d, e are
real numbers.
With regard to cryptography, we focus on the nite eld of
ECC and aim mainly at the prime p of elliptic curve group.
The mathematical equation of ECC satises the form



E : y2 = x3 + ax + b mod p
with a, b Fp satisfying (4a 3 + 27b 2)mod p 0.
IET Inf. Secur., 2013, Vol. 7, Iss. 3, pp. 247252
doi: 10.1049/iet-ifs.2011.0348

Let Fp denote the nite eld of points, where p is a large

prime number and containing x, y, a, b elements. The
equation points and the point at innity O compose the
elliptic curve group over real numbers. We nd a large
prime number n such that n P = O using the elliptic curve
addition algorithm. Here, denotes an elliptic curve
multiplication. The arithmetic of elliptic curve discrete
logarithm problem (ECDLP) is given points Q and P,
where Q, P Fp and are both publicly known, determine
the random number , 0 < < n 1, and compute Q as:
Q = P satises. It is hard to determine given Q and P,
namely, ECDLP is a difcult mathematical problem such
that the security is achieved. The analogue of Dife
Hellman key exchange uses elliptic curve characteristic to
complete key exchange. The key exchange between UA and
UB can be done as follows (here denotes an elliptic curve
multiplication):
1. The user UA chooses a random integer rA as a private key,
where rA < n and computes the public key QA as: QA = rA P.
Then, UA sends QA to the user UB.
2. The user UB selects a random integer rB as a private key,
where rB < n and computes the public key QB as: QB = rB
P. UB sends QB to UA.
3. UA can compute shared key KA = rAQB = rA rB P and UB
can compute shared key KB = rB QA = rB rA P. In this
manner, we nd KA = KB.

4 Robust biometrics-based authentication

scheme using ECC
We propose a robust three-factor authentication scheme with
the ECC for the network communication. Our enhanced
scheme involves the use of the ECC, a smart card and a
biometric characteristic. A three-factor authentication
scheme involves a user, a server and consists of four
phrases: initiation phase, registration phase, login phase and
authentication phase. Our scheme is described in Fig. 1 and
detailed steps of phases are as follows:
4.1

Initiation phase

In the system initiation phase, the server sets up the following

system parameters for session key generation:
1. The user and server choose an elliptic curve of order n over
Ep(a, b) generated by P, where n is a large prime number
because of security considerations.
2. The eligible server randomly selects qs Z*P as its own
private key, and then computes the point multiplication as
users authentication key. That is, the server computes the
corresponding public key Qs = qs P.
3. The server employs the one-way hash function h(.).
4. The server stores the private key qs and generates the
message {Ep(a, b), P, Qs}.
4.2

Registration phase

In this phase, the Ui wants to register to the remote server and

setup the secret codes into the smart card for the Ui.
Step 1: Ui server: {IDi, h(PWi r), r(Si)}
The Ui enters his/her username IDi and password PWi for
computing h(PWi r). Here, Ui scans the biometric
characteristic as a template Si and chooses a random string r
249

& The Institution of Engineering and Technology 2013

www.ietdl.org

Fig. 1 Proposed scheme

to encrypt as r(Si) = r Si using an encryption key Si. That

is, the user submits his/her IDi, h(PWi r), and r(Si) to
remote server if the user wants to convert into a new
eligible user.
Step 2: Server Uis smart card: {W, h(.), P, Qs}.
After receiving the message from Ui, the server computes
QS = qs P and W = h(P h(PWi r)). Finally, the server
stores the secret parameters {W, h(.), P, Qs} to a smart card
and issues the smart card to the user over a secure channel.
Step 3: The Ui checks the W in the smart card.
Uis smart card checks whether W = h(P h(PWi r)) is
correct. If the condition is true, the user will accept the
smart card from the server via a secure channel. Otherwise,
the user will reject the smart card. That is, the smart card
does not come from the server.
Step4: The sketch Si(r) is stored in the smart card using his/
her biometric template Si as an encryption key.

4.3

Login phase

Step 1: Ui submits a PWi* and his/her own biometrics, Si*,

and the random string ri = A(Si(r)) is decrypted by the
sketch Si(r) function which using Si* to retrieve. Then,
the smart card will compute the value SSi* = r(Si*) = ri
Si*.
Step 2: The server validates W.
250
& The Institution of Engineering and Technology 2013

The server computes W and validates whether W = h(P h

(PWi* ri)) is correct. If it holds true, the system accepts the
login and proceeds the authentication phase. Otherwise,
server rejects the login request and authentication is
terminated.
4.4

Authentication phase

After receiving the login request from the user, the detail
descriptions of the authentication phase are described in the
following operations.
Step 1: Ui Server: m1 = {Q1, Qu, Mu}
The Ui randomly chooses a private key qu = ri* and
computes Qu = qu P, where Qu is Uis public key (Here,
let the random string ri convert to ri* Zp*, ri* < n). Then
Ui computes the following formulas for the authentication
procedure. Recall that QS is the servers public key in the
system initiation phase.
Q1 = qu QS
Mu = Nu + Qu + Q1, where Nu is chosen by SSi* which is
provided by Ui.
Then, Ui sends the m1 = {Q1, Qu, Mu} to the server.
Step 2: Server verify whether the m1 message come from Ui.
After receiving the m1 message, the server computes
IET Inf. Secur., 2013, Vol. 7, Iss. 3, pp. 247252
doi: 10.1049/iet-ifs.2011.0348

www.ietdl.org
equal, then sends the m2 message {TS, MS, QS*} to user Ui.
That is, the user Ui is a legal user. Then the user Ui checks
the condition whether Nu** = Nu. Finally, the server
validates whether NS** is equal to NS. This enables both
communicating parties to be assured of the eligible identity.

QS = qS P and Q1 = qS Qu and then checks whether the

Nu* = Mu Qu Q1 = Nu is correct. If it holds true, the m1
message denitely comes from the Ui, otherwise, the
verication is failure.
Step 3: Server Ui: m2 = {TS, MS, QS*}
The server computes QS* = qS* P and TS = Nu* + QS + Q1
and MS = NS + QS + Q1 + Nu*, where the NS is chosen by SID
which is provided by the server. Then, the server sends the m2
message {TS, MS, QS*} to Ui.
Step 4: Ui Server:m3 {L = NS + Qu + Q1}
After receiving the m2 message, Ui computes Nu** and
checks whether Nu** = TS QS* Q1 = Nu is correct. If it
holds true, the m2 message surely comes from the server,
otherwise, the verication is false. Ui computes NS* = MS
QS Q1 Nu* and L = NS* + Qu + Q1, and then sends the
m3 message {L = NS + Qu + Q1} to the server.
Step 5: Server checks NS.

5.2.2 Resist insider attacks: As for convenience, some

users are registered to different systems or servers with the
same password. If an adversary owns authority and steals
another users password, then the adversary masquerades
the eligible user to login the system. Note that in our
registered phase, a user Ui has the different authentication
key for each system or server with the same password PWi.
The user Uicomputes the authentication key h(PWi r) and
accesses the remote server, where PWi is chosen by the
user Ui. Therefore our scheme can resist insider attacks.
5.2.3 No need of a verication table: Our scheme is
based on the ECC mechanism, and the remote server has
no need to store the password or a verication table in the
computer. That is, the remote server only maintains the
secret parameters. Then the remote server can authenticate
whether the user is allowed to login. Thus, the proposed
scheme can resist the stolen-verier attack and modication
attack.

The remote server compares NS with computed NS** = L

Qu Q1 and these two are the same. If it holds true, the server
accepts the Uis login request. Otherwise, the server rejects
the login request.

Security analysis and comparisons

5.2.4 Allow user securely to change or update

password: Our proposed scheme can securely accept the
users demand for changing or updating password after
entering system. The Ui can compute the new value h
(PWi* r) and sent the message {IDi, h(PWi* r), r(Si)}
to the remote server. After receiving the demand for
password change, the remote server computes the new
value to update W* = h(P h(PWi* r)) into the smart
card. Thus, the original value of W has been replaced by
the use of new value W*.

5.1 Security requirements in remote user

authentication scheme
Owing to resistance to various attacks, some security
requirements are essential and need to be considered for
evaluating identity authentication. Liao et al. [12] proposed
ten independent requirements and previous research [3, 7]
indicates that a secure remote user authentication scheme
should t in with the several conditions. For instance,
provided with mutual authentication, there is no need of a
verication table to store in the remote server, which allows
the user to choose his/her identity, updates a password
freely etc. Furthermore, FanLins scheme fails to provide
security requirements.
5.2

5.3

Comparisons

Recall that the scheme of Fan and Lin [9] and other [47, 15,
16], we compare our scheme with other referenced schemes in
security properties and computation cost. Table 1 summarises
the comparisons among our scheme and other referenced
schemes.
Obviously, our scheme can overcome the security aws
of Fan and Lin and other schemes. As for computation
cost, the exclusive-OR operation is negligible because it
usually requires few computation. We can divide the ECC
computation time of our scheme into two parts: the scalar
multiplication operation and point addition operation. Our

Security against the diverse attacks

5.2.1 Proper mutual authentication: Our authentication

scheme is based on ECC and provides the proper mutual
authentication between the user and the server. In login
phase, the users password can be veried by the server
computing W = h(P h(PWi* ri)). During authentication
phase, the user Ui sends the m1 message to the remote
server. The server rst validates whether the Nu* = Nu is
Table 1 Comparison among the referenced schemes
Security item

proper mutual authentication

resist insider attack
resist stolen-verifier attack and
modification attack
without a verification table
securely change/update password
registration phase
login and authentication phase

Our scheme

LinLai scheme
[3]

KhanZhang
scheme [4]

FanLi scheme
[9]

LiHwangs
scheme [5]

yes
yes
yes

no
yes
no

es
yes
yes

yes
no
no

no
yes
yes

yes
yes
2H + PA
TA + H + 7PA +
4PM

yes
yes
1H + 1E
3H + 4E

yes
no
2H
7H

no
yes
H + Tmec
TA + 7Tmec

yes
yes
3H
7H

H, the time spent in hashing operation; PM, the time spent in scalar multiplication operation of elliptic curve; PA, the time spent in
point addition operation of elliptic curve; E, the exponent polynomial computation time; Tmec, the computation time for private key
computation and public key with nameless method; TA, the time spent in extracting algorithm.
IET Inf. Secur., 2013, Vol. 7, Iss. 3, pp. 247252
doi: 10.1049/iet-ifs.2011.0348

251

& The Institution of Engineering and Technology 2013

www.ietdl.org
scheme requests only three hash operations and 12 ECC
computations. We can realise that PA, PM calculates a
cubic equation at most and H calculates a linear equation
or quadratic equation at most. Besides, our proposed
scheme is computed through combination of point
addition and point multiplication, point multiplication is
dened by repeated addition. Note that the computation
costs of Tmec and E are relatively higher than PA, PM
because Tmec calculates a nameless function and E needs
polynomial computation cost. Thus, our computation cost
is relatively low compared with the referenced schemes
except KhanZhang and LiHwangs scheme. In terms of
the requirements for a remote user authentication scheme,
our proposed scheme solves all listed table problems.

Conclusions

Obviously, biometric-based authentication can assure more

reliable authentication than traditional password-based
authentication. In addition, recent concerns in
biometric-based authentication focus on the issues of
security and privacy protection. In this paper, we propose
a robust three-factor remote user authentication scheme
based on the ECC. In our assumption analysis, we point
out the drawbacks of Fan and Lins scheme. That is, the
scheme of Fan and Lin fails to resist insider attacks,
stolen-verier attacks and modication attacks, and has
security pitfalls because of the storage of a verication
table inside the server. In addition, we found the other
referenced schemes to be less secure and less resistant to
attack. Our proposed scheme can overcome security
pitfalls and strengthen the security and privacy protection.
Our scheme is practical and suitable for biometrics-based
remote authentication.

252
& The Institution of Engineering and Technology 2013

References

1 Matyas, V.J., Riha, Z.: Toward reliable user authentication through

biometrics, IEEE Secur. Priv. Mag., 2003, 1, pp. 4549
2 Lee, J.K., Ryu, S.R., Yoo, K.Y.: Fingerprint-based remote user
authentication scheme using smart cards, Electron. Lett., 2002, 38,
pp. 554555
3 Lin, C.H., Lai, Y.Y.: A exible biometrics remote user authentication
scheme, Comput. Stand. Interfaces, 2004, 27, pp. 1923
4 Khan, M.K., Zhang, J.S.: Improving the security of a exible
biometrics remote user authentication scheme, Comput. Stand.
Interfaces, 2007, 29, pp. 8285
5 Li, C.T., Hwang, M.S.: An efcient biometrics-based remote user
authentication scheme using smart cards, J. Netw. Comput. Appl.,
2010, 33, pp. 15
6 Rhee, H.S., Kwon, J.O., Lee, D.H.: A remote user authentication scheme
without using smart cards, Comput. Stand. Interfaces, 2008, 31, pp. 613
7 Li, X., Niu, J.W., Ma, J., Wang, W.D., Liu, C.L.: Cryptanalysis and
improvement of a biometric-based remote authentication scheme using
smart cards, J. Netw. Comput. Appl., 2011, 34, pp. 7379
8 Kim, H.J.: Biometrics, is it a viable proposition for identity authentication
and access control, Comput. Secur., 1995, 14, pp. 205214
9 Fan, C.I., Lin, Y.H.: Provably secure remote truly three-factor
authentication scheme with privacy protection on biometrics, IEEE
Trans. Inf. Forensics Sec., 2009, 4, pp. 933945
10 Davida, G.I., Matt, B.J., Peralta, R., Frankel, Y.: On the relation of
error correction and cryptography to an ofine biometric based
identication scheme. Processing Workshop Coding Cryptography,
1999, pp. 129138
11 Jain, A.K., Nandakumar, K., Nagar, A.: Biometric template security,
EURASIP J. Adv. Signal Process., 2008, 2008, (113), pp. 117
12 Liao, I.E., Lee, C.C., Hwang, M.S.: A password authentication scheme
over insecure networks, J. Comput. Syst. Sci., 2006, 72, pp. 727740
13 Koblitz, N.: Elliptic curve cryptosystems, Math Comput., 1987, 48,
pp. 203209
14 Miller, V.: Uses of elliptic curves in cryptography. Advances in
Cryptology Crypto85 Proc., 1985, (LNCS, 218), pp. 417426
15 Yeh, H.L., Chen, T.H., Liu, P.C., Kim, T.H., Wei, H.W.: A secured
authentication protocol for wireless sensor networks using elliptic
curves cryptography, Sensors, 2011, 11, pp. 47674779
16 Hsieh, W.B., Leu, J.S.: Anonymous authentication protocol based on
elliptic curve Dife-Hellman for wireless access networks, Wirel.
Commun. Mobile Comput., Wiley, 2012, doi: 10.1002/wcm.2252

IET Inf. Secur., 2013, Vol. 7, Iss. 3, pp. 247252

doi: 10.1049/iet-ifs.2011.0348