{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,12]],"date-time":"2025-10-12T04:19:45Z","timestamp":1760242785883,"version":"build-2065373602"},"reference-count":41,"publisher":"MDPI AG","issue":"3","license":[{"start":{"date-parts":[[2016,7,11]],"date-time":"2016-07-11T00:00:00Z","timestamp":1468195200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Computers"],"abstract":"<jats:p>In 2009, Xu et al. presented a safe, dynamic, id-based on remote user authentication method that has several advantages such as freely chosen passwords and mutual authentication. In this paper, we review the Xu\u2013Zhu\u2013Feng scheme and indicate many shortcomings in their scheme. Impersonation attacks and insider attacks could be effective. To overcome these drawbacks, we propose a secure biometric-based remote authentication scheme using biometric characteristics of hand-geometry, which is aimed at withstanding well-known attacks and achieving good performance. Furthermore, our work contains many crucial merits such as mutual authentication, user anonymity, freely chosen passwords, secure password changes, session key agreements, revocation by using personal biometrics, and does not need extra device or software for hand geometry in the login phase. Additionally, our scheme is highly efficient and withstands existing known attacks like password guessing, server impersonation, insider attacks, denial of service (DOS) attacks, replay attacks, and parallel-session attacks. Compared with the other related schemes, our work is powerful both in communications and computation costs.<\/jats:p>","DOI":"10.3390\/computers5030015","type":"journal-article","created":{"date-parts":[[2016,7,11]],"date-time":"2016-07-11T09:47:19Z","timestamp":1468230439000},"page":"15","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":2,"title":["Strong Authentication Scheme Based on Hand Geometry and Smart Card Factors"],"prefix":"10.3390","volume":"5","author":[{"given":"Ali","family":"Yassin","sequence":"first","affiliation":[{"name":"School of Remote Sensing and Information Engineering, Wuhan University, Wuchang District, Wuhan 430079, China"},{"name":"Computer Science Deptment, Education College for Pure Sciences, Basrah University, Basrah 61004, Iraq"}]},{"given":"Jian","family":"Yao","sequence":"additional","affiliation":[{"name":"School of Remote Sensing and Information Engineering, Wuhan University, Wuchang District, Wuhan 430079, China"}]},{"given":"Shiyao","family":"Han","sequence":"additional","affiliation":[{"name":"School of Remote Sensing and Information Engineering, Wuhan University, Wuchang District, Wuhan 430079, China"}]}],"member":"1968","published-online":{"date-parts":[[2016,7,11]]},"reference":[{"key":"ref_1","doi-asserted-by":"crossref","first-page":"770","DOI":"10.1145\/358790.358797","article-title":"Password Authentication With Insecure Communication","volume":"24","author":"Lamport","year":"1981","journal-title":"Commun. ACM"},{"key":"ref_2","doi-asserted-by":"crossref","first-page":"458","DOI":"10.1016\/j.patcog.2014.08.024","article-title":"Secure biometric template generation for multi-factor authentication","volume":"48","author":"Khan","year":"2015","journal-title":"Pattern Recognit."},{"key":"ref_3","doi-asserted-by":"crossref","first-page":"723","DOI":"10.1016\/j.csi.2008.09.006","article-title":"An improved smart card based password authentication scheme with provable security","volume":"31","author":"Xu","year":"2009","journal-title":"Comput. Standards Interfaces"},{"key":"ref_4","doi-asserted-by":"crossref","first-page":"2597","DOI":"10.1016\/j.comnet.2013.05.007","article-title":"Single password authentication","volume":"57","author":"Acar","year":"2013","journal-title":"Comput. Netw."},{"key":"ref_5","first-page":"99","article-title":"Chaotic Maps-Based Mutual Authentication and Key Agreement using Smart Cards for Wireless Communications","volume":"4","author":"Gao","year":"2013","journal-title":"J. Inf. Hiding Multimed. Signal Process."},{"key":"ref_6","first-page":"282","article-title":"A secure remote user mutual authentication scheme using smart cards","volume":"19","author":"Marimuthu","year":"2014","journal-title":"J. Inf. Secur. Appl."},{"key":"ref_7","doi-asserted-by":"crossref","first-page":"1235","DOI":"10.1016\/j.jnca.2012.01.007","article-title":"Dynamic ID-based remote user password authentication schemes using smart cards: A review","volume":"35","author":"Madhusudhan","year":"2012","journal-title":"J. Netw. Comput. Appl."},{"key":"ref_8","doi-asserted-by":"crossref","first-page":"245","DOI":"10.1002\/sec.977","article-title":"An improved and provable remote user authentication scheme based on elliptic curve cryptosystem with user anonymity","volume":"8","author":"Xu","year":"2015","journal-title":"Secur. Commun. Netw."},{"key":"ref_9","doi-asserted-by":"crossref","first-page":"1411","DOI":"10.1016\/j.eswa.2013.08.040","article-title":"An anonymous multi-server authenticated key agreement scheme based on trust computing using smart cards and biometrics","volume":"41","author":"Chuang","year":"2014","journal-title":"Expert Syst. Appl."},{"key":"ref_10","doi-asserted-by":"crossref","first-page":"372","DOI":"10.1016\/S0167-4048(02)00415-7","article-title":"An efficient and practical solution to remote authentication: Smart card","volume":"21","author":"Chien","year":"2002","journal-title":"Comput. Secur."},{"key":"ref_11","doi-asserted-by":"crossref","first-page":"482","DOI":"10.1016\/j.cnsns.2014.05.027","article-title":"Improved chaotic maps-based password-authenticated key agreement using smart cards","volume":"20","author":"Lin","year":"2015","journal-title":"Commun. Nonl. Sci. Numer. Simul."},{"key":"ref_12","doi-asserted-by":"crossref","first-page":"583","DOI":"10.1109\/TCE.2004.1309430","article-title":"An enhanced remote user authentication scheme using smart cards","volume":"50","author":"Awasthi","year":"2004","journal-title":"IEEE Trans. Consum. Electron."},{"key":"ref_13","doi-asserted-by":"crossref","first-page":"1639","DOI":"10.1002\/dac.2428","article-title":"Cryptanalysis of a dynamic ID-based remote user authentication with key agreement scheme","volume":"25","author":"Tang","year":"2012","journal-title":"Int. J. Commun. Syst."},{"key":"ref_14","doi-asserted-by":"crossref","first-page":"629","DOI":"10.1109\/TCE.2004.1309441","article-title":"A dynamic ID-based remote user authentication scheme","volume":"50","author":"Das","year":"2004","journal-title":"IEEE Trans. Consum. Electron."},{"key":"ref_15","unstructured":"Liao, I.E., Lee, C.C., and Hwang, M.S. (2006, January 22\u201326). Security enhancement for a dynamic ID-based remote user authentication scheme. Proceedings of the 2005 Inernational Conference on Next Generation Web Services Practice, Souel, Korea."},{"key":"ref_16","doi-asserted-by":"crossref","first-page":"1118","DOI":"10.1016\/j.csi.2008.11.002","article-title":"Improvement of the secure dynamic ID based remote user authentication scheme for multi-server environment","volume":"31","author":"Shih","year":"2009","journal-title":"Comput. Standards Interfaces"},{"key":"ref_17","doi-asserted-by":"crossref","first-page":"177","DOI":"10.1016\/j.csi.2004.06.001","article-title":"Improved remote authentication scheme with smart card","volume":"27","author":"Lee","year":"2005","journal-title":"Comput. Standards Interfaces"},{"key":"ref_18","doi-asserted-by":"crossref","first-page":"181","DOI":"10.1016\/j.csi.2004.02.002","article-title":"Improvement of Chien et al.\u2019s remote user authentication scheme using smart cards","volume":"27","author":"Lee","year":"2005","journal-title":"Comput. Standards Interfaces"},{"key":"ref_19","doi-asserted-by":"crossref","first-page":"41","DOI":"10.1016\/j.comnet.2014.07.010","article-title":"On the anonymity of two-factor authentication schemes for wireless sensor networks: Attacks, principle and solutions","volume":"73","author":"Wang","year":"2014","journal-title":"Comput. Netw."},{"key":"ref_20","doi-asserted-by":"crossref","first-page":"597","DOI":"10.1109\/TCE.2004.1309433","article-title":"New remote user authentication scheme using smart cards","volume":"50","author":"Kumar","year":"2004","journal-title":"Trans. IEEE Trans. Consum. Electron."},{"key":"ref_21","doi-asserted-by":"crossref","first-page":"3372","DOI":"10.1002\/sec.1264","article-title":"A dynamic identity-based user authentication scheme for remote login systems","volume":"8","author":"Li","year":"2015","journal-title":"Secur. Commun. Netw."},{"key":"ref_22","doi-asserted-by":"crossref","first-page":"305","DOI":"10.1016\/j.comcom.2010.02.011","article-title":"Cryptanalysis and security enhancement of a more efficient and secure dynamic ID-based remote user authentication scheme","volume":"34","author":"Khan","year":"2011","journal-title":"Comput. Commun."},{"key":"ref_23","doi-asserted-by":"crossref","first-page":"62","DOI":"10.1109\/TSMC.1979.4310076","article-title":"A threshold selection method from gray-scale histogram","volume":"9","author":"Otsu","year":"1978","journal-title":"IEEE Trans. Syst. Man Cyber. Syst."},{"key":"ref_24","doi-asserted-by":"crossref","first-page":"3580","DOI":"10.1016\/j.eswa.2012.12.065","article-title":"Assessment of geometric features for individual identification and verification in biometric hand systems","volume":"40","author":"Elizondo","year":"2013","journal-title":"Expert Syst. Appl."},{"key":"ref_25","doi-asserted-by":"crossref","first-page":"583","DOI":"10.1016\/j.comcom.2008.11.008","article-title":"A more efficient and secure dynamic ID-based remote user authentication scheme","volume":"32","author":"Wang","year":"2009","journal-title":"Comput. Commun."},{"key":"ref_26","doi-asserted-by":"crossref","first-page":"1365","DOI":"10.1016\/j.jnca.2013.02.034","article-title":"An enhanced smart card based remote user password authentication scheme","volume":"36","author":"Li","year":"2013","journal-title":"J. Netw. Comput. Appl."},{"key":"ref_27","doi-asserted-by":"crossref","unstructured":"Meersman, R., Tari, Z., and Herrero, P. (2006). Meaningful Internet Systems 2006: OTM 2006 Workshops, Springer.","DOI":"10.1007\/11915072"},{"key":"ref_28","doi-asserted-by":"crossref","first-page":"1390","DOI":"10.1109\/TPDS.2010.206","article-title":"A Generic Framework for Three-Factor Authentication: Preserving Security and Privacy in Distributed Systems","volume":"22","author":"Huang","year":"2011","journal-title":"IEEE Trans. Parall. Distrib. Syst."},{"key":"ref_29","doi-asserted-by":"crossref","first-page":"568","DOI":"10.1109\/TDSC.2013.2297110","article-title":"Robust Multi-Factor Authentication for Fragile Communications","volume":"11","author":"Huang","year":"2014","journal-title":"IEEE Trans. Depend. Secur. Comput."},{"key":"ref_30","doi-asserted-by":"crossref","first-page":"428","DOI":"10.1109\/TDSC.2014.2355850","article-title":"Anonymous two-factor authentication in distributed systems: Certain goals are beyond attainment","volume":"12","author":"Wang","year":"2015","journal-title":"IEEE Trans. Depend. Secur. Comput."},{"key":"ref_31","unstructured":"Wang, D., and Wang, P. (2015, January 9\u201311). On the usability of two-factor authentication. Proceedings of the Secure Comm 2014, Beijing, China."},{"key":"ref_32","doi-asserted-by":"crossref","unstructured":"Wang, D., Wang, P., and Liu, J. (2014, January 6\u20139). Improved privacy-preserving authentication scheme for roaming service in mobile networks. Proceedings of 15th IEEE Wireless Communications and Networking Conference (WCNC\u20192014), Istanbul, Turkey.","DOI":"10.1109\/WCNC.2014.6953015"},{"key":"ref_33","doi-asserted-by":"crossref","first-page":"2215","DOI":"10.1002\/dac.2468","article-title":"Security flaws in two improved remote user authentication schemes using smart cards","volume":"27","author":"Ma","year":"2014","journal-title":"Int. J. Commun. Syst."},{"key":"ref_34","first-page":"148","article-title":"Secure password-based remote user authentication scheme against smart card security breach","volume":"8","author":"Wang","year":"2013","journal-title":"J. Netw."},{"key":"ref_35","unstructured":"Wang, D., Ma, C.-G., and Wang, Y.H. (2012, January 14\u201316). On the security of an improved password authentication scheme based on ECC. Proceedings of the Third International Conference (ICICA\u20192012), Chengde, China."},{"key":"ref_36","unstructured":"Hafizul, S.K. (2014). Design and analysis of an improved smartcard based remote user password authentication scheme. Int. J. Commun. Syst."},{"key":"ref_37","doi-asserted-by":"crossref","first-page":"3","DOI":"10.1049\/iet-ifs.2012.0058","article-title":"A new password authentication and user anonymity scheme based on elliptic curve cryptography and smart card","volume":"7","author":"Li","year":"2013","journal-title":"IET Inf. Sec."},{"key":"ref_38","doi-asserted-by":"crossref","first-page":"2004","DOI":"10.1109\/TII.2012.2230639","article-title":"Novel anonymous authentication scheme using smart cards","volume":"9","author":"Tsai","year":"2013","journal-title":"IEEE Trans. Ind. Inf."},{"key":"ref_39","doi-asserted-by":"crossref","first-page":"162","DOI":"10.1016\/j.ins.2015.03.070","article-title":"Preserving privacy for free: Efficient and provably secure two-factor authentication scheme with user anonymity","volume":"321","author":"Wang","year":"2015","journal-title":"Inf. Sci."},{"key":"ref_40","doi-asserted-by":"crossref","first-page":"2899","DOI":"10.1016\/j.jss.2012.06.063","article-title":"Side channel analysis attacks using AM demodulation on commercial smart cards with SEED","volume":"85","author":"Kim","year":"2012","journal-title":"J. Syst. Softw."},{"key":"ref_41","doi-asserted-by":"crossref","unstructured":"Liu, J., Yu, Y., Standaert, F.-X., Guo, Z., Gu, D., Sun, W., Ge, Y., and Xie, X. (2015, January 23\u201325). Small Tweaks Do Not Help: Differential Power Analysis of MILENAGE Implementations in 3G\/4G USIM Cards. Proceedings of the 20th European Symposium on Research in Computer Security (ESORICS\u20192015), Vienna, Austria.","DOI":"10.1007\/978-3-319-24174-6_24"}],"container-title":["Computers"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/2073-431X\/5\/3\/15\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,11]],"date-time":"2025-10-11T19:25:50Z","timestamp":1760210750000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/2073-431X\/5\/3\/15"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2016,7,11]]},"references-count":41,"journal-issue":{"issue":"3","published-online":{"date-parts":[[2016,9]]}},"alternative-id":["computers5030015"],"URL":"https:\/\/doi.org\/10.3390\/computers5030015","relation":{},"ISSN":["2073-431X"],"issn-type":[{"type":"electronic","value":"2073-431X"}],"subject":[],"published":{"date-parts":[[2016,7,11]]}}}