{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,11]],"date-time":"2026-03-11T03:21:50Z","timestamp":1773199310979,"version":"3.50.1"},"reference-count":44,"publisher":"MDPI AG","issue":"3","license":[{"start":{"date-parts":[[2019,9,9]],"date-time":"2019-09-09T00:00:00Z","timestamp":1567987200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Cryptography"],"abstract":"<jats:p>In an era of tremendous development in information technology and the Internet of Things (IoT), security plays a key role in safety devices connected with the Internet. Authentication is vital in the security field, and to achieve a strong authentication scheme, there are several systems using a Multi-Factor Authentication (MFA) scheme based on a smart card, token, and biometric. However, these schemes have suffered from the extra cost; lost, stolen or broken factor, and malicious attacks. In this paper, we design an MFA protocol to be the authenticated administrator of IoT\u2019s devices. The main components of our protocol are a smart mobile device and the fuzzy extractor of the administrator\u2019s fingerprint. The information of the authenticated user is stored in an anomalous manner in mobile devices and servers to resist well-known attacks, and, as a result, the attacker fails to authenticate the system when they obtain a mobile device or password. Our work overcomes the above-mentioned issues and does not require extra cost for a fingerprint device. By using the AVISPA tool to analysis protocol security, the results are good and safe against known attacks.<\/jats:p>","DOI":"10.3390\/cryptography3030024","type":"journal-article","created":{"date-parts":[[2019,9,9]],"date-time":"2019-09-09T11:26:17Z","timestamp":1568028377000},"page":"24","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":13,"title":["Efficient and Flexible Multi-Factor Authentication Protocol Based on Fuzzy Extractor of Administrator\u2019s Fingerprint and Smart Mobile Device"],"prefix":"10.3390","volume":"3","author":[{"given":"Alzahraa J.","family":"Mohammed","sequence":"first","affiliation":[{"name":"Computer Science Department, Education College for Pure Sciences, University of Basrah, Basrah 6100, Iraq"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-8744-8008","authenticated-orcid":false,"given":"Ali A.","family":"Yassin","sequence":"additional","affiliation":[{"name":"Computer Science Department, Education College for Pure Sciences, University of Basrah, Basrah 6100, Iraq"}]}],"member":"1968","published-online":{"date-parts":[[2019,9,9]]},"reference":[{"key":"ref_1","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1109\/TCOM.1964.1088883","article-title":"On Distributed Communications Networks","volume":"12","author":"Baran","year":"1964","journal-title":"IEEE Trans. Commun."},{"key":"ref_2","unstructured":"Licklider, J.C.R. (1963). Memorandum for Members and Affiliates of the Intergalactic Computer Network, Advanced Research Projects Agency. Technical Report."},{"key":"ref_3","doi-asserted-by":"crossref","first-page":"715","DOI":"10.1016\/j.omega.2006.03.005","article-title":"Adoption of the mobile Internet: An empirical study of multimedia message service (MMS)","volume":"35","author":"Hsu","year":"2007","journal-title":"Omega"},{"key":"ref_4","doi-asserted-by":"crossref","first-page":"2787","DOI":"10.1016\/j.comnet.2010.05.010","article-title":"The Internet of Things: A Survey","volume":"54","author":"Atzori","year":"2010","journal-title":"Comput. Netw."},{"key":"ref_5","doi-asserted-by":"crossref","first-page":"1645","DOI":"10.1016\/j.future.2013.01.010","article-title":"Internet of Things (IoT): A Vision, Architectural Elements, and Future Directions","volume":"29","author":"Gubbi","year":"2013","journal-title":"Future Gener. Comput. Syst."},{"key":"ref_6","doi-asserted-by":"crossref","unstructured":"Mohsin, J.K., Han, L., Hegarty, R., and Hammoudeh, M. (2017, January 19\u201320). Two Factor vs Multi-factor, an Authentication Battle in Mobile Cloud Computing Environments. Proceedings of the International Conference on Future Networks and Distributed Systems, Cambridge, UK.","DOI":"10.1145\/3102304.3102343"},{"key":"ref_7","doi-asserted-by":"crossref","unstructured":"Konoth, R.K., van der Veen, V., and Bos, H. (2016). How Anywhere Computing Just Killed Your Phone-Based Two-Factor Authentication, Springer.","DOI":"10.1007\/978-3-662-54970-4_24"},{"key":"ref_8","doi-asserted-by":"crossref","first-page":"187","DOI":"10.3745\/JIPS.2011.7.1.187","article-title":"A Method of Risk Assessment for Multi-Factor Authentication","volume":"7","author":"Kim","year":"2011","journal-title":"J. Inf. Process. Syst."},{"key":"ref_9","doi-asserted-by":"crossref","first-page":"221","DOI":"10.1007\/978-3-319-27659-5_16","article-title":"Offline Dictionary Attack on Password Authentication Schemes Using Smart Cards","volume":"7807","author":"Wang","year":"2015","journal-title":"Lect. Notes Comput. Sci."},{"key":"ref_10","doi-asserted-by":"crossref","first-page":"407971","DOI":"10.1155\/2013\/407971","article-title":"An Efficient Biometric Authentication Protocol for Wireless Sensor Networks","volume":"9","author":"Althobaiti","year":"2013","journal-title":"Int. J. Distrib. Sens. Netw."},{"key":"ref_11","doi-asserted-by":"crossref","unstructured":"Boneh, D. (1998, January 21\u201325). The Decision Diffie-Hellman Problem. Proceedings of the International Algorithmic Number Theory Symposium, Portland, OR, USA.","DOI":"10.1007\/BFb0054851"},{"key":"ref_12","doi-asserted-by":"crossref","first-page":"8572410","DOI":"10.1155\/2016\/8572410","article-title":"Security Improvement on Biometric Based Authentication Scheme for Wireless Sensor Networks Using Fuzzy Extraction","volume":"12","author":"Choi","year":"2016","journal-title":"Int. J. Distrib. Sens. Netw."},{"key":"ref_13","doi-asserted-by":"crossref","unstructured":"Park, Y., and Park, Y. (2016). Three-factor user authentication and key agreement using elliptic curve cryptosystem in wireless sensor networks. Sensors, 16.","DOI":"10.3390\/s16122123"},{"key":"ref_14","doi-asserted-by":"crossref","first-page":"14786","DOI":"10.3390\/s140814786","article-title":"Security Analysis and Improvements of Authentication and Access Control in the Internet of Things","volume":"14","author":"Ndibanje","year":"2014","journal-title":"Sensors"},{"key":"ref_15","doi-asserted-by":"crossref","unstructured":"Sun, J., and Zhang, R. (2014, January 29\u201331). TouchIn: Sightless two-factor authentication on multi-touch mobile devices. Proceedings of the 2014 IEEE Conference on Communications and Network Security, San Francisco, CA, USA.","DOI":"10.1109\/CNS.2014.6997513"},{"key":"ref_16","unstructured":"Bruun, A., Jensen, K., Kristensen, D., and Nv, D.-R. (2014, January 16\u201318). Usability of Single- and Multi-Factor Authentication Methods on Tabletops: A Comparative Study. Proceedings of the 5th IFIP WG 13.2 International Conference on Human-Centered Software Engineering, HCSE 2014, Paderborn, Germany."},{"key":"ref_17","doi-asserted-by":"crossref","unstructured":"Ometov, A., Bezzateev, S., M\u00e4kitalo, N., Andreev, S., Mikkonen, T., and Koucheryavy, Y. (2018). Multi-Factor Authentication: A Survey. Cryptography, 2.","DOI":"10.3390\/cryptography2010001"},{"key":"ref_18","doi-asserted-by":"crossref","unstructured":"Meixner, G. (2017). Automotive User Interfaces, Springer.","DOI":"10.1007\/978-3-319-49448-7"},{"key":"ref_19","doi-asserted-by":"crossref","first-page":"28","DOI":"10.1109\/30.826377","article-title":"A new remote user authentication scheme using smart cards","volume":"46","author":"Hwang","year":"2000","journal-title":"IEEE Trans. Consum. Electron."},{"key":"ref_20","doi-asserted-by":"crossref","first-page":"458","DOI":"10.1016\/j.patcog.2014.08.024","article-title":"Secure biometric template generation for multi-factor authentication","volume":"48","author":"Khan","year":"2015","journal-title":"Pattern Recognit."},{"key":"ref_21","doi-asserted-by":"crossref","first-page":"85","DOI":"10.9790\/0661-1128590","article-title":"Two Factor Authentication Using Smartphone Generated One Time Password","volume":"11","author":"Acharya","year":"2013","journal-title":"IOSR J. Comput. Eng."},{"key":"ref_22","first-page":"549","article-title":"A Secured Mobile Phone Based on Embedded Fingerprint Recognition Systems","volume":"Volume 3495","author":"Chen","year":"2005","journal-title":"Proceedings of the IEEE International Conference on Intelligence and Security Informatics, ISI 2005"},{"key":"ref_23","first-page":"136","article-title":"Fingerprint Recognition with Embedded Cameras on Mobile Phones","volume":"Volume 94","author":"Derawi","year":"2012","journal-title":"Proceedings of the Third International ICST Conference on Security and Privacy in Mobile Information and Communication Systems, MobiSec 2011"},{"key":"ref_24","doi-asserted-by":"crossref","first-page":"346","DOI":"10.1587\/transfun.E95.A.346","article-title":"Narrow Fingerprint Sensor Verification with Template Updating Technique","volume":"95","author":"Sin","year":"2012","journal-title":"IEICE Trans. Fundam. Electron. Commun. Comput. Sci."},{"key":"ref_25","doi-asserted-by":"crossref","unstructured":"Ravi, H., and Sivanath, S.K. (2013, January 12\u201314). A novel method for touch-less finger print authentication. Proceedings of the 2013 IEEE International Conference on Technologies for Homeland Security (HST), Waltham, MA, USA.","DOI":"10.1109\/THS.2013.6698991"},{"key":"ref_26","doi-asserted-by":"crossref","first-page":"e3323","DOI":"10.1002\/dac.3323","article-title":"Secure multi-factor remote user authentication scheme for Internet of Things environments","volume":"30","author":"Dhillon","year":"2017","journal-title":"Int. J. Commun. Syst."},{"key":"ref_27","doi-asserted-by":"crossref","unstructured":"Shrestha, B., Tamrakar, S., Mohamed, M., and Saxena, N. (2016, January 5\u20138). Theft-Resilient Mobile Wallets: Transparently Authenticating NFC Users with Tapping Gesture Biometrics. Proceedings of the 32nd Annual Conference on Computer Security Applications, Los Angeles, CA, USA.","DOI":"10.1145\/2991079.2991097"},{"key":"ref_28","doi-asserted-by":"crossref","unstructured":"Buschek, D., De Luca, A., and Alt, F. (2015, January 18\u201323). Improving Accuracy, Applicability and Usability of Keystroke Biometrics on Mobile Touchscreen Devices. Proceedings of the 33rd Annual ACM Conference on Human Factors in Computing Systems\u2014CHI \u201915, Seoul, Korea.","DOI":"10.1145\/2702123.2702252"},{"key":"ref_29","first-page":"27","article-title":"Touchstroke: Smartphone User Authentication Based on Touch-Typing Biometrics","volume":"Volume 9281","author":"Buriro","year":"2015","journal-title":"Proceedings of the ICIAP 2015 International Workshops on New Trends in Image Analysis and Processing"},{"key":"ref_30","doi-asserted-by":"crossref","first-page":"184","DOI":"10.1016\/j.chb.2017.06.042","article-title":"Computers in Human Behavior The interplay between humans, technology and user authentication: A cognitive processing perspective","volume":"76","author":"Belk","year":"2017","journal-title":"Comput. Human Behav."},{"key":"ref_31","doi-asserted-by":"crossref","unstructured":"Michelin, R.A., Zorzo, A.F., Campos, M.B., Neu, C.V., and Orozco, A.M.S. (2016, January 5\u20137). Smartphone as a biometric service for web authentication. Proceedings of the 11th International Conference for Internet Technology and Secured Transactions (ICITST), Barcelona, Spain.","DOI":"10.1109\/ICITST.2016.7856740"},{"key":"ref_32","doi-asserted-by":"crossref","first-page":"659","DOI":"10.1002\/dac.2694","article-title":"An efficient authentication system of smart device using multi factors in mobile cloud service architecture","volume":"28","author":"Jeong","year":"2015","journal-title":"Int. J. Commun. Syst."},{"key":"ref_33","doi-asserted-by":"crossref","unstructured":"Sun, J., Zhong, Q., Kou, L., Wang, W., Da, Q., and Lin, Y. (2018, January 15\u201319). A lightweight multi-factor mobile user authentication scheme. Proceedings of the IEEE INFOCOM 2018\u2014IEEE Conference on Computer Communications, Honolulu, HI, USA.","DOI":"10.1109\/INFCOMW.2018.8406952"},{"key":"ref_34","doi-asserted-by":"crossref","first-page":"644","DOI":"10.1109\/TIT.1976.1055638","article-title":"New Directions in Cryptography","volume":"22","author":"Whitfield","year":"1976","journal-title":"IEEE Trans. Inf. Theory"},{"key":"ref_35","first-page":"523","article-title":"Fuzzy Extractors: How to Generate Strong Keys from Biometrics and Other Noisy Data","volume":"3027","author":"Dodis","year":"2004","journal-title":"Inf. Secur. Appl."},{"key":"ref_36","doi-asserted-by":"crossref","first-page":"97","DOI":"10.1137\/060651380","article-title":"Fuzzy Extractors: How to Generate Strong Keys from Biometrics and other Noisy Data","volume":"38","author":"Dodis","year":"2008","journal-title":"SIAM J. Comput."},{"key":"ref_37","unstructured":"Sagar, F.A. (2019, September 07). Cryptographic Hashing Functions\u2014MD5. Available online: http:\/\/cs.indstate.edu\/~fsagar\/doc\/ paper.pdf."},{"key":"ref_38","unstructured":"(2001). Announcing the Advanced Encryption Standard (AES), National Institute of Standards and Technology. Federal Information Processing Standards (FIPS)."},{"key":"ref_39","unstructured":"Pfitzmann, A., and Hansen, M. (2019, September 07). Anonymity, Unlinkability, Unobservability, Pseudonymity, and Identity Management\u2014A Consolidated Proposal for Terminology. Available online: http:\/\/citeseerx.ist.psu.edu\/viewdoc\/summary?doi=10.1.1.153.6354."},{"key":"ref_40","doi-asserted-by":"crossref","unstructured":"Maurya, A.K., and Sastry, V.N. (2017). Fuzzy Extractor and Elliptic Curve Based Efficient User Authentication Protocol for Wireless Sensor Networks and Internet of Things. Information, 8.","DOI":"10.3390\/info8040136"},{"key":"ref_41","unstructured":"The AVISPA Team (2019, September 07). HLPSL Tutorial 2006. Available online: http:\/\/www.avispa-project.org\/package\/tutorial.pdf."},{"key":"ref_42","unstructured":"The AVISPA Team (2019, September 07). AVISPA v1. 0 User Manual 2006. Available online: http:\/\/www.avispa-project.org\/package\/user-manual.pdf."},{"key":"ref_43","first-page":"633","article-title":"A secure and effective biometric-based user authentication scheme for wireless sensor networks using smart card and fuzzy extractor","volume":"23","author":"Soriano","year":"2010","journal-title":"Int. J. Commun. Syst."},{"key":"ref_44","doi-asserted-by":"crossref","unstructured":"Moon, J., Lee, D., Lee, Y., and Won, D. (2017). Improving Biometric-Based Authentication Schemes with Smart Card Revocation\/Reissue for Wireless Sensor Networks. Sensors, 17.","DOI":"10.3390\/s17050940"}],"container-title":["Cryptography"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/2410-387X\/3\/3\/24\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,11]],"date-time":"2025-10-11T13:18:08Z","timestamp":1760188688000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/2410-387X\/3\/3\/24"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2019,9,9]]},"references-count":44,"journal-issue":{"issue":"3","published-online":{"date-parts":[[2019,9]]}},"alternative-id":["cryptography3030024"],"URL":"https:\/\/doi.org\/10.3390\/cryptography3030024","relation":{},"ISSN":["2410-387X"],"issn-type":[{"value":"2410-387X","type":"electronic"}],"subject":[],"published":{"date-parts":[[2019,9,9]]}}}