[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to main content
Springer Nature Link
Log in

Security Analysis of an Anonymous Authentication Scheme Based on Smart Cards and Biometrics for Multi-server Environments

  • Conference paper
  • First Online:
Genetic and Evolutionary Computing (GEC 2015)

Part of the book series: Advances in Intelligent Systems and Computing ((AISC,volume 388))

Included in the following conference series:

  • International Conference on Genetic and Evolutionary Computing

Abstract

User authentication is an important technology for E-commerce, especially when it is done by using smart cards. Authentication schemes based on smart cards can guarantee that a user using the smart card is legal and has the authorization to access resources (eg., a bank account or a remote server) behind the smart card. Due to its usefulness, authentication schemes based on smart cards have been widely researched in recent years. In 2014, Choi introduced a security enhanced anonymous multi-server authenticated key agreement scheme using smart card and biometrics. Kuo et. al recently found that Choi’s scheme is insecure against card losing attack and made an improvement to deal with the problem. However, in this paper, we will show that Kuo et. al’s new scheme made the situation even worse. In their new scheme, any server having communicated with and received information from a card of a user can impersonate the user and enjoy the service (eg., on-line shopping) from the server on behalf of the original user without the card on-hand. We conduct a detailed analysis of flaws in their scheme in the hope that no similar mistakes are made in the future. An improved scheme is left as a future work.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
£29.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
GBP 19.95
Price includes VAT (United Kingdom)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
GBP 103.50
Price includes VAT (United Kingdom)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
GBP 129.99
Price includes VAT (United Kingdom)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Chuang, M.C., Chen, M.C.: An anonymous multi-server authenticated key agreement scheme based on trust computing using smart cards and biometrics. Expert Systems with Applications 41(4), 1411–1418 (2014)

    Article  MathSciNet  Google Scholar 

  2. Chen, C.-M., Ku, W.-C.: Stolen-verifier attack on two new strong-password authentication protocols. IEICE Transactions on Communications 85(11), 2519–2521 (2002)

    Google Scholar 

  3. Chen, C.-M., Wang, K.H., Wu, T.Y., Pan, J.S., Sun, H.M.: A Scalable Transitive Human-Verifiable Authentication Protocol for Mobile Devices. IEEE Transactions on Information Forensics and Security 8(8), 1318–1330 (2013)

    Article  Google Scholar 

  4. Chien, H.Y., Jan, J.K., Tseng, Y.M.: An efficient and practical solution to remote authentication: Smart Card. Computer & Security 21, 372–375 (2002)

    Article  Google Scholar 

  5. Choi, Y., Nam, J., Lee, D., Kim, J., Jung, J., Won, D.: Security enhanced anonymous multi-server authenticated key agreement scheme using smart card and biometrics. The Scientific World Journal 2014, Article 281305 (2014)

    Google Scholar 

  6. Das, M.L., Saxena, A., Gulati, V.P.: A dynamic ID-based remote user authentication scheme. IEEE Transactions on Consumer Electronics 50(2), 629–631 (2004)

    Article  Google Scholar 

  7. Farash, M.S., Attari, M.A.: An efficient and provably secure three-party password-based authenticated key exchange protocol based on Chebyshev chaotic maps. Nonlinear Dynamics 77, 399–411 (2014)

    Article  MathSciNet  Google Scholar 

  8. Hwang, M.S., Chong, S.K., Chen, T.Y.: DoS resistant ID-based password authentication scheme using smart cards. Journal of Systems and Software 83, 163–172 (2010)

    Article  Google Scholar 

  9. He, D.J., Ma, M., Zhang, Y., Chen, C., Bu, J.J.: A strong user authentication scheme with smart cards for wireless communications. Computer Communication 34, 367–374 (2011)

    Article  Google Scholar 

  10. Juang, W.S., Chen, S.T., Liaw, H.T.: Robust and efficient password-authenticated key agreement using smart card. IEEE Transactions on Industrial Electronics 5, 2551–2556 (2008)

    Article  Google Scholar 

  11. Kuo, W.C., Wei, H.J., Chen, Y.H., Chen, J.C.: An enhanced secure anonymous authentication scheme based on smart cards and biometrics for multi-server environments. In: Proc. of The 10th Asia Joint Conference on Information Security (AsiaJCIS 2015) (2015)

    Google Scholar 

  12. Ku, W.-C., Chen, C.-M., Lee, H.-L.: Cryptanalysis of a variant of Peyravian-Zunic’s password authentication scheme. IEICE Transactions on Communications 86(5), 1682–1684 (2003)

    Google Scholar 

  13. Lee, N.Y., Chiu, Y.C.: Improved remote authentication scheme with smart card. Computer Standards & Interfaces 27, 177–180 (2005)

    Article  Google Scholar 

  14. Lee, S.W., Kim, H.S., Yoo, K.Y.: Improvement of Chien et al.s remote user authentication scheme using smart cards. Computer standards & Interfaces 27(2), 181–183 (2005)

    Article  Google Scholar 

  15. Liu, M., Shieh, W.G.: On the security of Yoon and Yoo’s biometrics remote user authentication scheme. WSEAS Transactions on Information Science and Applications 11, 94–103 (2014)

    Google Scholar 

  16. Song, R.: Advanced smart card based password authentication protocol. Computer Standards & Interfaces 32, 321–325 (2010)

    Article  Google Scholar 

  17. Sun, H.M.: An efficient remote user authentication scheme using smart cards. IEEE Transactions on Consumer Electronics 46, 958–961 (2000)

    Article  Google Scholar 

  18. Sun, H.M., Hung, C.F., Chen, C.M.: An improved digital rights management system based on smart cards. In: Proc. of Digital EcoSystems and Technologies Conference (DEST 2007) (2007)

    Google Scholar 

  19. Sun, D.Z., Huai, J.P., Sun, J.Z., Li, J.X., Zhang, J.W., Feng, Z.Y.: Improvements of Juang et al.s password-authenticated key agreement scheme using smart cards. IEEE Transactions on Industrial Electronics 56, 2284–2291 (2009)

    Article  Google Scholar 

  20. Wang, Y., Liu, J., Xiao, F., Dan, J.: A more efficient and secure dynamic ID-based remote user authentication scheme. Computer Communications 32(4), 583–585 (2009)

    Article  Google Scholar 

  21. Wu, J., Zhu, W.T., Feng, D.G.: Improvement of a fingerprint-based remote user authentication scheme. International Journal of Security and its Applications 2(3), 208 (2008)

    Google Scholar 

  22. Yang, D., Yang, B.: A biometric password-based multi-server authentication scheme with smart card. IEEE International Conference on Computer Design and Applications 5, 554–559 (2010)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. College of Information Science and Engineering, Fujian University of Technology, Fujian, China

    Jeng-Shyang Pan

  2. Department of Computer Science, National Chengchi University, Taipei, Taiwan

    Raylin Tso

  3. Department of Mathematics, Soochow University, Taipei, Taiwan

    Mu-En Wu

  4. Harbin Institute of Technology Shenzhen Graduate School, Shenzhen, China

    Chien-Ming Chen

Authors
  1. Jeng-Shyang Pan
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Raylin Tso
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Mu-En Wu
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Chien-Ming Chen
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Raylin Tso .

Editor information

Editors and Affiliations

  1. Faculty of Engineering, University of Miyazaki, Miyazaki, Japan

    Thi Thi Zin

  2. School of Computer Science and Tech..., Harbin Institute of Technology, Shenzhen Graduate School , Shenzhen, China

    Jerry Chun-Wei Lin

  3. College of Information Science and Engg, Fujian University of Technology, Fuzhou, China

    Jeng-Shyang Pan

  4. Faculty of Engineering, University of Miyazaki, Miyazaki, Japan

    Pyke Tin

  5. Faculty of Engineering, University of Miyazaki, Miyazaki, Japan

    Mitsuhiro Yokota

Rights and permissions

Reprints and permissions

Copyright information

© 2016 Springer International Publishing Switzerland

About this paper

Cite this paper

Pan, JS., Tso, R., Wu, ME., Chen, CM. (2016). Security Analysis of an Anonymous Authentication Scheme Based on Smart Cards and Biometrics for Multi-server Environments. In: Zin, T., Lin, JW., Pan, JS., Tin, P., Yokota, M. (eds) Genetic and Evolutionary Computing. GEC 2015. Advances in Intelligent Systems and Computing, vol 388. Springer, Cham. https://doi.org/10.1007/978-3-319-23207-2_7

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-23207-2_7

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-23206-5

  • Online ISBN: 978-3-319-23207-2

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation