Improved Anonymous Biometric-based Authentication with Key-Agreement Scheme for Multi-Server Environments
Article No.: 4, Pages 1 - 8
Abstract
With the rapid growth in the number of spiraling network users and the increase in the use of communication technologies, the multi-server environment is the most common environment for widely deployed applications. Reddy et al. recently showed that Lu et al.'s biometric-based authentication scheme for multi-server environment was insecure, and presented a new authentication and key-agreement scheme for the multi-server. Reddy et al. continued to assert that their scheme was more secure and practical. After a careful analysis, however, their scheme still has vulnerabilities to well-known attacks. In this paper, the vulnerabilities of Reddy et al.'s scheme such as the privileged insider and user impersonation attacks are demonstrated. A proposal is then presented of a new biometric-based user authentication scheme for a key agreement and multi-server environment. Lastly, the authors demonstrate that the proposed scheme is more secure using widely accepted AVISPA (Automated Validation of Internet Security Protocols and Applications) tool, and that it serves to satisfy all of the required security properties.
References
[1]
Lamport, L. Password authentication with insecure communication. Communications of the ACM. 1981, 24, 770--772.
[2]
Kim, J.; Lee, D.; Jeon, W.; Lee, Y.; Won, D. Security analysis and improvements of two-factor mutual authentication with key agreement in wireless sensor networks. Sensors. 2014, 14, 6443--6462.
[3]
Lin, H. Efficient mobile dynamic ID authentication and key agreement scheme without trusted servers. International Journal of Communication Systems. 2017, 30, 1--7.
[4]
Jeon, W.; Kim, J.; Nam, J.; Lee, Y.; Won, D. An enhanced secure authentication scheme with anonymity for wireless environments. IEICE Transactions on Communications. 2012, 95, 2505--2508.
[5]
Jung, Y.; Choi, S.; Lee, Y.; Park, N.; Won, D. An Enhanced Lightweight Anonymous Authentication Scheme for a Scalable Localization Roaming Service in Wireless Sensor Networks. Sensors. 2016, 16, 1--21.
[6]
Khan, M.; Zhang, J. Improving the security of 'a flexible biometrics remote user authentication scheme'. Computer Standards & Interfaces. 2007, 29, 82--85.
[7]
He, D.; Kumar, N.; Khan, M.; Lee, J. Anonymous two-factor authentication for consumer roaming service in global mobility networks. The Scientific World Journal. 2013, 59, 811--817.
[8]
Choi, Y.; Nam, J.; Lee, D.; Kim, J.; Jung, J.; Won, D. Security enhanced anonymous multi-server authenticated key agreement scheme using smart cards and biometrics. The Scientific World Journal. 2014, 2014, 1--15.
[9]
Moon, J.; Choi, Y.; Jung, J.;, Won, D. An Improvement of robust biometrics-based authentication and key agreement scheme for multi-server environments using smart cards. PLoS ONE. 2015;10(12):1--15.
[10]
Lu, Y.; Li, L.; Peng, H.; Yang, Y. An enhanced biometric-based authentication scheme for telecare medicine information systems using elliptic curve cryptosystem. Journal of Medical Systems. 2015, 39, 1--8.
[11]
Moon, J.; Choi, Y.; Kim, J.; Won, D. An improvement of robust and efficient biometrics based password authentication scheme for telecare medicine information systems using extended chaotic maps. Journal of Medical Systems. 2016, 40, 1--11.
[12]
Liao, Y.; Wang, S. A secure dynamic ID based remote user authentication protocol for multi-server environment. Computer Standards & Interfaces. 2009, 31, 24--29.
[13]
Hsiang, H.; Shih, W. Improvement of the secure dynamic ID based remote user authentication protocol for multi-server environment. Computer Standards & Interfaces. 2009, 31, 1118--1123.
[14]
Sood, S.; Sarje, A.; Singh, K. A secure dynamic identity based authentication protocol for multi-server architecture. Journal of Network and Computer Applications. 2011, 34, 609--618.
[15]
Li, X.; Xiong, Y.; Ma, J.; Wang, W. An efficient and security dynamic identity based authentication protocol for multi-server architecture using smart cards. Journal of Network and Computer Applications. 2012, 35, 763--769.
[16]
Pippal, R.; Jaidhar, C.; Tapaswi, S. Robust smart card authentication scheme for multi-server architecture. Wireless Personal Communications 2013, 72, 729--745.
[17]
Xue, K.; Hong, P.; Ma, C. A lightweight dynamic pseudonym identity based authentication and key agreement protocol without verification tables for multi-server architecture. Journal of Computer and System Sciences. 2014, 80, 195--206.
[18]
Yeh, K. A provably secure multi-server based authentication scheme. Wireless Personal Communications. 2014, 79, 1621--1634.
[19]
Chuang, M.; Chen, M. An anonymous multi-server authenticated key agreement scheme based on trust computing using smart cards and biometrics. Expert Systems with Applications. 2014, 41, 1411--1418.
[20]
Mishra, D.; Das, A.; Mukhopadhyay, S. A secure user anonymity-preserving biometric-based multi-server authenticated key agreement scheme using smart cards. Expert Systems with Applications. 2014, 41, 8129--8143.
[21]
Lu, Y.; Li, L.; Peng, H.; Yang, Y. A biometrics and smart cards-based authentication scheme for multi-server environments. Security and Communication Networks. 2015, 8, 3219--3228.
[22]
Reddy, A.; Das, A.; Yoon, E.; Yoo, K. An anonymous authentication with key-agreement protocol for multi-server architecture based on biometrics and smart-cards. KSII Transactions on Internet and Information Systems. 2016, 10, 3371--3396.
[23]
Dolev, D.; Yao, A. On the security of public key protocols. IEEE Transactions on Information Theory. 1983, 29, 198=-208.
[24]
Kocher, P.; Jaffe, J.; Jun, B.; Rohatgi, P. Introduction to differential power analysis. Journal of Cryptographic Engineering. 2011, 1, 5--27.
[25]
Diffie, W,; Hellman, M. New directions in cryptography. IEEE Transactions on Information Theory. 1976, 22, 644--654.
[26]
Forouzan, B. "Cryptography and network security," McGraw-Hill Education, 2007.
[27]
Paar, C.; Pelzl, J. "Understanding cryptography: a textbook for students and practitioners," Springer Science & Business Media, 2009.
[28]
Stinson, D. Some observations on the theory of cryptographic hash functions. Designs, Codes and Cryptography. 2006, 38, 259--277.
[29]
Kamal, K.; Ghany, A.; Moneim, M.; Ghali, N.; Hassanien, A.; Hefny, H. A symmetric bio-hash function based on fingerprint minutiae and principal curves approach. In Proceedings of the International Conference on Mechanical and Electrical Technology, Dalian, China, 26-27 August 2011; Volume 1, pp. 1--6.
[30]
Das, A. A secure and effective biometric-based user authentication scheme for wireless sensor networks using smart card and fuzzy extractor. International Journal of Communication Systems. 2015, 30, 1--25.
[31]
Wang, C.; Zhang, X.; Zheng, Z. Cryptanalysis and improvement of a biometric-based multi-server authentication and key agreement scheme. PloS One. 2016, 11, 1--25.
[32]
Dodis, Y.; Kanukurthi, B.; Katz, J.; Smith, A. Robust fuzzy extractors and authenticated key agreement from close secrets. IEEE Transactions on Information Theory. 2013, 58, 6207--6222.
[33]
Burrow, M.; Abadi, M.; Needham, R. A logic of authentication. ACM Transactions on Computer System. 1990, 8, 18--36.
[34]
Zhao, D.; Peng, H.; Li, L.; Yang, Y. A secure and effective anonymous authentication scheme for roaming service in global mobility networks. Wireless Personal Communication. 2013, 78, 247--269.
[35]
Das, A. A secure and effective user authentication and privacy preserving protocol with smart cards for wireless communication. Networking Science. 2013, 2, 12--27.
[36]
von Oheimb, D. The high-level protocol specification language hlpsl developed in the eu project avispa. In Proceedings of the Applied Semantics 2005 Workshop, Frauenchiemsee, Germany, 12-15 September 2005; pp. 1--17.
Index Terms
- Improved Anonymous Biometric-based Authentication with Key-Agreement Scheme for Multi-Server Environments
Recommendations
An Untraceable Biometric-Based Multi-server Authenticated Key Agreement Protocol with Revocation
Online access has been widely adopted to distribute diversified services to customers. In this architecture, public channels are utilized to exchange information between end users and remote servers at anytime and anywhere. To achieve confidentiality and ...
An Improved Anonymous Multi-Server Authenticated Key Agreement Scheme Using Smart Cards and Biometrics
Recently, Chuang et al. proposed a multi-server authenticated key agreement scheme based on trust computing using smart cards and biometrics. They claimed that their scheme can resist replay attacks, modification attack, off-line password guessing ...
Improvement of Biometrics and Smart Cards-based Authentication Scheme for Multi-Server Environments
IMCOM '16: Proceedings of the 10th International Conference on Ubiquitous Information Management and CommunicationIn multi-server environments, remote user authentication is an extremely important issue because it provides authorization while users access their data and services. Moreover, the remote user authentication scheme for multi-server environment has ...
Comments
Please enable JavaScript to view thecomments powered by Disqus.Information & Contributors
Information
Published In
January 2018
628 pages
ISBN:9781450363853
DOI:10.1145/3164541
Copyright © 2018 ACM.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
In-Cooperation
- SKKU: SUNGKYUNKWAN UNIVERSITY
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 05 January 2018
Check for updates
Author Tags
Qualifiers
- Research-article
- Research
- Refereed limited
Conference
IMCOM '18
IMCOM '18: The 12th International Conference on Ubiquitous Information Management and Communication
January 5 - 7, 2018
Langkawi, Malaysia
Acceptance Rates
IMCOM '18 Paper Acceptance Rate 100 of 255 submissions, 39%;
Overall Acceptance Rate 213 of 621 submissions, 34%
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 70Total Downloads
- Downloads (Last 12 months)5
- Downloads (Last 6 weeks)0
Reflects downloads up to 18 Jan 2025
Other Metrics
Citations
View Options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in