A secure user anonymity-preserving biometric-based multi-server authenticated key agreement scheme using smart cards |
| |
| Affiliation: | 1. Department of Mathematics, LNM Institute of Information Technology, Jaipur 302 031, India;2. Center for Security, Theory and Algorithmic Research, International Institute of Information Technology, Hyderabad 500 032, India;3. Department of Mathematics, Indian Institute of Technology, Kharagpur 721 302, India;1. Center for Security, Theory and Algorithmic Research, International Institute of Information Technology, Hyderabad 500 032, India;2. Department of Mathematics, Indian Institute of Technology, Kharagpur 721 302, India;3. Department of Computer Science and Engineering, Indian Institute of Information Technology, Sri City, Chittoor 517 588, Andhra Pradesh, India;4. Department of Mathematics, Ch. Charan Singh University, Meerut 250 005, Uttar Pradesh, India |
| |
| Abstract: | Advancement in communication technology provides a scalable platform for various services, where a remote user can access the server from anywhere without moving from its place. It provides a unique opportunity for online services such that a user does not need to be physically present at the service center. These services adopt authentication and key agreement protocols in order to ensure authorized and secure access to the resources. Most of the authentication schemes proposed in the literature support a single-server environment, where the user has to register with each server. If a user wishes to access multiple application servers, he/she requires to register with each server. The multi-server authentication introduces a scalable platform such that a user can interact with any server using single registration. Recently, Chuang and Chen proposed an efficient multi-server authenticated key agreement scheme based on a user’s password and biometrics (Chuang and Chen, 2014). Their scheme is a lightweight, which requires the computation of only hash functions. In this paper, we first analyze Chuang and Chen’s scheme and then identify that their scheme does not resist stolen smart card attack which causes the user’s impersonation attack and server spoofing attack. We also show that their scheme fails to protect denial-of-service attack. We aim to propose an efficient improvement on Chuang and Chen’s scheme to overcome the weaknesses of their scheme, while also retaining the original merits of their scheme. Through the rigorous informal and formal security analysis, we show that our scheme is secure against various known attacks including the attacks found in Chuang and Chen’s scheme. Furthermore, we simulate our scheme for the formal security verification using the widely-accepted AVISPA (Automated Validation of Internet Security Protocols and Applications) tool and show that our scheme is secure against the replay and man-in-the-middle attacks. In addition, our scheme is comparable in terms of the communication and computational overheads with Chuang and Chen’s scheme and other related existing schemes. |
| |
| Keywords: | Remote user authentication Multi-server Smart card Biometrics User anonymity Security AVISPA |
| 本文献已被 ScienceDirect 等数据库收录! |
|
