An Enhanced Secure Anonymous Authentication Scheme Based on Smart Cards and Biometrics for Multi-server Environments

In 2014, Choi proposed a security enhanced anonymous multi-server authenticated key agreement scheme using smart card and biometrics and claimed that their scheme could overcome all of security issues in Chuang-Chen's scheme, such as impersonation attack, smart card loss attack, denial of service attack and perfect forward secrecy. Unfortunately, we discover that Choi's proposed scheme is not only still vulnerable to smart card loss attack and lack of perfect forward secrecy, but also contains a flaw in design for authentication phase after our analysis in detail. In order to solve these security issues, we propose an enhanced secure anonymous authentication scheme with key agreement based on smart cards and biometrics for multi-server environments in this paper. According to our performance and security analysis, it can prove that our proposed scheme is more efficiency and security in comparison to previous schemes.

[1]  K. Yoo,et al.  A ROBUST AND FLEXIBLE BIOMETRICS REMOTE USER AUTHENTICATION SCHEME , 2012 .

[2]  J. K. Lee,et al.  Fingerprint-based remote user authentication scheme using smart cards , 2002 .

[3]  Shuenn-Shyang Wang,et al.  A secure dynamic ID based remote user authentication scheme for multi-server environment , 2009, Comput. Stand. Interfaces.

[4]  Hung-Min Sun,et al.  Cryptanalysis of a fingerprint-based remote user authentication scheme using smart cards , 2003, IEEE 37th Annual 2003 International Carnahan Conference onSecurity Technology, 2003. Proceedings..

[5]  Jia-Lun Tsai,et al.  Efficient multi-server authentication scheme based on one-way hash function without verification table , 2008, Comput. Secur..

[6]  Bo Yang,et al.  A biometric password-based multi-server authentication scheme with smart card , 2010, 2010 International Conference On Computer Design and Applications.

[7]  Chu-Hsing Lin,et al.  A flexible biometrics remote user authentication scheme , 2004, Comput. Stand. Interfaces.

[8]  Chin-Chen Chang,et al.  Remarks on fingerprint-based remote user authentication scheme using smart cards , 2004, OPSR.

[9]  Younghwa An,et al.  Security Weaknesses and Improvements of a Fingerprint-based Remote User Authentication Scheme Using Smart Cards , 2012 .

[11]  Younsung Choi Security Enhanced Anonymous Multiserver Authenticated Key Agreement Scheme Using Smart Cards and Biometrics , 2014, IACR Cryptol. ePrint Arch..

[12]  Meng Chang Chen,et al.  An anonymous multi-server authenticated key agreement scheme based on trust computing using smart cards and biometrics , 2014, Expert Syst. Appl..

[13]  Jing Xu,et al.  Improvement of a Fingerprint-Based Remote User Authentication Scheme , 2008, 2008 International Conference on Information Security and Assurance (isa 2008).

[14]  Muhammad Khurram Khan,et al.  An Efficient and Practical Fingerprint-Based Remote User Authentication Scheme with Smart Cards , 2006, ISPEC.