A provably secure biometrics-based authenticated key agreement scheme for multi-server environments

An authentication scheme handling multiple servers offers a feasible environment to users to conveniently access the rightful services from various servers using one-time registration. The practical realization of distribution of online services efficiently and transparently in multiple-server systems has come true by virtue of multi-server user authentication schemes. Due to distinguished properties like, difficulty to forge or copy, in-feasibility to lose or guess or forget, etc., biometrics have been widely preferred as a third authenticating factor in password and smart card based user authentication protocols. In this paper, we design a new biometrics-based multi-server authentication scheme based on trusted multiple-servers. We harness the concept of fuzzy extractor to provide the proper matching of biometric patterns. We evaluate our scheme through informal discussions on performance and also using Burrows-Abadi-Needham logic (BAN-logic) & random oracle model for formal security analysis. We also compose a comparative assessment of our scheme and the related ones. Outcome of the analysis and assessment shows our scheme an edge above many related and contemporary schemes.

[1]  T. J. Rivlin The Chebyshev polynomials , 1974 .

[2]  Martín Abadi,et al.  A logic of authentication , 1989, Proceedings of the Royal Society of London. A. Mathematical and Physical Sciences.

[3]  Bruce Schneier,et al.  Applied cryptography : protocols, algorithms, and source codein C , 1996 .

[4]  Bernard P. Zajac Applied cryptography: Protocols, algorithms, and source code in C , 1994 .

[5]  Hyunsoo Yoon,et al.  New Modular Multiplication Algorithms for Fast Modular Exponentiation , 1996, EUROCRYPT.

[6]  Sarvar Patel,et al.  Provably Secure Password-Authenticated Key Exchange Using Diffie-Hellman , 2000, EUROCRYPT.

[7]  Woei-Jiunn Tsaur,et al.  A Flexible User Authentication Scheme for Multi-server Internet Services , 2001, ICN.

[8]  Min-Shiang Hwang,et al.  A remote password authentication scheme for multiserver architecture using neural networks , 2001, IEEE Trans. Neural Networks.

[9]  Robert H. Sloan,et al.  Examining Smart-Card Security under the Threat of Power Analysis Attacks , 2002, IEEE Trans. Computers.

[10]  Siva Sai Yerubandi,et al.  Differential Power Analysis , 2002 .

[11]  Dongho Won,et al.  Cryptanalysis of flexible remote password authentication scheme of ICN'01 , 2002 .

[12]  Ljupco Kocarev,et al.  Public-key encryption based on Chebyshev maps , 2003, Proceedings of the 2003 International Symposium on Circuits and Systems, 2003. ISCAS '03..

[13]  Min-Shiang Hwang,et al.  A new remote user authentication scheme for multi-server architecture , 2003, Future Gener. Comput. Syst..

[14]  Hans Eberle,et al.  Comparing Elliptic Curve Cryptography and RSA on 8-bit CPUs , 2004, CHES.

[15]  Wen-Shenq Juang,et al.  Efficient multi-server password authenticated key agreement using smart cards , 2004, IEEE Transactions on Consumer Electronics.

[16]  Yevgeniy Dodis,et al.  Fuzzy Extractors: How to Generate Strong Keys from Biometrics and Other Noisy Data , 2004, EUROCRYPT.

[17]  David Pointcheval,et al.  Password-Based Authenticated Key Exchange in the Three-Party Setting , 2005, Public Key Cryptography.

[18]  Alfredo De Santis,et al.  Security of public-key cryptosystems based on Chebyshev polynomials , 2004, IEEE Transactions on Circuits and Systems I: Regular Papers.

[19]  Wei-Bin Lee,et al.  An enhanced user authentication scheme for multi-server Internet services , 2005, Appl. Math. Comput..

[20]  Wei-Chi Ku,et al.  Weaknesses of a Remote User Authentication Scheme Using Smart Cards for Multi-Server Architecture , 2005, IEICE Trans. Commun..

[21]  Wei-Chi Ku Weaknesses and drawbacks of a password authentication scheme using neural networks for multiserver architecture , 2005, IEEE Transactions on Neural Networks.

[22]  David Pointcheval,et al.  Password-Based Authenticated Key Exchange in the Three-Party Setting , 2005, Public Key Cryptography.

[23]  C. Kaufman Internet Key Exchange (IKEv2) Protocol", RFC 4306 , 2005 .

[24]  Charlie Kaufman,et al.  Internet Key Exchange (IKEv2) Protocol , 2005, RFC.

[25]  Aaron Weiss Trusted computing , 2006, NTWK.

[26]  Rafail Ostrovsky,et al.  Fuzzy Extractors: How to Generate Strong Keys from Biometrics and Other Noisy Data , 2004, SIAM J. Comput..

[27]  Iuon-Chang Lin,et al.  A neural network system for authenticating remote users in multi‐server architecture , 2008, Int. J. Commun. Syst..

[28]  Jia-Lun Tsai,et al.  Efficient multi-server authentication scheme based on one-way hash function without verification table , 2008, Comput. Secur..

[29]  Linhua Zhang Cryptanalysis of the public key encryption based on multiple chaotic systems , 2008 .

[30]  Wei-Kuan Shih,et al.  Improvement of the secure dynamic ID based remote user authentication scheme for multi-server environment , 2009, Comput. Stand. Interfaces.

[31]  Song Han,et al.  Chaotic map based key agreement with/out clock synchronization , 2009 .

[32]  Chin-Laung Lei,et al.  User authentication scheme with privacy-preservation for multi-server environment , 2009, IEEE Communications Letters.

[33]  Shuenn-Shyang Wang,et al.  A secure dynamic ID based remote user authentication scheme for multi-server environment , 2009, Comput. Stand. Interfaces.

[34]  Kuo-Hui Yeh,et al.  A NOVEL REMOTE USER AUTHENTICATION SCHEME FOR MULTI-SERVER ENVIRONMENT WITHOUT USING SMART CARDS , 2010 .

[35]  Eun-Jun Yoon,et al.  Robust biometrics-based multi-server authentication with key agreement scheme for smart cards on elliptic curve cryptosystem , 2010, The Journal of Supercomputing.

[36]  Cheng-Chi Lee,et al.  A secure dynamic ID based remote user authentication scheme for multi-server environment using smart cards , 2011, Expert Syst. Appl..

[37]  Kuldip Singh,et al.  A secure dynamic identity based authentication protocol for multi-server architecture , 2011, J. Netw. Comput. Appl..

[38]  Aboul Ella Hassanien,et al.  A Fast and Secure One-Way Hash Function , 2011, FGIT-SecTech.

[39]  Xiong Li,et al.  Cryptanalysis and improvement of a biometrics-based remote user authentication scheme using smart cards , 2011, J. Netw. Comput. Appl..

[40]  Wei-Bin Lee,et al.  An efficient and secure multi-server authentication scheme with key agreement , 2012, J. Syst. Softw..

[41]  Jian Ma,et al.  An efficient and security dynamic identity based authentication protocol for multi-server architecture using smart cards , 2012, J. Netw. Comput. Appl..

[42]  K. Martin Everyday Cryptography: Fundamental Principles and Applications , 2012 .

[43]  Cheng-Chi Lee,et al.  An Extended Multi-Server-Based User Authentication and Key Agreement Scheme with User Anonymity , 2013, KSII Trans. Internet Inf. Syst..

[44]  HanCheng Hsiang,et al.  A Robust Authentication Protocol for Multi-Server Architecture without Smart Cards , 2013 .

[45]  Cheng-Chi Lee,et al.  Towards secure and efficient user authentication scheme using smart card for multi-server environments , 2013, The Journal of Supercomputing.

[46]  Jia-Lun Tsai,et al.  A New Password-Based Multi-server Authentication Scheme Robust to Password Guessing Attacks , 2012, Wireless Personal Communications.

[47]  Sourav Mukhopadhyay,et al.  A secure user anonymity-preserving biometric-based multi-server authenticated key agreement scheme using smart cards , 2014, Expert Syst. Appl..

[48]  Meng Chang Chen,et al.  An anonymous multi-server authenticated key agreement scheme based on trust computing using smart cards and biometrics , 2014, Expert Syst. Appl..

[49]  Peilin Hong,et al.  A lightweight dynamic pseudonym identity based authentication and key agreement protocol without verification tables for multi-server architecture , 2012, J. Comput. Syst. Sci..

[50]  Xiong Li,et al.  An improved remote user authentication scheme with key agreement , 2014, Comput. Electr. Eng..

[51]  Jenq-Shiou Leu,et al.  Efficient and secure dynamic ID-based remote user authentication scheme for distributed systems using smart cards , 2014, IET Inf. Secur..

[52]  Jin Wang,et al.  A Variable Threshold-Value Authentication Architecture for Wireless Mesh Networks , 2014 .

[53]  Hongfeng Zhu,et al.  A biometrics-based multi-server key agreement scheme on chaotic maps cryptosystem , 2015, J. Inf. Hiding Multim. Signal Process..

[54]  Debiao He,et al.  New biometrics-based authentication scheme for multi-server environment in critical systems , 2015, J. Ambient Intell. Humaniz. Comput..

[55]  Debiao He,et al.  Robust Biometrics-Based Authentication Scheme for Multiserver Environment , 2015, IEEE Systems Journal.

[56]  Xingming Sun,et al.  Achieving Efficient Cloud Search Services: Multi-Keyword Ranked Search over Encrypted Cloud Data Supporting Parallel Computing , 2015, IEICE Trans. Commun..

[57]  Xingming Sun,et al.  Enabling Personalized Search over Encrypted Outsourced Data with Efficiency Improvement , 2016, IEEE Transactions on Parallel and Distributed Systems.

[58]  Yang Sun,et al.  Provably Secure Multi-server Privacy-Protection System Based on Chebyshev Chaotic Maps without Using Symmetric Cryptography , 2016, Int. J. Netw. Secur..

[59]  Chin-Chen Chang,et al.  A Provably Secure, Efficient, and Flexible Authentication Scheme for Ad hoc Wireless Sensor Networks , 2016, IEEE Transactions on Wireless Communications.

[60]  Liping Zhang,et al.  An energy efficient authenticated key agreement protocol for SIP-based green VoIP networks , 2016, J. Netw. Comput. Appl..

[61]  Qian Wang,et al.  A Secure and Dynamic Multi-Keyword Ranked Search Scheme over Encrypted Cloud Data , 2016, IEEE Transactions on Parallel and Distributed Systems.

[62]  Xingming Sun,et al.  Toward Efficient Multi-Keyword Fuzzy Search Over Encrypted Outsourced Data With Accuracy Improvement , 2016, IEEE Transactions on Information Forensics and Security.

[63]  Tian-Fu Lee,et al.  Provably Secure Anonymous Single-Sign-On Authentication Mechanisms Using Extended Chebyshev Chaotic Maps for Distributed Computer Networks , 2018, IEEE Systems Journal.