A biometrics and smart cards-based authentication scheme for multi-server environments

With the rapid development of computer networks, multi-server architecture has attracted much attention in many network environments. Moreover, in order to achieve non-repudiation which both passwords and cryptographic keys cannot provide, several password authentication schemes combining a user's biometrics for multi-server environments have been proposed in the past. In 2014, Chuang et al. presented a biometrics-based multi-server authenticated key agreement scheme and declared that their scheme was efficient and secure. Later, Mishra et al. commented that the scheme by Chuang et al. was susceptible to stolen smart card, impersonation and denial of service attacks. To conquer these weaknesses, Mishra et al. presented an efficient biometrics-based multi-server authenticated key agreement scheme using hash functions. However, we prove that the scheme by Mishra et al. is insecure against forgery, server masquerading and lacks perfect forward secrecy. The focus of this paper is to present a robust biometrics and public-key techniques-based authentication scheme, which is a significant enhancement to the scheme recently proposed by Mishra et al. The highlight of our scheme is that it not only conquers the flaws but also is efficient compared with other related authenticated key agreement schemes. Copyright © 2015John Wiley & Sons, Ltd.

[1]  Ashok Kumar Das,et al.  A secure and effective user authentication and privacy preserving protocol with smart cards for wireless communications , 2013 .

[2]  Leslie Lamport,et al.  Password authentication with insecure communication , 1981, CACM.

[3]  Jizhou Sun,et al.  Improvements of Juang 's Password-Authenticated Key Agreement Scheme Using Smart Cards , 2009, IEEE Transactions on Industrial Electronics.

[4]  Chun Chen,et al.  A strong user authentication scheme with smart cards for wireless communications , 2011, Comput. Commun..

[5]  Debiao He Security flaws in a biometrics-based multi-server authentication with key agreement scheme , 2011, IACR Cryptol. ePrint Arch..

[6]  Tae Hyun Kim,et al.  Side channel analysis attacks using AM demodulation on commercial smart cards with SEED , 2012, J. Syst. Softw..

[7]  Ping Wang,et al.  Understanding security failures of two-factor authentication schemes for real-time applications in hierarchical wireless sensor networks , 2014, Ad Hoc Networks.

[8]  Meng Chang Chen,et al.  An anonymous multi-server authenticated key agreement scheme based on trust computing using smart cards and biometrics , 2014, Expert Syst. Appl..

[9]  Chun-Ta Li,et al.  An efficient biometrics-based remote user authentication scheme using smart cards , 2010, J. Netw. Comput. Appl..

[10]  Cheng-Chi Lee,et al.  Robust anonymous authentication protocol for health-care applications using wireless medical sensor networks , 2013, Multimedia Systems.

[11]  Ping Wang,et al.  On the anonymity of two-factor authentication schemes for wireless sensor networks: Attacks, principle and solutions , 2014, Comput. Networks.

[12]  Peilin Hong,et al.  A lightweight dynamic pseudonym identity based authentication and key agreement protocol without verification tables for multi-server architecture , 2012, J. Comput. Syst. Sci..

[13]  Jian Ma,et al.  A novel smart card and dynamic ID based remote user authentication scheme for multi-server environments , 2013, Math. Comput. Model..

[14]  Lixiang Li,et al.  An Enhanced Biometric-Based Authentication Scheme for Telecare Medicine Information Systems Using Elliptic Curve Cryptosystem , 2015, Journal of Medical Systems.

[15]  Ping Wang,et al.  Anonymous Two-Factor Authentication in Distributed Systems: Certain Goals Are Beyond Attainment , 2015, IEEE Transactions on Dependable and Secure Computing.

[16]  Chunguang Ma,et al.  Security flaws in two improved remote user authentication schemes using smart cards , 2014, Int. J. Commun. Syst..

[17]  Tang Ming . Wei Lian. Si Tuo Lin Si,et al.  Cryptography and Network Security - Principles and Practice , 2015 .

[18]  Sherali Zeadally,et al.  Authentication protocol for an ambient assisted living system , 2015, IEEE Communications Magazine.

[19]  Lixiang Li,et al.  Robust and Efficient Biometrics Based Password Authentication Scheme for Telecare Medicine Information Systems Using Extended Chaotic Maps , 2015, Journal of Medical Systems.

[20]  Martín Abadi,et al.  A logic of authentication , 1990, TOCS.

[21]  Ashok Kumar Das,et al.  Cryptanalysis and improvement of an access control in user hierarchy based on elliptic curve cryptosystem , 2012, Inf. Sci..

[22]  Yi Mu,et al.  An Efficient Generic Framework for Three-Factor Authentication With Provably Secure Instantiation , 2014, IEEE Transactions on Information Forensics and Security.

[23]  Debiao He,et al.  Robust Biometrics-Based Authentication Scheme for Multiserver Environment , 2015, IEEE Systems Journal.

[24]  Lixiang Li,et al.  A Lightweight ID Based Authentication and Key Agreement Protocol for Multiserver Architecture , 2015, Int. J. Distributed Sens. Networks.

[25]  Chunguang Ma,et al.  Cryptanalysis of Two Dynamic ID-Based Remote User Authentication Schemes for Multi-server Architecture , 2012, NSS.

[26]  Eun-Jun Yoon,et al.  Robust biometrics-based multi-server authentication with key agreement scheme for smart cards on elliptic curve cryptosystem , 2010, The Journal of Supercomputing.

[27]  Jia-Lun Tsai,et al.  Efficient multi-server authentication scheme based on one-way hash function without verification table , 2008, Comput. Secur..

[28]  Bo Yang,et al.  A biometric password-based multi-server authentication scheme with smart card , 2010, 2010 International Conference On Computer Design and Applications.

[29]  Sourav Mukhopadhyay,et al.  A secure user anonymity-preserving biometric-based multi-server authenticated key agreement scheme using smart cards , 2014, Expert Syst. Appl..

[30]  David Evans,et al.  Reverse-Engineering a Cryptographic RFID Tag , 2008, USENIX Security Symposium.

[31]  William Stallings,et al.  Cryptography and Network Security: Principles and Practice , 1998 .