A biometrics and smart cards-based authentication scheme for multi-server environments

Abstract

With the rapid development of computer networks, multi-server architecture has attracted much attention in many network environments. Moreover, in order to achieve non-repudiation which both passwords and cryptographic keys cannot provide, several password authentication schemes combining a user's biometrics for multi-server environments have been proposed in the past. In 2014, Chuang et al. presented a biometrics-based multi-server authenticated key agreement scheme and declared that their scheme was efficient and secure. Later, Mishra et al. commented that the scheme by Chuang et al. was susceptible to stolen smart card, impersonation and denial of service attacks. To conquer these weaknesses, Mishra et al. presented an efficient biometrics-based multi-server authenticated key agreement scheme using hash functions. However, we prove that the scheme by Mishra et al. is insecure against forgery, server masquerading and lacks perfect forward secrecy. The focus of this paper is to present a robust biometrics and public-key techniques-based authentication scheme, which is a significant enhancement to the scheme recently proposed by Mishra et al. The highlight of our scheme is that it not only conquers the flaws but also is efficient compared with other related authenticated key agreement schemes. Copyright © 2015John Wiley & Sons, Ltd.