Abstract

In order to improve the security in remote authentication systems, numerous biometric-based authentication schemes using smart cards have been proposed. Recently, Moon et al. presented an authentication scheme to remedy the flaws of Lu et al.’s scheme, and claimed that their improved protocol supports the required security properties. Unfortunately, we found that Moon et al.’s scheme still has weaknesses. In this paper, we show that Moon et al.’s scheme is vulnerable to insider attack, server spoofing attack, user impersonation attack and guessing attack. Furthermore, we propose a robust anonymous multi-server authentication scheme using public key encryption to remove the aforementioned problems. From the subsequent formal and informal security analysis, we demonstrate that our proposed scheme provides strong mutual authentication and satisfies the desirable security requirements. The functional and performance analysis shows that the improved scheme has the best secure functionality and is computational efficient.

Highlights

  • Nowadays security has becoming an urgent issue for the distributed networks

  • To evaluate the security of the improved scheme, we assume that the adversary might access the smart card of legal user and extract the information stored in the smart card and intercept information transmitted over the public channel

  • Assume a legal user’s smart card is Robust anonymous biometric-based authenticated key agreement scheme stolen by an adversary and the stored information < Vi, Wi, h(Á), H(Á) > on it are extracted

Read more

Summary

Introduction

Nowadays security has becoming an urgent issue for the distributed networks. The remote user authentication scheme allows the transmission of secret data via public channels, is an important cryptographic tool for distributed networks. Chaturvedi et al [26] demonstrated that Li et al.’s scheme doesn’t resist known session specific temporary information attack and doesn’t protect user’s privacy They proposed a novel authentication and key agreement protocol to overcome the weaknesses of Li et al.’s scheme. Mishra et al [28] showed that Chuang-Chen’s scheme is insecure against the denial-of-service attack, smart card stolen attack, server spoofing attack and impersonation attack They proposed a new biometric-based multi-server authentication protocol so as to overcome the weaknesses of Chuang-Chen’s scheme. In 2015, Lu et al [29] illustrated that Mishra et al.’s scheme is insecure against server spoofing attack and impersonation attack, and can not provide forward secrecy They introduced two independent three-factor authentication schemes [29, 31] for multi-server architecture, and claimed that the improved scheme has strong security.

Definition
Security model
Registration phase
Login phase
Authentication phase
Password updating
Lack of user anonymity
Insider attack
Server spoofing attack
Guessing attack
User impersonation attack
Our proposed scheme
Password changing phase
Verifying the proposed scheme with BAN logic
BAN logical postulates
Establishment of security goals g1
Formal analysis
Informal security analysis
No verification table
Functional analysis
Performance analysis
Conclusion

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Similar Papers

Paper Title
Journal
Date
Author
Security Analysis and Enhancements of an Effective Biometric-Based Remote User Authentication Scheme Using Smart Cards
Younghwa An
Journal of Biomedicine and Biotechnology | VOL. 2012
Younghwa AnYounghwa An
01 Jan 2012
A secure password-based authentication and key agreement scheme using smart cards
Dheerendra Mishra ... Sourav Mukhopadhyay
Journal of Information Security and Applications | VOL. 23
Dheerendra Mishra, et. al.Dheerendra Mishra ... Sourav Mukhopadhyay
23 Jul 2015
A security enhanced user authentication scheme for multi-server environment without using smart cards
Pengshuai Qiao
International Journal of Electronic Security and Digital Forensics | VOL. 7
Pengshuai QiaoPengshuai Qiao
01 Jan 2015
Single round-trip SIP authentication scheme with provable security for Voice over Internet Protocol using smart card
Saru Kumari ... Ashok Kumar Das
Multimedia Tools and Applications | VOL. 75
Saru Kumari, et. al.Saru Kumari ... Ashok Kumar Das
04 Nov 2015
View more papers

More From: PLOS ONE

Paper Title
Journal
Date
Author
Two-dimensional fetal speckle tracking; a learning curve study for offline strain analysis
Chantelle M De Vet ... Judith O E H Van Laar
PLOS ONE | VOL. 19
Chantelle M De Vet, et. al.Chantelle M De Vet ... Judith O E H Van Laar
18 Nov 2024
Panning for gold: Comparative analysis of cross-platform approaches for automated detection of political content in textual data
Mykola Makhortykh ... Michaela Maier
PLOS ONE | VOL. 19
Mykola Makhortykh, et. al.Mykola Makhortykh ... Michaela Maier
18 Nov 2024
Decision model of public opinion risk in campus social network based on hybrid dynamic deletion and shortest path algorithm
Nan Xu ... Yifeng Wang
PLOS ONE | VOL. 19
Nan Xu, et. al.Nan Xu ... Yifeng Wang
18 Nov 2024
Predicting poor functional outcomes for patients with large computed tomography perfusion core infarctions treated with endovascular thrombectomy
Rahul R Karamchandani ... Andrew W Asimos
PLOS ONE | VOL. 19
Rahul R Karamchandani, et. al.Rahul R Karamchandani ... Andrew W Asimos
18 Nov 2024
View more papers

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.