Abstract
The emergence of multi-server authentication key protocol schemes provides a viable environment for users to easily access the services of multiple legitimate servers through a single registration. Biometric identification technology has the characteristics of forgery difficulty, duplication difficulty and guess difficulty, etc. Therefore, it is an indispensable authentication technology in smart card-based user authentication protocol. There are many shortcomings in the existing schemes based on biometrics, including leakages of biometrics information, smart card theft attack, lack of user anonymity, user impersonation attack, server impersonation, and so on. To overcome these shortcomings, we propose a new user authentication and key agreement scheme in the multi-server environment. To some extent, we not only are able to guarantee the communication security between the user and the servers, but also ensure the physical security of the smart card and biometrics information. In this respect, we use lightweight cryptographic primitives, such as Physically Unclonable Functions (PUFs), Fuzzy extractor and One-way hash functions, and so on. The proposed scheme can effectively protect user's anonymity without the use of password and provide mutual authentication and key agreement in the multi-server environment. Subsequently, we used informal analysis, Burrows-Abadi-Needham Logic (BAN-Logic) proof, and a widely accepted Real-Or-Random model to prove the security and robustness of proposed scheme. Finally, our authentication protocol can protect the security of communication.
Highlights
With the continuous development of Internet and communication technologies and the growing demand for shared data resources, people need to access several different servers anytime, anywhere to meet their needs
OUR CONTRIBUTIONS A new biometrics and Physically Unclonable Functions (PUFs)-based is designed for remote user authentication and session key protocol in multi-server environment
Ui provides unique biological keys by using fuzzy-extracted fuzzy extractor (FE).Gen algorithm, at some time, unique Ru is gained by using physical noncloning function (PUF)
Summary
With the continuous development of Internet and communication technologies and the growing demand for shared data resources, people need to access several different servers anytime, anywhere to meet their needs. J. Zhao et al.: Secure Biometrics And PUFs-Based Authentication Scheme With Key Agreement For Multi-Server Environments. He et al [20] pointed out that Yoon’s scheme is weaker against impersonation attacks and privileged internal attacks, because once an adversary gets a password and a smart card, it can impersonate a valid user He et al designed a new robust solution to this weakness, a three-factor authentication solution in a multi-server environment. Barman et al [23] proposed a multi-server environment authentication scheme based on biometrics Their approach uses fuzzy extraction methods to provide an appropriate match of biometric patterns. B. OUR CONTRIBUTIONS A new biometrics and PUFs-based is designed for remote user authentication and session key protocol in multi-server environment.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
