Abstract
AbstractRecently, Amin and Biswas have discussed a bilinear pairing–based three‐factor remote user authentication protocol, claiming it to be secured against various attacks. We scrutinize this protocol and find that it is vulnerable to identity guessing attack, password guessing attack, user untraceability attack, user‐server impersonation attack, new smart card issue attack, and privileged insider attack. In this paper, we propose an elliptic curve cryptography and biometric‐based remote user authentication protocol for a multiserver environment by overcoming these drawbacks. We conduct its informal and formal security analysis to show that it resists all known security attacks. The Burrows‐Abadi‐Needham (BAN) logic verifies that our protocol facilitates mutual authentication and session key agreement securely. We simulate it using the Automated Validation of Internet Security Protocols and Applications (AVISPA) tool to certify that it can be protected from passive and active threats, including replay and man‐in‐the‐middle attacks. Furthermore, the proposed protocol provides more security attributes and better complexity in terms of smart card storage cost, computation cost, estimated time, and communication cost, as compared with the related existing protocols.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callMore From: Transactions on Emerging Telecommunications Technologies
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
