Abstract
A multiserver environment can improve the efficiency of mobile network services more effectively than a single server in managing the increase in users. Because of the large number of users, the security of users’ personal information and communication information is more important in a multiserver environment. Recently, Wang et al. proposed a multiserver authentication scheme based on biometrics and proved the security of their scheme. However, we first demonstrate that their scheme is insecure against a known session-specific temporary information attacks, user impersonation attacks, and server impersonation attacks. To solve the security weakness, we propose an improved scheme based on Wang et al.’s scheme. The security of our improved scheme is also validated based on the formal security analysis, Burrows–Abadi–Needham (BAN) logic, ProVerif, and informal security analysis. Security and performance comparisons prove the security and efficiency of our scheme.
Highlights
With the development of information technologies [1,2,3,4,5,6,7,8] and the widespread application of the Internet of ings [9,10,11,12], mobile communication has emerged in many network communication environments. e multiserver environments in mobile communication improve the efficiency of user communications; it is more popular than single-server environments for users. e multiserver environment overcomes the limited storage and computing of the single-server environment and can provide more remote services
In 2015, Odelu et al [30] reported that the scheme proposed in [28] was vulnerable to a known session-specific temporary information attack and an impersonation attack and did not provide strong user anonymity; they proposed a secure multiserver authentication protocol based on biometric technology using smart cards
In 2018, Feng et al [33] discovered that the scheme presented in [32] could not guarantee user anonymity, three-factor security, perfect forward security, etc.; they proposed a multiserver environment authentication scheme based on anonymous biometrics
Summary
With the development of information technologies [1,2,3,4,5,6,7,8] and the widespread application of the Internet of ings [9,10,11,12], mobile communication has emerged in many network communication environments. e multiserver environments in mobile communication improve the efficiency of user communications; it is more popular than single-server environments for users. e multiserver environment overcomes the limited storage and computing of the single-server environment and can provide more remote services. In 2015, Odelu et al [30] reported that the scheme proposed in [28] was vulnerable to a known session-specific temporary information attack and an impersonation attack and did not provide strong user anonymity; they proposed a secure multiserver authentication protocol based on biometric technology using smart cards. In 2018, Feng et al [33] discovered that the scheme presented in [32] could not guarantee user anonymity, three-factor security, perfect forward security, etc.; they proposed a multiserver environment authentication scheme based on anonymous biometrics. Erefore, Wang et al proposed an improved multiserver authentication scheme based on biometrics and claimed that their scheme can overcome offline passwordguessing, user impersonation, server impersonation, known specific session temporary information, three-factor security, user anonymity, and privileged internal attacks.
Sign-in/Register to view highlights & summary 
Published Version (
Free)
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call