Improvement on a Biometric-Based Key Agreement and Authentication Scheme for the Multi-server Environments

Abstract

With the rapid spiraling network users expansion and the enlargement of communication technologies, the multi-server environment has been the most common environment for widely deployed applications. Wang et al. recently have shown that Mishra et al.’s biohasing-based authentication scheme for multi-server was insecure, and then presented a fuzzy-extractor-based authentication protocol for key-agreement and multi-server. They continued to assert that their protocol was more secure and efficient. After a prudent analysis, however, their enhanced scheme still remains vulnerabilities against well-known attacks. In this paper, the weaknesses of Wang et al.’s protocol such as the outsider and user impersonation attacks are demonstrated, followed by the proposal of a new fuzzy-extractor and smart card-based protocol, also for key agreement and multi-server environment. Lastly, the authors shows that the new key-agreement protocol is more secure using random oracle method and Automated Validation of Internet Security Protocols and Applications (AVISPA) tool, and that it serves to gratify all of the required security properties.