Skip to main content
SpringerLink
Log in

Improvement on a Biometric-Based Key Agreement and Authentication Scheme for the Multi-server Environments

  • Conference paper
  • First Online:
Computational Science and Its Applications – ICCSA 2018 (ICCSA 2018)

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 10960))

Included in the following conference series:

  • 1465 Accesses

Abstract

With the rapid spiraling network users expansion and the enlargement of communication technologies, the multi-server environment has been the most common environment for widely deployed applications. Wang et al. recently have shown that Mishra et al.’s biohasing-based authentication scheme for multi-server was insecure, and then presented a fuzzy-extractor-based authentication protocol for key-agreement and multi-server. They continued to assert that their protocol was more secure and efficient. After a prudent analysis, however, their enhanced scheme still remains vulnerabilities against well-known attacks. In this paper, the weaknesses of Wang et al.’s protocol such as the outsider and user impersonation attacks are demonstrated, followed by the proposal of a new fuzzy-extractor and smart card-based protocol, also for key agreement and multi-server environment. Lastly, the authors shows that the new key-agreement protocol is more secure using random oracle method and Automated Validation of Internet Security Protocols and Applications (AVISPA) tool, and that it serves to gratify all of the required security properties.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Zhang, X., Li, W., Zheng, Z.M., Guo, B.H.: Optimized statistical analysis of software trustworthiness attributes. Sci. China Inf. Sci. 55(11), 2508–2520 (2012)

    Article  MathSciNet  Google Scholar 

  2. Lamport, L.: Password authentication with insecure communication. Commun. ACM 24(11), 770–772 (1981)

    Article  MathSciNet  Google Scholar 

  3. Jeon, W., Kim, J., Nam, J., Lee, Y., Won, D.: An enhanced secure authentication scheme with anonymity for wireless environments. IEICE Trans. Commun. 95(7), 2505–2508 (2012)

    Article  Google Scholar 

  4. Kim, J., Lee, D., Jeon, W., Lee, Y., Won, D.: Security analysis and improvements of two-factor mutual authentication with key agreement in wireless sensor networks. Sensors 14(4), 6443–6462 (2014)

    Article  Google Scholar 

  5. Sun, D.Z., Huai, J.P., Sun, J.Z., Li, J.X., Zhang, J.W., Feng, Z.Y.: Improvements of Juang’s password authenticated key agreement scheme using smart cards. IEEE Trans. Ind. Electron. 56(6), 2284–2291 (2009)

    Article  Google Scholar 

  6. Khan, M.K., Zhang, J.: Improving the security of ‘a flexible biometrics remote user authentication scheme’. Comput. Stand. Interfaces 29(1), 82–85 (2007)

    Article  Google Scholar 

  7. He, D., Kumar, N., Khan, M.K., Lee, J.H.: Anonymous two-factor authentication for consumer roaming service in global mobility networks. IEEE Trans. Consum. Electron. 59(4), 811–817 (2013)

    Article  Google Scholar 

  8. Moon, J., Choi, Y., Jung, J., Won, D.: An Improvement of robust biometrics-based authentication and key agreement scheme for multi-server environments using smart cards. PLoS ONE 10(12), 1–15 (2015)

    Google Scholar 

  9. Moon, J., Choi, Y., Kim, J., Won, D.: An improvement of robust and efficient biometrics based password authentication scheme for telecare medicine information systems using extended chaotic maps. J. Med. Syst. 40(3), 1–11 (2016)

    Article  Google Scholar 

  10. Lu, Y., Li, L., Peng, H., Yang, Y.: An enhanced biometric-based authentication scheme for telecare medicine information systems using elliptic curve cryptosystem. J. Med. Syst. 39(3), 1–8 (2015)

    Article  Google Scholar 

  11. Choi, Y., Nam, J., Lee, D., Kim, J., Jung, J., Won, D.: Security enhanced anonymous multi-server authenticated key agreement scheme using smart cards and biometrics. Sci. World J. Article ID 281305, 1–15 (2014)

    Google Scholar 

  12. Tsai, J.L.: Efficient multi-server authentication scheme based on one-way hash function without verification table. Comput. Secur. 27(3–4), 115–121 (2008)

    Article  Google Scholar 

  13. Liao, Y.P., Wang, S.S.: A secure dynamic ID based remote user authentication scheme for multi-server environment. Comput. Stand. Interfaces 31(1), 24–29 (2009)

    Article  Google Scholar 

  14. Hsiang, H.C., Shih, W.K.: Improvement of the secure dynamic ID based remote user authentication scheme for multi-server environment. Comput. Stand. Interfaces 31(6), 1118–1123 (2009)

    Article  Google Scholar 

  15. Li, X., Ma, J., Wang, W., Xiong, Y., Zhang, J.: A novel smart card and dynamic ID based remote user authentication scheme for multi-server environments. Math. Comput. Model. 58(1–2), 85–95 (2013)

    Article  Google Scholar 

  16. Xue, K.P., Hong, P.L., Ma, C.S.: A lightweight dynamic pseudonym identity based authentication and key agreement protocol without verification tables for multi-server arahitecture. J. Comput. Syst. Sci. 80(1), 195–206 (2013)

    Article  Google Scholar 

  17. Lu, Y., Li, L., Peng, H., Yang, X., Yang, Y.: A lightweight ID based authentication and key agreement protocol for multi-server architecture. Int. J. Distrib. Sens. Netw. 11(3), 1–9 (2015). 635890

    Article  Google Scholar 

  18. Chuang, M.C., Chen, M.C.: An anonymous multi-server authenticated key agreement scheme based on trust computing using smart cards and biometrics. Expert Syst. Appl. 41(4), 1411–1418 (2014)

    Article  MathSciNet  Google Scholar 

  19. Mishra, D., Das, A.K., Mukhopadhyay, S.: A secure user anonymity-preserving biometric-based multiserver authenticated key agreement scheme using smart cards. Expert Syst. Appl. 41(18), 8129–8143 (2014)

    Article  Google Scholar 

  20. Lu, Y., Li, L., Yang, X., Yang, Y.: Robust biometrics based authentication and key agreement scheme for multi-server environments using smart cards. PLoS ONE 10(5), 1–13 (2015)

    Google Scholar 

  21. Wang, C., Zhang, X., Zheng, Z.: Cryptanalysis and improvement of a biometric-based multi-server authentication and key agreement scheme. PLoS ONE 11(2), 1–25 (2016)

    Google Scholar 

  22. Dolev, D., Yao, A.C.: On the security of public key protocols. IEEE Trans. Inf. Theory 29(2), 198–208 (1983)

    Article  MathSciNet  Google Scholar 

  23. Kocher, P., Jaffe, J., Jun, B., Rohatgi, P.: Introduction to differential power analysis. J. Cryptogr. Eng. 1(1), 5–27 (2011)

    Article  Google Scholar 

  24. Das, A.K.: A secure and effective biometric-based user authentication scheme for wireless sensor networks using smart card and fuzzy extractor. Int. J. Commun. Syst. 30(1), 1–25 (2015)

    Google Scholar 

  25. Dodis, Y., Kanukurthi, B., Katz, J., Reyzin, L., Smith, A.: Robust fuzzy extractors and authenticated key agreement from close secrets. IEEE Trans. Inf. Theory 58(9), 6207–6222 (2012)

    Article  MathSciNet  Google Scholar 

  26. Dodis, Y., Reyzin, L., Smith, A.: Fuzzy extractors: how to generate strong keys from biometrics and other noisy data. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 523–540. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-24676-3_31

    Chapter  Google Scholar 

  27. RFC 4306: Internet key exchange (IKEv2) protocol (2005)

    Google Scholar 

  28. Das, A.K.: A secure and effective user authentication and privacy preserving protocol with smart cards for wireless communications. Netw. Sci. 2(1–2), 12–27 (2013)

    Article  Google Scholar 

  29. Das, A.K., Paul, N.R., Tripathy, L.: Cryptanalysis and improvement of an access control in user hieraRAhy based on elliptic curve cryptosystem. Inf. Sci. 209, 80–92 (2012)

    Article  Google Scholar 

  30. von Oheimb, D.: The high-level protocol specification language HLPSL developed in the EU project AVISPA. In: Proceedings of the Applied Semantics 2005 Workshop, Frauenchiemsee, Germany, pp. 1–17 (2005)

    Google Scholar 

  31. Xue, K., Hong, P.: Security improvement on an anonymous key agreement protocol based on chaotic maps. Commun. Nonlinear Sci. Numer. Simul. 17(7), 2969–2977 (2012)

    Article  MathSciNet  Google Scholar 

Download references

Acknowledgments

This research was supported by Basic Science Research Program through the National Research Foundation of Korea (NRF) funded by the Ministry of Education (NRF-2010-0020210).

Author information

Authors and Affiliations

  1. Department of Electrical and Computer Engineering, Sungkyunkwan University, 2066 Seobu-ro, Jangan-gu, Suwon-si, Gyeonggi-do, 16419, Korea

    Jongho Moon, Hakjun Lee, Sewan Ha & Dongho Won

  2. Department of Cyber Security, Howon University, 64 Howondae 3-gil, Impi-myeon, Gunsan-si, Jeonrabuk-do, 54058, Korea

    Youngsook Lee

  3. Department of Computer and Media Information, Kangnam University, 40 Gangnam-ro, Giheung-gu, Yongin-si, Gyeonggi-do, 16979, Korea

    Hyungkyu Yang

Authors
  1. Jongho Moon
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Youngsook Lee
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Hyungkyu Yang
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Hakjun Lee
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Sewan Ha
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Dongho Won
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Dongho Won .

Editor information

Editors and Affiliations

  1. University of Perugia, Perugia, Italy

    Osvaldo Gervasi

  2. University of Basilicata, Potenza, Italy

    Beniamino Murgante

  3. Covenant University, Ota, Nigeria

    Sanjay Misra

  4. Saint Petersburg State University, Saint Petersburg, Russia

    Elena Stankova

  5. Polytechnic University of Bari, Bari, Italy

    Carmelo M. Torre

  6. University of Minho, Braga, Portugal

    Ana Maria A.C. Rocha

  7. Monash University, Clayton, Victoria, Australia

    David Taniar

  8. Kyushu Sangyo University, Fukuoka shi, Fukuoka, Japan

    Bernady O. Apduhan

  9. Politecnico di Bari, Bari, Italy

    Eufemia Tarantino

  10. Myongji University, Yongin, Korea (Republic of)

    Yeonseung Ryu

Rights and permissions

Reprints and permissions

Copyright information

© 2018 Springer International Publishing AG, part of Springer Nature

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Moon, J., Lee, Y., Yang, H., Lee, H., Ha, S., Won, D. (2018). Improvement on a Biometric-Based Key Agreement and Authentication Scheme for the Multi-server Environments. In: Gervasi, O., et al. Computational Science and Its Applications – ICCSA 2018. ICCSA 2018. Lecture Notes in Computer Science(), vol 10960. Springer, Cham. https://doi.org/10.1007/978-3-319-95162-1_37

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-95162-1_37

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-95161-4

  • Online ISBN: 978-3-319-95162-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation