Skip to main content
SpringerLink
Log in
Book cover

International Conference on Applied Human Factors and Ergonomics

AHFE 2017: Advances in Human Factors in Cybersecurity pp 62–71Cite as

Cryptanalysis and Improvement of an Advanced Anonymous and Biometrics-Based Multi-server Authentication Scheme Using Smart Cards

  • Conference paper
  • First Online:

  • 2053 Accesses

Part of the book series: Advances in Intelligent Systems and Computing ((AISC,volume 593))

Abstract

In conventional single-server environment, a user must register to every server if he/she wants to access numerous network services. It is exceedingly hard for users to generate different robust passwords and remember them with corresponding identities. To solve this problem, many multi-server authentication schemes have been proposed in recent years. In 2017, Chang et al. improved Chuang and Chen’s scheme, arguing that their scheme provides higher security and practicability. However, we demonstrate that Chang et al.’s scheme is still vulnerable to outsider attack and session key derived attack. In addition, we also find that both malicious user and server can carry out user impersonation attack in their scheme. In this paper, we propose a new biometrics-based authentication scheme that is suitable for use in multi-server environment. Finally, we show that the proposed scheme improves on the level of security in comparison with related schemes.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   129.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   169.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

References

  1. Lamport, L.: Password authentication with insecure communication. Commun. ACM 24(11), 770–772 (1981)

    Article  MathSciNet  Google Scholar 

  2. Das, A.K.: Analysis and improvement on an efficient biometric-based remote user authentication scheme using smart cards. IET Inf. Secur. 5(3), 145–151 (2011)

    Article  Google Scholar 

  3. Li, X., Niu, J.W., Ma, J., Wang, W.D., Liu, C.L.: Cryptanalysis and improvement of a biometrics-based remote user authentication scheme using smart cards. J. Netw. Comput. Appl. 34(1), 73–79 (2011)

    Article  Google Scholar 

  4. Yang, D., Yang, B.: A biometric password-based multi-server authentication scheme with smart card. In: 2010 International Conference on Computer Design and Applications (ICCDA), vol. 5, p. V5-554. IEEE (2010)

    Google Scholar 

  5. Yoon, E.J., Yoo, K.Y.: Robust biometrics-based multi-server authentication with key agreement scheme for smart cards on elliptic curve cryptosystem. J. Supercomput. 63(1), 235–255 (2013)

    Article  Google Scholar 

  6. He, D.: Security flaws in a biometrics-based multi-server authentication with key agreement scheme. IACR Cryptology ePrint Archive, 365 (2011)

    Google Scholar 

  7. Chuang, M.C., Chen, M.C.: An anonymous multi-server authenticated key agreement scheme based on trust computing using smart cards and biometrics. Expert Syst. Appl. 41(4), 1411–1418 (2014)

    Article  Google Scholar 

  8. Chang, C.C., Hsueh, W.Y., Cheng, T.F.: An advanced anonymous and biometrics-based multi-server authentication scheme using smart cards. Int. J. Netw. Secur. 18(6), 1010–1021 (2016)

    Google Scholar 

  9. Dodis, Y., Reyzin, L, Smith, A.: Fuzzy extractors: how to generate strong keys from biometrics and other noisy data. In: International Conference on the Theory and Applications of Cryptographic Techniques, pp. 523–540. Springer, Heidelberg (2004)

    Google Scholar 

  10. Moon, J., Choi, Y., Jung, J., Won, D.: An improvement of robust biometrics-based authentication and key agreement scheme for multi-server environments using smart cards. PloS One 10(12), e0145263.5 (2015)

    Google Scholar 

  11. Jung, J., Kang, D., Lee, D., Won, D.: An improved and secure anonymous biometric-based user authentication with key agreement scheme for the integrated EPR information system. PLoS One 12(1), e0169414 (2017)

    Article  Google Scholar 

  12. Kim, J., Lee, D., Jeon, W., Lee, Y., Won, D.: Security analysis and improvements of two-factor mutual authentication with key agreement in wireless sensor networks. Sensors 14(4), 6443–6462 (2014)

    Article  Google Scholar 

Download references

Acknowledgements

This work was supported by Institute for Information & communications Technology Promotion (IITP) grant funded by the Korea government (MSIP) (No. R0126-15-1111, The Development of Risk-based Authentication Access Control Platform and Compliance Technique for Cloud Security).

Author information

Authors and Affiliations

  1. Information Security Group, Sungkyunkwan University, Suwon, South Korea

    Chunyi Quan, Hakjun Lee, Dongwoo Kang & Dongho Won

  2. Department of Mobile Internet, Daelim University College, Anyang, South Korea

    Jiye Kim

  3. Department of Information and Communication, Pyeongtaek University, Pyeongtaek, South Korea

    Seokhyang Cho

Authors
  1. Chunyi Quan
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Hakjun Lee
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Dongwoo Kang
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Jiye Kim
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Seokhyang Cho
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Dongho Won
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Dongho Won .

Editor information

Editors and Affiliations

  1. Soar Technology, Inc., Belle Isle, Florida, USA

    Denise Nicholson

Rights and permissions

Reprints and permissions

Copyright information

© 2018 Springer International Publishing AG

About this paper

Cite this paper

Quan, C., Lee, H., Kang, D., Kim, J., Cho, S., Won, D. (2018). Cryptanalysis and Improvement of an Advanced Anonymous and Biometrics-Based Multi-server Authentication Scheme Using Smart Cards. In: Nicholson, D. (eds) Advances in Human Factors in Cybersecurity. AHFE 2017. Advances in Intelligent Systems and Computing, vol 593. Springer, Cham. https://doi.org/10.1007/978-3-319-60585-2_7

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-60585-2_7

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-60584-5

  • Online ISBN: 978-3-319-60585-2

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation