Top

Wireless Personal Communications

Published in:

17-06-2016

An Untraceable Biometric-Based Multi-server Authenticated Key Agreement Protocol with Revocation

Authors: Chin-Chen Chang, Ngoc-Tu Nguyen

Published in: Wireless Personal Communications | Issue 4/2016

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

Online access has been widely adopted to distribute diversified services to customers. In this architecture, public channels are utilized to exchange information between end users and remote servers at anytime and anywhere. To achieve confidentiality and integrity for transferred data, the related parties have to authenticate each other and negotiate a secret session key to encrypt and decrypt exchanged messages. Since the Lamport’s pioneering authentication work in 1981, numerous mechanisms have been proposed to enhance security as well as reduce computation and payload data. Recently, Chuang and Chen proposed a multi-server authenticated agreement protocol employing a smart card and biometric data to eliminate the weaknesses caused by parameters related to low-entropy human-memorable passwords that are stored in a physical location. However, Mishra et al. showed that Chuang and Chen’s protocol is not only vulnerable to multiple attacks but also suffers from the drawback of variation of biometric data. To overcome these weaknesses, they proposed an enhanced three-factor authenticated key agreement protocol using the low-error rate Biohashing technique. Unfortunately, we found that Mishra et al.’s scheme is also vulnerable to the denial-of-service attack, the traceable user attack, the impersonation attack, and the pre-shared key attack. Furthermore, the protocol does not provide any user revocation mechanism to control user accesses. In this novel untraceable authenticated key agreement scheme, we adopt the Hamming distance to verify encrypted Biohash codes and a public-key technique to construct the revocation mechanism. Our scheme achieves not only zero errors of biometric verification but also secure against all known attacks.

previous article An Innovative Design: MOS Based Full-Wave Centre-Tapped Rectifier

next article Smart Vehicle Navigation System Using Hidden Markov Model and RFID Technology

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Lamport, L. (1981). Password authentication with insecure communication. Communications of the ACM, 24(11), 770–772.MathSciNetCrossRef

Lin, I.-C., Hwang, M.-S., & Li, L.-H. (2003). A new remote user authentication scheme for multi-server architecture. Future Generation Computer Systems, 19(1), 13–22.MATHCrossRef

Ku, W.-C., Chang, S.-T., & Chiang, M.-H. (2005). Weaknesses of a remote user authentication scheme using smart cards for multi-server architecture. IEICE Transactions on Communications, E88B(8), 3451–3454.CrossRef

Juang, W.-S. (2004). Efficient multi-server password authenticated key agreement using smart cards. IEEE Transactions on Consumer Electronics, 50(1), 251–255.CrossRef

Ku, W.-C., Chuang, H.-M., & Chiang, M.-H. (2005). Cryptanalysis of a multi-server password authenticated key agreement scheme using smart cards. IEICE Transactions on Fundamentals of Electronics Communications and Computer Sciences, E88A(11), 3235–3238.CrossRef

Tsaur, W.-J., Li, J.-H., & Lee, W.-B. (2012). An efficient and secure multi-server authentication scheme with key agreement. Journal of Systems and Software, 85(4), 876–882.CrossRef

Li, C.-T., Lee, C.-C., Weng, C.-Y., & Fan, C.-I. (2013). An extended multi-server-based user authentication and key agreement scheme with user anonymity. KSII Transactions on Internet and Information Systems, 7(1), 119–131.CrossRef

Wang, B., & Ma, M. (2013). A smart card based efficient and secured multi-server authentication scheme. Wireless Personal Communications, 68(2), 361–378.CrossRef

He, D., & Wu, S. (2013). Security flaws in a smart card based authentication scheme for multi-server environment. Wireless Personal Communications, 70(1), 323–329.CrossRef

10.

Islam, S. H. (2014). A provably secure ID-based mutual authentication and key agreement scheme for mobile multi-server environment without esl attack. Wireless Personal Communications, 79(3), 1975–1991.MathSciNetCrossRef

11.

Lee, C.-C., Lou, D.-C., Li, C.-T., & Hsu, C.-W. (2014). An extended chaotic-maps-based protocol with key agreement for multiserver environments. Nonlinear Dynamics, 76(1), 853–866.MathSciNetMATHCrossRef

12.

Liao, Y.-P., & Wang, S.-S. (2009). A secure dynamic ID based remote user authentication scheme for multi-server environment. Computer Standards & Interfaces, 31(1), 24–29.CrossRef

13.

Hsiang, H.-C., & Shih, W.-K. (2009). Improvement of the secure dynamic ID based remote user authentication scheme for multi-server environment. Computer Standards and Interfaces, 31(6), 1118–1123.CrossRef

14.

Sood, S. K., Sarje, A. K., & Singh, K. (2011). A secure dynamic identity based authentication protocol for multi-server architecture. Journal of Network and Computer Applications, 34(2), 609–618.CrossRef

15.

Lee, C.-C., Lin, T.-H., & Chang, R.-X. (2011). A secure dynamic ID based remote user authentication scheme for multi-server environment using smart cards. Expert Systems with Applications, 38(11), 13863–13870.

16.

Li, X., Xiong, Y., Ma, J., & Wang, W. (2012). An efficient and security dynamic identity based authentication protocol for multi-server architecture using smart cards. Journal of Network and Computer Applications, 35(2), 763–769.CrossRef

17.

Shao, M.-H., & Chin, Y.-C. (2012). A privacy-preserving dynamic ID-based remote user authentication scheme with access control for multi-server environment. IEICE Transactions on Information and Systems, E95D(1), 161–168.CrossRef

18.

He, D., Chen, J., Shi, W., & Khan, M. K. (2013). On the security of an authentication scheme for multiserver architecture. International Journal of Electronic Security and Digital Forensics, 5(3–4), 288–296.CrossRef

19.

He, D. B., & Hu, H. (2013). Cryptanalysis of a dynamic ID-based remote user authentication scheme with access control for multi-server environments. IEICE Transactions on Information and Systems, 96(1), 138–140.MathSciNetCrossRef

20.

Li, X., Ma, J., Wang, W., Xiong, Y., & Zhang, J. (2013). A novel smart card and dynamic ID based remote user authentication scheme for multi-server environments. Mathematical and Computer Modelling, 58(1), 85–95.CrossRef

21.

Pippal, R. S., Jaidhar, C., & Tapaswi, S. (2013). Robust smart card authentication scheme for multi-server architecture. Wireless Personal Communications, 72(1), 729–745.CrossRef

22.

Tao, W., Nan, J., & Jianfeng, M. (2014). Cryptanalysis of two dynamic identity based authentication schemes for multi-server architecture. China Communications, 11(11), 125–134.CrossRef

23.

Wang, D., & Wang, P. (2014). On the anonymity of two-factor authentication schemes for wireless sensor networks: Attacks, principle and solutions. Computer Networks, 73, 41–57.CrossRef

24.

Kim, H., Jeon, W., Lee, K., Lee, Y., & Won, D. (2012). Cryptanalysis and improvement of a biometrics-based multi-server authentication with key agreement scheme. In Computational science and its applications—ICCSA 2012 (Vol. 7335, pp. 391–406). Berlin: Springer.

25.

Yoon, E.-J., & Yoo, K.-Y. (2013). Robust biometrics-based multi-server authentication with key agreement scheme for smart cards on elliptic curve cryptosystem. Journal of Supercomputing, 63(1), 235–255.CrossRef

26.

Chuang, M.-C., & Chen, M. C. (2014). An anonymous multi-server authenticated key agreement scheme based on trust computing using smart cards and biometrics. Expert Systems with Applications, 41(4), 1411–1418.MathSciNetCrossRef

27.

Choi, Y., Nam, J., Lee, D., Kim, J., Jung, J., & Won, D. (2014). Security enhanced anonymous multiserver authenticated key agreement scheme using smart cards and biometrics. Scientific World Journal, 2014, 1–15.

28.

Maitra, T., & Giri, D. (2014). An efficient biometric and password-based remote user authentication using smart card for telecare medical information systems in multi-server environment. Journal of Medical Systems, 38(12), 1–19.CrossRef

29.

Tan, Z. W. (2014). A user anonymity preserving three-factor authentication scheme for telecare medicine information systems. Journal of Medical Systems, 38(3), 1–9.CrossRef

30.

Lin, H., Wen, F., & Du, C. (2015). An improved anonymous multi-server authenticated key agreement scheme using smart cards and biometrics. Wireless Personal Communications, 84(4), 2351–2362.CrossRef

31.

Mishra, D., Das, A. K., & Mukhopadhyay, S. (2014). A secure user anonymity-preserving biometric-based multi-server authenticated key agreement scheme using smart cards. Expert Systems with Applications, 41(18), 8129–8143.CrossRef

32.

Yang, D., & Yang, B. (2010). A biometric password-based multi-server authentication scheme with smart card. In International conference on computer design and applications (ICCDA), 2010 (Vol. 5, pp. V5-554–V5-559). IEEE.

33.

Jiang, P., Wen, Q., Li, W., Jin, Z., & Zhang, H. (2015). An anonymous and efficient remote biometrics user authentication scheme in a multi-server environment. Frontiers of Computer Science, 9(1), 142–156.MathSciNetCrossRef

34.

He, D., & Wang, D. (2014). Robust biometrics-based authentication scheme for multiserver environment. IEEE Systems Journal, 9(3), 816–823.CrossRef

35.

Odelu, V., Das, A. K., & Goswami, A. (2015). A secure biometrics-based multi-server authentication protocol using smart cards. IEEE Transactions on Information Forensics and Security, 10(9), 1953–1966.CrossRef

36.

Jin, A. T. B., Ling, D. N. C., & Goh, A. (2004). Biohashing: two factor authentication featuring fingerprint data and tokenised random number. Pattern Recognition, 37(11), 2245–2255.CrossRef

37.

Lumini, A., & Nanni, L. (2007). An improved biohashing for human authentication. Pattern Recognition, 40(3), 1057–1065.MATHCrossRef

Title: An Untraceable Biometric-Based Multi-server Authenticated Key Agreement Protocol with Revocation
Authors: Chin-Chen Chang
Ngoc-Tu Nguyen
Publication date: 17-06-2016
Publisher: Springer US
Published in: Wireless Personal Communications / Issue 4/2016
Print ISSN: 0929-6212
Electronic ISSN: 1572-834X
DOI: https://doi.org/10.1007/s11277-016-3418-2

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Technik"

Springer Professional "Wirtschaft+Technik"

Springer Professional "Wirtschaft"

Other articles of this Issue 4/2016

TA-FSFT Thermal Aware Fail Safe Fault Tolerant algorithm for Wireless Body Sensor Network

A Watermarking Technique with Chaotic Fractional S-Box Transformation

WARM Based Data Pre-fetching and Cache Replacement Strategies for Location Dependent Information System in Wireless Environment

An Energy-Efficient Hybrid Routing Method for Wireless Sensor Networks with Mobile Sink

A Cognitive Self-Organising Clustering Algorithm for Urban Scenarios

Unsupervised Performance Functions for Wireless Self-Organising Networks