Browse > Article
http://dx.doi.org/10.3837/tiis.2016.07.028

An Anonymous Authentication with Key-Agreement Protocol for Multi-Server Architecture Based on Biometrics and Smartcards  

Reddy, Alavalapati Goutham (School of Computer Science and Engineering, Kyungpook National University)
Das, Ashok Kumar (Center for Security, Theory and Algorithmic Research, International Institute of Information Technology)
Yoon, Eun-Jun (Department of Cyber Security, Kyungil University)
Yoo, Kee-Young (School of Computer Science and Engineering, Kyungpook National University)
Publication Information
KSII Transactions on Internet and Information Systems (TIIS) / v.10, no.7, 2016 , pp. 3371-3396 More about this Journal
Abstract
Authentication protocols for multi-server architectures have gained momentum in recent times due to advancements in computing technologies and associated constraints. Lu et al. recently proposed a biometrics and smartcards-based authentication scheme for multi-server environment. The careful analysis of this paper demonstrates Lu et al.'s protocol is susceptible to user impersonation attacks and comprises insufficient data. In addition, this paper proposes an improved authentication with key-agreement protocol for multi-server architecture based on biometrics and smartcards. The formal security of the proposed protocol is verified using the widely accepted AVISPA (Automated Validation of Internet Security Protocols and Applications) tool to ensure that our protocol can withstand active and passive attacks. The formal and informal security analysis, and performance analysis sections determines that our protocol is robust and efficient compared to Lu et al.'s protocol and existing similar protocols.
Keywords
Anonymity; authentication; key-agreement; cryptanalysis; multi-server; smartcards; biometrics; security; AVISPA;
Citations & Related Records
연도 인용수 순위
  • Reference
1 C. Boyd and A. Mathuria., “Protocols for authentication and key establishment,” Springer Science & Business Media, 2013. Article (CrossRef Link)
2 Forouzan, Behrouz A., “Cryptography & Network Security,” McGraw-Hill, Inc., 2007. Article (CrossRef Link)
3 Huang, X., Xiang, Y., Chonka, A., Zhou, J., & Deng, R. H., “A generic framework for three-factor authentication: preserving security and privacy in distributed systems,” IEEE Transactions on Parallel and Distributed Systems, vol. 22, no. 8, pp. 1390-1397, 2011. Article (CrossRef Link)   DOI
4 Lamport, L., “Password authentication with insecure communication,” Communications of the ACM, vol. 24, no. 11, pp. 770-772, 1981. Article (CrossRef Link)   DOI
5 Chen, B. L., Kuo, W. C., & Wuu, L. C. “Robust smart‐card‐based remote user password authentication scheme,” International Journal of Communication Systems, vol. 27, no. 2, pp. 377-389, 2014. Article (CrossRef Link)   DOI
6 Islam, S. K. "Design and analysis of an improved smartcard‐based remote user password authentication scheme," International Journal of Communication Systems, 2014. Article (CrossRef Link)
7 Karuppiah, M., & Saravanan, R., “A secure remote user mutual authentication scheme using smart cards,” Journal of information security and applications, vol. 19, no. 4, pp. 282-294, 2014. Article (CrossRef Link)   DOI
8 Mishra, D., Das, A. K., Chaturvedi, A., & Mukhopadhyay, S. “A secure password-based authentication and key agreement scheme using smart cards,” Journal of Information Security and Applications, vol. 23, pp. 28-43, 2015. Article (CrossRef Link)   DOI
9 Mishra, D., Chaturvedi, A., & Mukhopadhyay, S. “Design of a lightweight two-factor authentication scheme with smart card revocation,” Journal of Information Security and Applications, vol. 23, pp. 44-53, 2015. Article (CrossRef Link)   DOI
10 Song, R. “Advanced smart card based password authentication protocol,” Computer Standards & Interfaces, vol. 32, no. 5, pp. 321-325, 2010. Article (CrossRef Link)   DOI
11 Xu, J., Zhu, W. T., & Feng, D. G. “An improved smart card based password authentication scheme with provable security,” Computer Standards & Interfaces, vol. 31, no. 4, pp. 723-728, 2009. Article (CrossRef Link)   DOI
12 Kocher, P., Jaffe, J., & Jun, B. "Differential power analysis," in Proc. of Advances in Cryptology—CRYPTO'99. Springer Berlin Heidelberg, pp. 388-397, 1999. Article (CrossRef Link)
13 Ma, C. G., Wang, D., & Zhao, S. D., “Security flaws in two improved remote user authentication schemes using smart cards,” International Journal of Communication Systems, vol. 27, no. 10, pp. 2215-2227, 2014. Article (CrossRef Link)   DOI
14 Messerges, T. S., Dabbish, E. A., & Sloan, R. H. “Examining smart-card security under the threat of power analysis attacks,” Computers, IEEE Transactions on, vol. 51, no. 5, pp. 541-552, 2002. Article (CrossRef Link)   DOI
15 Wang, D., & Wang, P. "Offline dictionary attack on password authentication schemes using smart cards," in Proc. of Information Security, Springer International Publishing, 221-237, 2015. Article (CrossRef Link)
16 Li, C. T., & Hwang, M. S. “An efficient biometrics-based remote user authentication protocol using smart cards,” Journal of Network and Computer Applications, vol. 33, no. 1, pp. 1-5, 2010. Article (CrossRef Link)   DOI
17 Mishra, D., Das, A. K., & Mukhopadhyay, S., “A secure user anonymity-preserving biometric-based multi-server authenticated key agreement scheme using smart cards,” Expert Systems with Applications, vol. 41, no.18, pp. 8129-8143, 2014. Article (CrossRef Link)   DOI
18 Fan, C. I., & Lin, Y. H., “Provably secure remote truly three-factor authentication protocol with privacy protection on biometrics,” IEEE Transactions on Information Forensics and Security, vol. 4, no. 4, pp. 933-945, 2009. Article (CrossRef Link)   DOI
19 Lee, J. K., Ryu, S. R., & Yoo, K. Y. “Fingerprint-based remote user authentication protocol using smart cards,” Electronics Letters, vol. 38, no. 12, pp. 554-555, 2002. Article (CrossRef Link)   DOI
20 Lu, Y., Li, L., Peng, H., Xie, D., & Yang, Y. “Robust and efficient biometrics based password authentication scheme for telecare medicine information systems using extended chaotic maps,” Journal of medical systems, vol. 39, no. 6, pp. 1-10, 2015. Article (CrossRef Link)   DOI
21 Hwang, T., Chen, Y., & Laih, C. S. "Non-interactive password authentications without password tables," in Proc. of Computer and Communication Systems. IEEE TENCON'90, 1990 IEEE Region 10 Conference on, pp. 429-431, 1990. Article (CrossRef Link)
22 Li, L. H., Lin, I. C., & Hwang, M. S., “A remote password authentication scheme for multi-server architecture using neural networks,” IEEE Transactions on Neural Networks, vol. 12, no. 6, pp. 1498-1504, 2001. Article (CrossRef Link)   DOI
23 Chaudhry, S. A., Naqvi, H., Farash, M. S., Shon, T., & Sher, M., “An improved and robust biometrics-based three factor authentication scheme for multiserver environments,” The Journal of Supercomputing, pp. 1-17, 2015. Article (CrossRef Link)
24 Chuang, M.-C., & Chen, M. C., “An anonymous multi-server authenticated key agreement scheme based on trust computing using smart cards and biometrics,” Expert Systems with Applications, vol. 41, no. 4, pp. 1411–1418, 2014. Article (CrossRef Link)   DOI
25 Das, A. K., Odelu, V., & Goswami, A., “A Secure and Robust User Authenticated Key Agreement Scheme for Hierarchical Multi-medical Server Environment in TMIS,” Journal of Medical Systems, vol. 39, no. 9, pp. 1-24, 2015. Article (CrossRef Link)   DOI
26 Li, X., Ma, J., Wang, W., Xiong, Y., & Zhang, J., “A novel smart card and dynamic ID based remote user authentication scheme for multi-server environments,” Mathematical and Computer Modelling, vol. 58, no.1, pp. 85-95, 2013. Article (CrossRef Link)   DOI
27 Guo, D. L., & Wen, F. T., “Analysis and improvement of a robust smart card based-authentication scheme for multi-server architecture,” Wireless Personal Communications, vol. 78, no. 1, pp. 475–490, 2014 Article (CrossRef Link)   DOI
28 Hsiang, H. C., & Shih, W. K., “Improvement of the secure dynamic ID based remote user authentication protocol for multi-server environment,” Computer Standards & Interfaces, vol. 31, pp. 6, pp. 1118-1123, 2009. Article (CrossRef Link)   DOI
29 Huang, C. H., Chou, J. S., Chen, Y., & Wun, S. Y., “Improved multi‐server authentication protocol,” Security and Communication Networks, vol. 5, no. 3, pp. 331-341, 2012. Article (CrossRef Link)   DOI
30 Lee, C. C., Lin, T. H., & Chang, R. X., “A secure dynamic ID based remote user authentication protocol for multi-server environment using smart cards,” Expert Systems with Applications, vol. 38, no. 11, pp. 13863-13870, 2011. Article (CrossRef Link)
31 Li, X., Xiong, Y., Ma, J., & Wang, W., “An efficient and security dynamic identity based authentication protocol for multi-server architecture using smart cards,” Journal of Network and Computer Applications, vol. 35, no. 2, pp. 763-769, 2012. Article (CrossRef Link)   DOI
32 Liao, Y. P., & Wang, S. S., “A secure dynamic ID based remote user authentication protocol for multi-server environment,” Computer Standards & Interfaces, vol. 31, no. 1, pp. 24-29, 2009. Article (CrossRef Link)   DOI
33 Lin, H., Wen, F., & Du, C., “An Improved Anonymous Multi-Server Authenticated Key Agreement Scheme Using Smart Cards and Biometrics,” Wireless Personal Communications, pp. 1-12, 2015. Article (CrossRef Link)
34 Lu, Y., Li, L., Peng, H., and Yang, Y., “A biometrics and smart cards-based authentication scheme for multi-server environments,” Security Comm. Networks, Vol. 8, pp. 3219–3228, 2015. Article (CrossRef Link)   DOI
35 Mishra, D. “Design and Analysis of a Provably Secure Multi-server Authentication Scheme,” Wireless Personal Communications, vol. 86, no. 3, pp. 1095-1119, 2016. Article (CrossRef Link)   DOI
36 Odelu, V., Das, A. K., & Goswami, A., “A Secure Biometrics-Based Multi-Server Authentication Protocol Using Smart Cards,” IEEE Transactions on Information Forensics and Security, vol. 10, no. 9, pp. 1953-1966, 2015. Article (CrossRef Link)   DOI
37 Pippal, R. S., Jaidhar, C. D., & Tapaswi, S. “Robust smart card authentication scheme for multi-server architecture,” Wireless Personal Communications, vol. 72, no. 1, pp. 729-745, 2013. Article (CrossRef Link)   DOI
38 Tsai, J. L., “Efficient multi-server authentication protocol based on one-way hash function without verification table,” Computers & Security, vol. 27, no. 3, pp. 115-121, 2008. Article (CrossRef Link)   DOI
39 Reddy, A. G., Das, A. K., Odelu, V., & Yoo, K. Y. “An Enhanced Biometric Based Authentication with Key-Agreement Protocol for Multi-Server Architecture Based on Elliptic Curve Cryptography,” PloS one, vol. 11, no. 5, e0154308, 2016. Article (CrossRef Link)   DOI
40 Sood, S. K., Sarje, A. K., & Singh, K., “A secure dynamic identity based authentication protocol for multi-server architecture,” Journal of Network and Computer Applications, vol. 34, no. 2, pp. 609-618, 2011. Article (CrossRef Link)   DOI
41 Wang, R. C., Juang, W. S., & Lei, C. L., “User authentication protocol with privacy-preservation for multi-server environment,” IEEE Communications Letters, vol. 13, no. 2, pp. 157-159, 2009. Article (CrossRef Link)   DOI
42 Xue, K., Hong, P., & Ma, C., “A lightweight dynamic pseudonym identity based authentication and key agreement protocol without verification tables for multi-server architecture,” Journal of Computer and System Sciences, vol. 80, no. 1, pp. 195-206, 2014. Article (CrossRef Link)   DOI
43 Yeh, K. H. “A provably secure multi-server based authentication scheme,” Wireless Personal Communications, vol. 79, no. 3, pp. 1621-1634, 2014. Article (CrossRef Link)   DOI
44 Yoon, E. J., & Yoo, K. Y., “Robust biometrics-based multi-server authentication with key agreement scheme for smart cards on elliptic curve cryptosystem,” The Journal of Supercomputing, vol. 63, no. 1, pp. 235-255, 2013. Article (CrossRef Link)   DOI
45 AVISPA. Automated Validation of Internet Security Protocols and Applications. Accessed on October 2015. Article (CrossRef Link)
46 Kamal, K., Ghany, A., Moneim, M. A., Ghali, N. I., Hassanien, A. E., & Hefny, H. A. “A Symmetric Bio-Hash Function Based On Fingerprint Minutiae and Principal Curves Approach,” 2011. Article (CrossRef Link)
47 Diffie, W., & Hellman, M. E. “New directions in cryptography,” Information Theory, IEEE Transactions on, vol. 22, no. 6, pp. 644-654, 1976. Article (CrossRef Link)   DOI
48 Paar, C., & Pelzl, J. “Understanding cryptography: a textbook for students and practitioners,” Springer Science & Business Media, 2009. Article (CrossRef Link)
49 Stinson, D. R. “Some observations on the theory of cryptographic hash functions,” Designs, Codes and Cryptography, vol. 38, no. 2, pp. 259–277, 2006. Article (CrossRef Link)   DOI
50 AVISPA. SPAN, the Security Protocol ANimator for AVISPA. Accessed on January 2016. Article (CrossRef Link)
51 Das, A. K., “A Secure and Efficient User Anonymity-Preserving Three-Factor Authentication Protocol for Large-Scale Distributed Wireless Sensor Networks,” Wireless Personal Communications, vol. 82, no. 3, pp. 1377-1404, 2015. Article (CrossRef Link)   DOI
52 Das, A. K., “A secure and robust temporal credential-based three-factor user authentication scheme for wireless sensor networks,” Peer-to-Peer Networking and Applications, vol. 9, no. 1, pp. 223-244, 2016. Article (CrossRef Link)   DOI
53 Von Oheimb, D., "The high-level protocol specification language HLPSL developed in the EU project AVISPA," in Proc. of APPSEM 2005 workshop, pp. 1-17, 2015.
54 Dolev, D., & Yao, A. C., “On the security of public key protocols,” IEEE Transactions on Information Theory, vol. 29, no. 2, pp. 198-208, 1983. Article (CrossRef Link)   DOI
55 Lv, C., Ma, M., Li, H., Ma, J., & Zhang, Y., “A novel three-party authenticated key exchange protocol using one-time key,” Journal of Network and Computer Applications, vol. 36, no. 1, pp. 498-503, 2013. Article (CrossRef Link)   DOI
56 Basin, D., Mödersheim, S., & Vigano, L., “OFMC: A symbolic model checker for security protocols,” International Journal of Information Security, vol. 4, no. 3, pp. 181-208, 2005. Article (CrossRef Link)   DOI