Cryptanalysis and improvement of a biometrics-based multi-server authentication with key agreement scheme

Authors:
Hakhyun Kim;Woongryul Jeon;Kwangwoo Lee;Yunho Lee;Dongho Won
Affiliations:
Information Security Group, School of Information and Communication Engineering, Sungkyunkwan University, Suwon, Gyeonggi-do, Korea;Information Security Group, School of Information and Communication Engineering, Sungkyunkwan University, Suwon, Gyeonggi-do, Korea;Information Security Group, School of Information and Communication Engineering, Sungkyunkwan University, Suwon, Gyeonggi-do, Korea;Department of Cyber Security & Police, Gwangju University, Gwangju-si, Korea;Information Security Group, School of Information and Communication Engineering, Sungkyunkwan University, Suwon, Gyeonggi-do, Korea
Venue:
ICCSA'12 Proceedings of the 12th international conference on Computational Science and Its Applications - Volume Part III
Year:
2012

Citing 19
Cited 0

Password authentication with insecure communication

Communications of the ACM
An Efficient and Secure Multi-Server Password Authentication Scheme using Smart Cards

CW '04 Proceedings of the 2004 International Conference on Cyberworlds
An Efficient Multi-Server Password Authenticated Key Agreement Scheme Using Smart Cards with Access Control

AINA '05 Proceedings of the 19th International Conference on Advanced Information Networking and Applications - Volume 2
A secure biometric authentication scheme based on robust hashing

MM&Sec '05 Proceedings of the 7th workshop on Multimedia and security
An Efficient Multi-server Password Authenticated Key Agreement Scheme Using Smart Cards

MUE '07 Proceedings of the 2007 International Conference on Multimedia and Ubiquitous Engineering
Activity Completion Duration Based Checkpoint Selection for Dynamic Verification of Temporal Constraints in Grid Workflow Systems

International Journal of High Performance Computing Applications
A Dynamic ID-Based User Authentication and Key Agreement Scheme for Multi-Server Environment Using Bilinear Pairings

PEITS '08 Proceedings of the 2008 Workshop on Power Electronics and Intelligent Transportation System
A secure dynamic ID based remote user authentication scheme for multi-server environment

Computer Standards & Interfaces
An Efficient Multi-server Password Authenticated Key Agreement Scheme Revisited

ICCIT '08 Proceedings of the 2008 Third International Conference on Convergence and Hybrid Information Technology - Volume 02
Security Weaknesses in Chang and Wu's Key Agreement Protocol for a Multi-Server Environment

ICEBE '08 Proceedings of the 2008 IEEE International Conference on e-Business Engineering
Robust and Simple Multi-server Authentication Protocol without Verification Table

HIS '09 Proceedings of the 2009 Ninth International Conference on Hybrid Intelligent Systems - Volume 03
Trust-based robust scheduling and runtime adaptation of scientific workflow

Concurrency and Computation: Practice & Experience - Special Issue: 3rd International Workshop on Workflow Management and Applications in Grid Environments (WaGe2008)
Robust Multi-Server Authentication Scheme

NPC '09 Proceedings of the 2009 Sixth IFIP International Conference on Network and Parallel Computing
Temporal dependency-based checkpoint selection for dynamic verification of temporal constraints in scientific workflow systems

ACM Transactions on Software Engineering and Methodology (TOSEM)
Security analysis and implementation leveraging globally networked RFIDs

PWC'06 Proceedings of the 11th IFIP TC6 international conference on Personal Wireless Communications
Secure group communications over combined wired and wireless networks

TrustBus'05 Proceedings of the Second international conference on Trust, Privacy, and Security in Digital Business
Cryptanalysis of a modified remote user authentication scheme using smart cards

IEEE Transactions on Consumer Electronics
Efficient multi-server password authenticated key agreement using smart cards

IEEE Transactions on Consumer Electronics
A remote password authentication scheme for multiserver architecture using neural networks

IEEE Transactions on Neural Networks

Quantified Score

Hi-index	0.00

Visualization

Abstract

In 1981, Lamport proposed a password authentication scheme to provide authentication between single user and single remote server. In a smart card based password authentication scheme, the smart card takes password as input, makes a login message and sends it to the server. Many smart card based password authentication schemes with a single server have already been constructed. However it is impossible to apply the authentication methods in single server environment to multi-server environment. Therefore, some smart card based password authentication schemes for the multi-server environment are proposed. In 2010, Yoon et al. proposed a robust biometrics-based multi-server authentication with key agreement scheme for smart cards on elliptic curve cryptosystem. In this paper, however, we show that scheme of Yoon et al. is vulnerable to off-line password guessing attack and propose an improved scheme to prevent the attack.