A Secure Biometrics-Based Multi-Server Authentication Protocol Using Smart Cards
Top Cited Papers
- 1 June 2015
- journal article
- Published by Institute of Electrical and Electronics Engineers (IEEE) in IEEE Transactions on Information Forensics and Security
- Vol. 10 (9), 1953-1966
- https://doi.org/10.1109/tifs.2015.2439964
Abstract
Recently, in 2014, He and Wang proposed a robust and efficient multi-server authentication scheme using biometrics-based smart card and elliptic curve cryptography (ECC). In this paper, we first analyze He-Wang's scheme and show that their scheme is vulnerable to a known session-specific temporary information attack and impersonation attack. In addition, we show that their scheme does not provide strong user's anonymity. Furthermore, He-Wang's scheme cannot provide the user revocation facility when the smart card is lost/stolen or user's authentication parameter is revealed. Apart from these, He-Wang's scheme has some design flaws, such as wrong password login and its consequences, and wrong password update during password change phase. We then propose a new secure multi-server authentication protocol using biometric-based smart card and ECC with more security functionalities. Using the Burrows-Abadi-Needham logic, we show that our scheme provides secure authentication. In addition, we simulate our scheme for the formal security verification using the widely accepted and used automated validation of Internet security protocols and applications tool, and show that our scheme is secure against passive and active attacks. Our scheme provides high security along with low communication cost, computational cost, and variety of security features. As a result, our scheme is very suitable for battery-limited mobile devices as compared with He-Wang's scheme.Keywords
This publication has 41 references indexed in Scilit:
- A Novel Serial Multimodal Biometrics Framework Based on Semisupervised Learning TechniquesIEEE Transactions on Information Forensics and Security, 2014
- Privacy-preserving speech processing: cryptographic and string-matching frameworks show promiseIEEE Signal Processing Magazine, 2013
- A Framework for Analyzing Template Security and Privacy in Biometric Authentication SystemsIEEE Transactions on Information Forensics and Security, 2012
- Analysis and improvement on an efficient biometric-based remote user authentication scheme using smart cardsIET Information Security, 2011
- A Simple and Generic Construction of Authenticated Encryption with Associated DataACM Transactions on Information and System Security, 2010
- Soft Biometric Traits for Continuous User AuthenticationIEEE Transactions on Information Forensics and Security, 2010
- Some Observations on the Theory of Cryptographic Hash FunctionsDesigns, Codes and Cryptography, 2006
- An Introduction to Biometric RecognitionIEEE Transactions on Circuits and Systems for Video Technology, 2004
- Examining smart-card security under the threat of power analysis attacksInternational Conference on Acoustics, Speech, and Signal Processing (ICASSP), 2002
- Differential Power AnalysisLecture Notes in Computer Science, 1999