Skip to main content
SpringerLink
Log in
Book cover

International Conference on Computational Science and Its Applications

ICCSA 2012: Computational Science and Its Applications – ICCSA 2012 pp 391–406Cite as

Cryptanalysis and Improvement of a Biometrics-Based Multi-server Authentication with Key Agreement Scheme

  • Conference paper

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 7335))

Abstract

In 1981, Lamport proposed a password authentication scheme to provide authentication between single user and single remote server. In a smart card based password authentication scheme, the smart card takes password as input, makes a login message and sends it to the server. Many smart card based password authentication schemes with a single server have already been constructed. However it is impossible to apply the authentication methods in single server environment to multi-server environment. Therefore, some smart card based password authentication schemes for the multi-server environment are proposed. In 2010, Yoon et al. proposed a robust biometrics-based multi-server authentication with key agreement scheme for smart cards on elliptic curve cryptosystem. In this paper, however, we show that scheme of Yoon et al. is vulnerable to off-line password guessing attack and propose an improved scheme to prevent the attack.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Lamport, L.: Password authentication with insecure communication. Communication of ACM 24, 28–30 (1981)

    Article  Google Scholar 

  2. Yoon, E.J., Yoo, K.Y.: Robust biometrics-based multi-server authentication with key agreement scheme for smart cards on elliptic curve cryptosystem. Journal of Supercomputing (2010), doi:10.1007/s11227-010-0512-1

    Google Scholar 

  3. Sutcu, Y., Sencar, T., Memon, N.: A secure biometric authentication scheme based on robust hashing. In: ACM MMSEC Workshop, pp. 111–116 (2005)

    Google Scholar 

  4. Leung, K.C., Cheng, L.M., Fong, A.S., Chang, C.K.: Cryptanalysis of a modified remote user authentication scheme using smart cards. IEEE Trans. Consum. Electron 49(4), 1243–1245 (2003)

    Article  Google Scholar 

  5. Li, L., Lin, I., Hwang, M.: A remote password authentication scheme for multi-server architecture using neural networks. IEEE Trans. Neural Netw. 12(6), 1498–1504 (2001)

    Article  Google Scholar 

  6. Fan, L., Xu, C.X., Li, J.H.: User authentication scheme using smart cards for multi-server environments. Chinese Journal of Electronics 13(1), 179–181 (2004)

    Google Scholar 

  7. Hwang, R.-J., Shiau, S.-H.: Password authenticated key agreement protocol for multi-servers architecture In: International Conference on Wireless Networks Communications and Mobile Computing, pp. 279–284 (2005)

    Google Scholar 

  8. Chang, C.-C., Kuo, J.-Y.: An efficient multi-server password authenticated key agreement scheme using smart cards with access control. In: Proceedings of the 19th International Conference on Advanced Information Networking and Applications (AINA 2005), vol. 2, pp. 257–260 (2005)

    Google Scholar 

  9. Cao, Z.-F., Sun, D.-Z.: Cryptanalysis and improvement of user authentication scheme using smart cards for multi-server environments. In: Proceedings of the Fifth International Conference on Machine Learning and Cybernetics, pp. 2818–2822 (2006)

    Google Scholar 

  10. Hu, L., Niu, X., Yang, Y.: An efficient multi-server password authenticated key agreement scheme using smart cards. In: International Conference on Multimedia and Ubiquitous Engineering (MUE 2007), pp. 903–907 (2007)

    Google Scholar 

  11. Lee, Y., Won, D.: Security weaknesses in Chang and Wu’s key agreement protocol for a multi-server environment. In: IEEE International Conference on e-Business Engineering, pp. 304–308 (2008)

    Google Scholar 

  12. Geng, J., Zhang, L.: A dynamic ID-based user authentication and key agreement scheme for multi-server environment using bilinear pairings. In: Workshop on Power Electronics and Intelligent Transportation System, pp. 33–37 (2008)

    Google Scholar 

  13. Lim, M.-H., Lee, S., Lee, H.: An efficient multi-server password authenticated key agreement scheme revisited. In: Third International Conference on Convergence and Hybrid Information Technology, pp. 396–400 (2008)

    Google Scholar 

  14. Liao, Y.-P., Wang, S.-S.: A secure dynamic ID based remote user authentication scheme for multi-server environment. Computer Standards & Interfaces 31, 24–29 (2009)

    Article  Google Scholar 

  15. Chen, Y., Huang, C.-H., Chou, J.-S.: A novel multi-server authentication protocol. Cryptology ePrint Archive (2009), http://eprint.iacr.org/2009/176

  16. Zhu, H., Liu, T., Liu, J.: Robust and simple multi-server authentication protocol without verification. In: Ninth International Conference on Hybrid Intelligent Systems, pp. 51–56 (2009)

    Google Scholar 

  17. Yoon, E.-J., Yoo, K.-Y.: Robust multi-server authentication scheme, In. In: Sixth IFIP International Conference on Network and Parallel Computing, pp. 197–203 (2009)

    Google Scholar 

  18. Tsaur, W.J., Wu, C.C., Lee, W.B.: A smart card-based remote scheme for password authentication in multi-server Internet services. Computer Standards & Interfaces 27, 39–51 (2004)

    Article  Google Scholar 

  19. Juang, W.-S.: Efficient multi-server password authenticated key agreement using smart cards. IEEE Transactions on Consumer Electronics 50(1), 251–255 (2004)

    Article  Google Scholar 

  20. Chang, C.C., Lee, J.S.: An efficient and secure multi-server password authentication scheme using smart cards. In: International Conference on Cyber worlds (CW 2004), pp. 417–422 (2004)

    Google Scholar 

  21. Lee, J.H., Lee, D.H.: Efficient and secure remote authenticated key agreement scheme for multi-server using mobile equipment. In: Proceedings of International Conference on Consumer Electronics, pp. 1–2 (2008)

    Google Scholar 

  22. Tsai, J.L.: Efficient multi-server authentication scheme based on one-way hash function without verification table. Computers & Security 27(3-4), 115–121 (2008)

    Article  Google Scholar 

  23. Chen, J., Yang, Y.: Temporal dependency based checkpoint selection for dynamic verification of temporal constraints in scientific workflow systems. ACM Trans. Softw. Eng. Methodol (June 17, 2009), http://www.swinflow.org/papers/TOSEM.pdf (in press, accepted)

  24. Wang, M., Kotagiri, R., Chen, J.: Trust-based robust scheduling and runtime adaptation of scientific workflow. Concurr. Comput. Pract. Exp. 21(16), 1982–1998 (2009)

    Article  Google Scholar 

  25. Chen, J., Yang, Y.: Activity completion duration based checkpoint selection for dynamic verification of temporal constraints in grid workflow systems. Int. J. High Perform Comput. Appl. 22(3), 319–329 (2008)

    Article  Google Scholar 

  26. Nam, J., Kim, S., Won, D.H.: Secure Group Communications over Combined Wired and Wireless Networks. In: Katsikas, S.K., López, J., Pernul, G. (eds.) TrustBus 2005. LNCS, vol. 3592, pp. 90–99. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  27. Lee, K., Won, D., Kim, S.: A Secure and Efficient E-Will System Based on PKI. Information - An International Interdisciplinary Journal, International Information Institute 14(7), 2187–2206 (2011)

    MathSciNet  Google Scholar 

  28. Park, N., Kim, S., Won, D.H., Kim, H.W.: Security Analysis and Implementation Leveraging Globally Networked RFIDs. In: Cuenca, P., Orozco-Barbosa, L. (eds.) PWC 2006. LNCS, vol. 4217, pp. 494–505. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Information Security Group, School of Information and Communication Engineering, Sungkyunkwan University, 300 Cheoncheon-dong, Jangan-gu, Suwon, Gyeonggi-do, 440-746, Korea

    Hakhyun Kim, Woongryul Jeon, Kwangwoo Lee & Dongho Won

  2. Department of Cyber Security & Police, Gwangju University, 52 Hyoduk-ro, Nam-gu, Gwangju-si, 503-703, Korea

    Yunho Lee

Authors
  1. Hakhyun Kim
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Woongryul Jeon
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Kwangwoo Lee
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Yunho Lee
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Dongho Won
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Laboratory of Urban and Territorial Systems, University of Basilicata, 10, Viale dell’Ateneo Lucano, 85100, Potenza, Italy

    Beniamino Murgante

  2. Department of Mathematics and Computer Science, University of Perugia, Via Vanvitelli 1, 06123, Perugia, Italy

    Osvaldo Gervasi

  3. Department of Cyber Security Science, Federal University of Technology, Gidan Kwano Campus, Minna, Nigeria

    Sanjay Misra

  4. Faculty of Engineering, Department of Electronics Engineering and Telecommunications, State University of Rio de Janeiro, Rua Sao Francisco Xavier, 524, 50. andar, sala 5145-F, Maracana, 20.550-013, Rio de Janeiro, RJ, Brazil

    Nadia Nedjah

  5. Department of Production and Systems, University of Minho, Campus de Gualtar, 4710-057, Braga, Portugal

    Ana Maria A. C. Rocha

  6. School of Business Systems, Monash University, 3800, Clayton, VIC, Australia

    David Taniar

  7. Department of Intelligent Informatics, Kyushu Sangyo University, 2-3-1 Matsukadai, Higashi-ku, 813-8503, Fukuoka, Japan

    Bernady O. Apduhan

Rights and permissions

Reprints and permissions

Copyright information

© 2012 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Kim, H., Jeon, W., Lee, K., Lee, Y., Won, D. (2012). Cryptanalysis and Improvement of a Biometrics-Based Multi-server Authentication with Key Agreement Scheme. In: Murgante, B., et al. Computational Science and Its Applications – ICCSA 2012. ICCSA 2012. Lecture Notes in Computer Science, vol 7335. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-31137-6_30

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-31137-6_30

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-31136-9

  • Online ISBN: 978-3-642-31137-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation