Skip to main content
SpringerLink
Log in

An Improved Anonymous Multi-Server Authenticated Key Agreement Scheme Using Smart Cards and Biometrics

  • Published:
Wireless Personal Communications Aims and scope Submit manuscript

Abstract

Recently, Chuang et al. proposed a multi-server authenticated key agreement scheme based on trust computing using smart cards and biometrics. They claimed that their scheme can resist replay attacks, modification attack, off-line password guessing attack and insider attack. However, we demonstrated that their scheme is vulnerable to servers spoofing attack and cannot protect the user’s anonymity and the session key, even if the adversary only knows the information transmitting in the public channel. Furthermore, their scheme cannot resist user impersonation attack if the smart cards is stolen. To overcome these problems, we proposed a robust anonymous multi-server authenticated key agreement scheme. We show that our proposed scheme can provide stronger security than previous protocols and protect the user anonymity.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2

Similar content being viewed by others

References

  1. Lamport, L. (1981). Password authentication with insecure communication. Communication of ACM, 24(11), 770–772.

    Article  MathSciNet  Google Scholar 

  2. Sun, H. M. (2000). An efficient remote user authentication scheme using smart cards. IEEE Transactions on Consumer Electronics, 46(4), 958–961.

    Article  Google Scholar 

  3. Awashti, A. K., & Sunder, L. (2004). An enhanced remote user authentication scheme using smart cards. IEEE Transactions on on Consumer Electronics, 50(2), 583–586.

    Article  Google Scholar 

  4. Khan, M. K. (2009). Fingerprint biometric-based self and deniable authentication schemes for the electronic world. IETE Technical Review, 26(3), 191–195.

    Article  Google Scholar 

  5. Liao, Y. P., & Wang, S. S. (2009). A secure dynamic ID based remote user authentication scheme for multi-server environment. Computer Standards and Interfaces, 31(1), 24–29.

    Article  Google Scholar 

  6. Li, X., Ma, J., Wang, W. D., Xiong, Y. P., & Zhang, J. S. (2013). A novel smart card and dynamic ID based remote user authentication scheme for multi-server environments. Mathematical and Computer Modelling, 58(1–2), 85–95.

    Article  Google Scholar 

  7. Hsiang, H. C., & Shih, W. K. (2009). Improvement of the secure dynamic ID based remote user authentication scheme for multi-server environment. Computer Standards and Interfaces, 31(6), 1118–1123.

    Article  Google Scholar 

  8. Lee, C. C., Lin, T. H., & Chang, R. X. (2011). A secure dynamic ID based remote user authentication scheme for multi-server environment using smart cards. Expert Systems with Applications, 38(11), 13863–13870.

    Google Scholar 

  9. Guo, D. L., & Wen, F. T. (2014). Analysis and improvement of a robust smart card based-authentication scheme for multi-server architecture. Wireless Personal Communications, 78(1), 475–490.

    Article  MathSciNet  Google Scholar 

  10. Wen, F. T., & Li, X. L. (2011). An improved dynamic ID-based remote user authentication with key agreement scheme. Computers and Electrical Engineering, 38(2), 381–387.

    Article  Google Scholar 

  11. Wen, F. T., Susilo, W., & Yang, G. M. (2013). A robust smart card based anonymous user authentication protocol for wireless communications. Security and Communication Networks, 7(6), 987–993.

    Article  Google Scholar 

  12. Sood, S. K., Sarje, A. K., & Singh, K. (2011). A secure dynamic identity based authentication protocol for multi-server architecture. Journal of Network and Computer Applications, 34(2), 609–618.

    Article  Google Scholar 

  13. Li, X., Xiong, Y. P., Ma, J., & Wang, W. D. (2012). An efficient and security dynamic identity based authentication protocol for multi-server architecture using smart cards. Journal of Network and Computer Applications, 35(2), 763–769.

    Article  Google Scholar 

  14. Xue, K. P., Hong, P. L., & Ma, C. S. (2014). A lightweight dynamic pseudonym identity based authentication and key agreement protocol without verification tables for multi-server architecture. Journal of Computer and System Sciences, 80(1), 195–206.

    Article  MATH  MathSciNet  Google Scholar 

  15. Khan, M. K., & Zhang, J. (2007). Improving the security of a flexible biometrics remote user authentication scheme. Computer Standards and Interfaces, 29(1), 82–85.

    Article  Google Scholar 

  16. Kim, H. S., Lee, J. K., & Yoo, K. Y. (2003). ID-based password authentication scheme using smart cards and fingerprints. ACM SIGOPS Operating Systems Review, 37(4), 32–41.

    Article  MathSciNet  Google Scholar 

  17. Lee, J. K., Ryu, S. R., & Yoo, K. Y. (2002). Fingerprint-based remote user authentication scheme using smart cards. Electronics Letters, 38(12), 554–555.

    Article  Google Scholar 

  18. Chuang, M. C., & Chen, M. C. (2014). An anonymous multi-server authenticated key agreement scheme based on trust computing using smart cards and biometrics. Expert Systems with Applications, 41(4), 1411–1418.

    Article  MathSciNet  Google Scholar 

  19. Kocher, P., Jaffe, J., & Jun, B. (1999). Differential power analysis. Advances in Cryptology—CRYPTO’99, 1666(16), 388–397.

    Google Scholar 

  20. Messerges, T. S., Dabbish, E. A., & Sloan, R. H. (2002). Examining smart-card security under the threat of power analysis attacks. IEEE Trans on Computers, 51(5), 541–552.

    Article  MathSciNet  Google Scholar 

  21. Li, C. T., & Hwang, M. S. (2010). An efficient biometrics-based remote user authentication scheme using smart cards. Journal of Network and Computer Applications, 33(1), 1–5.

    Article  Google Scholar 

Download references

Acknowledgments

The authors are grateful to the editor and anonymous reviewers for their valuable suggestions. This work is supported by Natural Science Foundation of Shandong Province (No. ZR2013FM009).

Author information

Authors and Affiliations

  1. School of Mathematical Science, University of Jinan, Jinan, 250022, China

    Hao Lin, Fengtong Wen & Chunxia Du

Authors
  1. Hao Lin
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Fengtong Wen
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Chunxia Du
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Fengtong Wen.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Lin, H., Wen, F. & Du, C. An Improved Anonymous Multi-Server Authenticated Key Agreement Scheme Using Smart Cards and Biometrics. Wireless Pers Commun 84, 2351–2362 (2015). https://doi.org/10.1007/s11277-015-2708-4

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11277-015-2708-4

Keywords

Search

Navigation