Abstract
Recently, Chuang et al. proposed a multi-server authenticated key agreement scheme based on trust computing using smart cards and biometrics. They claimed that their scheme can resist replay attacks, modification attack, off-line password guessing attack and insider attack. However, we demonstrated that their scheme is vulnerable to servers spoofing attack and cannot protect the user’s anonymity and the session key, even if the adversary only knows the information transmitting in the public channel. Furthermore, their scheme cannot resist user impersonation attack if the smart cards is stolen. To overcome these problems, we proposed a robust anonymous multi-server authenticated key agreement scheme. We show that our proposed scheme can provide stronger security than previous protocols and protect the user anonymity.
Similar content being viewed by others
References
Lamport, L. (1981). Password authentication with insecure communication. Communication of ACM, 24(11), 770–772.
Sun, H. M. (2000). An efficient remote user authentication scheme using smart cards. IEEE Transactions on Consumer Electronics, 46(4), 958–961.
Awashti, A. K., & Sunder, L. (2004). An enhanced remote user authentication scheme using smart cards. IEEE Transactions on on Consumer Electronics, 50(2), 583–586.
Khan, M. K. (2009). Fingerprint biometric-based self and deniable authentication schemes for the electronic world. IETE Technical Review, 26(3), 191–195.
Liao, Y. P., & Wang, S. S. (2009). A secure dynamic ID based remote user authentication scheme for multi-server environment. Computer Standards and Interfaces, 31(1), 24–29.
Li, X., Ma, J., Wang, W. D., Xiong, Y. P., & Zhang, J. S. (2013). A novel smart card and dynamic ID based remote user authentication scheme for multi-server environments. Mathematical and Computer Modelling, 58(1–2), 85–95.
Hsiang, H. C., & Shih, W. K. (2009). Improvement of the secure dynamic ID based remote user authentication scheme for multi-server environment. Computer Standards and Interfaces, 31(6), 1118–1123.
Lee, C. C., Lin, T. H., & Chang, R. X. (2011). A secure dynamic ID based remote user authentication scheme for multi-server environment using smart cards. Expert Systems with Applications, 38(11), 13863–13870.
Guo, D. L., & Wen, F. T. (2014). Analysis and improvement of a robust smart card based-authentication scheme for multi-server architecture. Wireless Personal Communications, 78(1), 475–490.
Wen, F. T., & Li, X. L. (2011). An improved dynamic ID-based remote user authentication with key agreement scheme. Computers and Electrical Engineering, 38(2), 381–387.
Wen, F. T., Susilo, W., & Yang, G. M. (2013). A robust smart card based anonymous user authentication protocol for wireless communications. Security and Communication Networks, 7(6), 987–993.
Sood, S. K., Sarje, A. K., & Singh, K. (2011). A secure dynamic identity based authentication protocol for multi-server architecture. Journal of Network and Computer Applications, 34(2), 609–618.
Li, X., Xiong, Y. P., Ma, J., & Wang, W. D. (2012). An efficient and security dynamic identity based authentication protocol for multi-server architecture using smart cards. Journal of Network and Computer Applications, 35(2), 763–769.
Xue, K. P., Hong, P. L., & Ma, C. S. (2014). A lightweight dynamic pseudonym identity based authentication and key agreement protocol without verification tables for multi-server architecture. Journal of Computer and System Sciences, 80(1), 195–206.
Khan, M. K., & Zhang, J. (2007). Improving the security of a flexible biometrics remote user authentication scheme. Computer Standards and Interfaces, 29(1), 82–85.
Kim, H. S., Lee, J. K., & Yoo, K. Y. (2003). ID-based password authentication scheme using smart cards and fingerprints. ACM SIGOPS Operating Systems Review, 37(4), 32–41.
Lee, J. K., Ryu, S. R., & Yoo, K. Y. (2002). Fingerprint-based remote user authentication scheme using smart cards. Electronics Letters, 38(12), 554–555.
Chuang, M. C., & Chen, M. C. (2014). An anonymous multi-server authenticated key agreement scheme based on trust computing using smart cards and biometrics. Expert Systems with Applications, 41(4), 1411–1418.
Kocher, P., Jaffe, J., & Jun, B. (1999). Differential power analysis. Advances in Cryptology—CRYPTO’99, 1666(16), 388–397.
Messerges, T. S., Dabbish, E. A., & Sloan, R. H. (2002). Examining smart-card security under the threat of power analysis attacks. IEEE Trans on Computers, 51(5), 541–552.
Li, C. T., & Hwang, M. S. (2010). An efficient biometrics-based remote user authentication scheme using smart cards. Journal of Network and Computer Applications, 33(1), 1–5.
Acknowledgments
The authors are grateful to the editor and anonymous reviewers for their valuable suggestions. This work is supported by Natural Science Foundation of Shandong Province (No. ZR2013FM009).
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Lin, H., Wen, F. & Du, C. An Improved Anonymous Multi-Server Authenticated Key Agreement Scheme Using Smart Cards and Biometrics. Wireless Pers Commun 84, 2351–2362 (2015). https://doi.org/10.1007/s11277-015-2708-4
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11277-015-2708-4