Cryptanalysis of biometric-based multi-server authentication scheme using smart card

2015 11th International Conference on Heterogeneous Networking for Quality, Reliability, Security and Robustness (QSHINE) Pub Date : 2015-11-23 DOI:10.4108/EAI.19-8-2015.2260660

Jongho Mun, Jiye Kim, Donghoon Lee, Dongho Won

{"title":"Cryptanalysis of biometric-based multi-server authentication scheme using smart card","authors":"Jongho Mun, Jiye Kim, Donghoon Lee, Dongho Won","doi":"10.4108/EAI.19-8-2015.2260660","DOIUrl":null,"url":null,"abstract":"Remote user authentication scheme is one of the most convenient authentication schemes to deal with secret data via insecure communication channel. During the last couple of decades, many researchers have proposed a remote user authentication schemes which are ID-based, password-based, and smart card-based. Above all, smart card-based remote user authentication schemes for multi-server environment are a widely used and researched method. One of the benefits of smart card-based authentication scheme is that a server does not have to keep a verifier table. Furthermore, remote user authentication scheme for multi-server environment has resolved the problem of users to manage the different identities and passwords. In 2015, Baruah et al. improved Mishra et al.'s scheme, and claimed that their scheme is more secure and practical remote user authentication scheme. However, we find that Baruah et al.'s scheme is still insecure. In this paper, we demonstrate that their scheme is vulnerable to outsider attack, smart card stolen attack, user impersonation attack and replay attack.","PeriodicalId":152628,"journal":{"name":"2015 11th International Conference on Heterogeneous Networking for Quality, Reliability, Security and Robustness (QSHINE)","volume":"80 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2015-11-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2015 11th International Conference on Heterogeneous Networking for Quality, Reliability, Security and Robustness (QSHINE)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.4108/EAI.19-8-2015.2260660","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 1

Abstract

Remote user authentication scheme is one of the most convenient authentication schemes to deal with secret data via insecure communication channel. During the last couple of decades, many researchers have proposed a remote user authentication schemes which are ID-based, password-based, and smart card-based. Above all, smart card-based remote user authentication schemes for multi-server environment are a widely used and researched method. One of the benefits of smart card-based authentication scheme is that a server does not have to keep a verifier table. Furthermore, remote user authentication scheme for multi-server environment has resolved the problem of users to manage the different identities and passwords. In 2015, Baruah et al. improved Mishra et al.'s scheme, and claimed that their scheme is more secure and practical remote user authentication scheme. However, we find that Baruah et al.'s scheme is still insecure. In this paper, we demonstrate that their scheme is vulnerable to outsider attack, smart card stolen attack, user impersonation attack and replay attack.

查看原文本刊更多论文

基于智能卡的生物特征多服务器认证方案的密码分析

远程用户认证方案是一种方便的通过不安全通信通道处理机密数据的认证方案。在过去的几十年里，许多研究者提出了基于id、基于密码和基于智能卡的远程用户认证方案。其中，基于智能卡的多服务器环境下的远程用户认证方案是一种被广泛应用和研究的方法。基于智能卡的身份验证方案的好处之一是服务器不必保留验证者表。此外，多服务器环境下的远程用户认证方案解决了用户管理不同身份和密码的问题。2015年，Baruah等人对Mishra等人的方案进行了改进，并声称他们的方案是更安全实用的远程用户认证方案。然而，我们发现Baruah等人的方案仍然是不安全的。在本文中，我们证明了他们的方案容易受到外部攻击，智能卡窃取攻击，用户冒充攻击和重放攻击。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2015 11th International Conference on Heterogeneous Networking for Quality, Reliability, Security and Robustness (QSHINE)

自引率

0.00%

发文量