{"title":"多服务器环境下四种具有隐私保护的生物特征认证方案的密码分析及设计指南","authors":"Yun-Hsin Chuang, C. Lei, Hung-Jr Shiu","doi":"10.1109/AsiaJCIS50894.2020.00022","DOIUrl":null,"url":null,"abstract":"With the growing demand of user privacy preserving, there is an urgent requirement for designing a secure remote user authentication and key agreement (AKA) scheme with user privacy preserving. We survey and discuss present three-factor based remote user AKA schemes with user privacy preserving for multi-server environment, and we find that four of them have security defects. We will demonstrate that Ali-Pal scheme is vulnerable to malignant server attack and user untraceability attack, Chandrakar and Om’s schemes are vulnerable to insider attacks, and Choi et al.’s scheme does not achieve user anonymity. We then analyze the relevant schemes to propose the guidelines for designing a secure AKA scheme with user privacy preserving for multi-server environment. This paper is helpful for designing a better AKA scheme.","PeriodicalId":247481,"journal":{"name":"2020 15th Asia Joint Conference on Information Security (AsiaJCIS)","volume":"47 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2020-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"7","resultStr":"{\"title\":\"Cryptanalysis of Four Biometric Based Authentication Schemes with Privacy-preserving for Multi-server Environment and Design Guidelines\",\"authors\":\"Yun-Hsin Chuang, C. Lei, Hung-Jr Shiu\",\"doi\":\"10.1109/AsiaJCIS50894.2020.00022\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"With the growing demand of user privacy preserving, there is an urgent requirement for designing a secure remote user authentication and key agreement (AKA) scheme with user privacy preserving. We survey and discuss present three-factor based remote user AKA schemes with user privacy preserving for multi-server environment, and we find that four of them have security defects. We will demonstrate that Ali-Pal scheme is vulnerable to malignant server attack and user untraceability attack, Chandrakar and Om’s schemes are vulnerable to insider attacks, and Choi et al.’s scheme does not achieve user anonymity. We then analyze the relevant schemes to propose the guidelines for designing a secure AKA scheme with user privacy preserving for multi-server environment. This paper is helpful for designing a better AKA scheme.\",\"PeriodicalId\":247481,\"journal\":{\"name\":\"2020 15th Asia Joint Conference on Information Security (AsiaJCIS)\",\"volume\":\"47 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2020-08-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"7\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2020 15th Asia Joint Conference on Information Security (AsiaJCIS)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/AsiaJCIS50894.2020.00022\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2020 15th Asia Joint Conference on Information Security (AsiaJCIS)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/AsiaJCIS50894.2020.00022","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Cryptanalysis of Four Biometric Based Authentication Schemes with Privacy-preserving for Multi-server Environment and Design Guidelines
With the growing demand of user privacy preserving, there is an urgent requirement for designing a secure remote user authentication and key agreement (AKA) scheme with user privacy preserving. We survey and discuss present three-factor based remote user AKA schemes with user privacy preserving for multi-server environment, and we find that four of them have security defects. We will demonstrate that Ali-Pal scheme is vulnerable to malignant server attack and user untraceability attack, Chandrakar and Om’s schemes are vulnerable to insider attacks, and Choi et al.’s scheme does not achieve user anonymity. We then analyze the relevant schemes to propose the guidelines for designing a secure AKA scheme with user privacy preserving for multi-server environment. This paper is helpful for designing a better AKA scheme.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
