Anonymous biometrics-based authentication scheme with key distribution for mobile multi-server environment

Feng, Qi; He, Debiao; Zeadally, Sherali; Wang, Huaqun

doi:10.1016/j.future.2017.07.040

Cited by 70 publications

(42 citation statements)

References 22 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…By analyzing some of the related memory-based authentication schemes [15][16][17][18], we found that a trend in password updating operations was to carry out this operation without help from a server. However, in Lin et al's scheme, when a client wants to update his password, he must log in and establish a session key with the server even when the client does not want to access any of the server's services.…”

Section: Inefficiency Of Password Updatingmentioning

confidence: 99%

A Robust Mutual Authentication with a Key Agreement Scheme for Session Initiation Protocol

et al. 2018

View full text Add to dashboard Cite

Session initiation protocol (SIP) is the most widely used application layer control protocol for creating, modifying, and terminating session processes. Many authentication schemes have been proposed for SIP aimed at providing secure communication. Recently, a new authentication and key agreement scheme for SIP has been proposed, and it was claimed that it could resist a variety of attacks. However, in this paper, we show that this scheme is vulnerable to an offline password guessing attack and a stolen memory device attack. Furthermore, we show that it lacks the verification mechanism for a wrong password, and that the password updating process is not efficient. To mitigate the flaws and inefficiencies of this scheme, we design a new robust mutual authentication with a key agreement scheme for SIP. A security analysis revealed that our proposed scheme was robust to several kinds of attacks. In addition, the proposed scheme was simulated by the automatic cryptographic protocol tool ProVerif. A performance analysis showed that our proposed scheme was superior to other related schemes.Transport Protocol (RTP), Resource Reservation Protocol (RSVP), and so on. Therefore, since many parts of the infrastructure are in place or ready for use, there is no need to introduce new services to support the SIP infrastructure.Although users enjoy the services provided by SIP, security has emerged as a major issue because the transmitted data usually contains people's sensitive and private information. To guarantee a secure communication in SIP, a secure authentication with a key agreement scheme should be executed before the communication begins. For this reason, many related schemes for SIP have been proposed [1][2][3][4][5][6][7][8][9][10][11] in the past few years.In 2014, Zhang et al. [1] proposed a flexible smart card based authentication scheme for SIP and claimed that it has strong security. However, Irshad et al. [2] pointed out that Zhang et al.'s scheme is vulnerable to a DOS attack, and that it could become more secure by adding a few modifications. They then proposed an improved SIP scheme [2]. Unfortunately, Arshad et al. [3] later found that the scheme of Irshad et al. cannot resist a user impersonation attack. To overcome this weakness, Arshad et al. proposed a new efficient and secure scheme based on ECC [3]. Very recently, Lin et al. [4]demonstrated that the scheme of Arshad et al. is vulnerable to a server spoofing attack, a DOS attack, a privilege insider attack, and that it cannot achieve user anonymity. To mitigate these weaknesses, they proposed a new scheme for SIP using ECC.In this paper, we analyze the security of Lin et al.'s anonymous authentication and key agreement SIP scheme. We show that their scheme cannot withstand an offline password guessing attack nor a stolen memory device attack. Furthermore, Lin et al.'s scheme lacks a verification mechanism for a wrong password and the password updating process is not efficient. To overcome these flaws and inefficiencies, we propose a robust mutual authen...

show abstract

Section: Inefficiency Of Password Updatingmentioning

confidence: 99%

A Robust Mutual Authentication with a Key Agreement Scheme for Session Initiation Protocol

et al. 2018

View full text Add to dashboard Cite

show abstract

“…In 2017, Kumari et al [25] proposed a biometric-based multi-cloud-server authentication scheme using ECC and bio-hash function. However, Feng et al [26] demonstrated that Kumari et al 's scheme suffers from server impersonation attack and introduced an enhanced scheme. Unfortunately, we found Feng et al 's scheme fails to achieve three-factor secrecy and suffers from known session-specific temporary information attack.…”

Section: Introductionmentioning

confidence: 99%

“…Either the existing three-factor multiserver authentication schemes [18][19][20][21][22][23][24][25][26][27][28][29][30] have more or less vulnerabilities, or their communication and computation costs need to be improved. This moves us to design a secure three-factor multiserver authentication scheme with higher efficiency.…”

Section: Introductionmentioning

confidence: 99%

A Provably Secure Biometrics-Based Authentication Scheme for Multiserver Environment

Wang

et al. 2019

Security and Communication Networks

View full text Add to dashboard Cite

With the rapid development of mobile services, multiserver authentication protocol with its high efficiency has emerged as an indispensable security mechanism for mobile services. Recently, Ali et al. introduced a biometric-based multiserver authentication scheme and claimed the scheme is resistant to various attacks. However, after a careful examination, we find that Ali et al.’s scheme is vulnerable to various security attacks, such as user impersonation attack, server impersonation attack, privileged insider attack, denial of service attack, fails to provide forward secrecy and three-factor secrecy. To overcome these weaknesses, we propose an improved biometric-based multiserver authentication scheme using elliptic curve cryptosystem. Formal security analysis under the random oracle model proves that our scheme is provably secure. Furthermore, BAN (Burrows-Abadi-Needham) logic analysis demonstrates our scheme achieves mutual authentication and session key agreement. In addition, the informal analysis proves that our scheme is secure against all current known attacks and achieves desirable features. Besides, the performance and security comparison shows that our scheme is superior to related schemes.

show abstract

“…However, the security and privacy issues in WBANs are very serious and worthy of paid close attention. It is well known that private personal health information is very sensitive, which may cause serious problems such as family conflicts, corporate crisis, and even state instability [6]. The health data are sent to AP through insecure communication channel and suffered from intercepting, eavesdropping, modification, and other attacks with little problem.…”

Section: Introductionmentioning

confidence: 99%

CasCP: Efficient and Secure Certificateless Authentication Scheme for Wireless Body Area Networks with Conditional Privacy-Preserving

Xie

Zhang

et al. 2019

Security and Communication Networks

View full text Add to dashboard Cite

As the aging population of society continues to intensify, the series of problems brought about by aging is becoming more and more serious. Because the health problem of the elderly brings many social problems, people have paid close attention to it. Fortunately, as a typical smart healthcare system, wireless body area networks (WBANs) present quit nice medical care for people, especially the aged. However, personal health information is very sensitive. But, the common communication channel is used in WBANs and any malicious entity can initiate a security attack on WBANs. To ensure secure communication and privacy-preserving which are the premise of the sound development of WBANs, an improved and efficient certificateless authentication scheme with conditional privacy-preserving is proposed in this paper on the basis of analyzing the most recent presented certificateless authentication scheme for WBANs. The proposed scheme also provides batch authentication to decrease authentication and communication cost. A rigid security proof demonstrates that our proposed scheme resists every type of security attack and can provide condition privacy-preserving. The performance analysis shows that our proposed scheme has some advantages in computation and communication cost.

show abstract

Anonymous biometrics-based authentication scheme with key distribution for mobile multi-server environment

Cited by 70 publications

References 22 publications

A Robust Mutual Authentication with a Key Agreement Scheme for Session Initiation Protocol

A Robust Mutual Authentication with a Key Agreement Scheme for Session Initiation Protocol

A Provably Secure Biometrics-Based Authentication Scheme for Multiserver Environment

CasCP: Efficient and Secure Certificateless Authentication Scheme for Wireless Body Area Networks with Conditional Privacy-Preserving

Contact Info

Product

Resources

About