Cryptanalysis and Improvement of a Biometrics-Based Multi-server Authentication with Key Agreement Scheme

Kim, Hakhyun; Jeon, Woongryul; Lee, Kwangwoo; Lee, Yunho; Won, Dongho

doi:10.1007/978-3-642-31137-6_30

Cited by 43 publications

(42 citation statements)

References 21 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In Table 2, we provided the computation cost comparison. It is noticeable that the proposed scheme takes less computation cost than the scheme in [27], but takes more cost than the schemes in [21,28,53]. Note that the schemes in [21,28,53] suffer from security weaknesses whereas the scheme in [27] is secure, thus, the proposed scheme is relatively efficient in terms of computation cost than others.…”

Section: Performance Evaluationmentioning

confidence: 81%

“…As discussed in Section "TMIS architecture and discussion", the proposed scheme is related to multi-server environment, where the patient can exchange medical information with the doctor(s) via central medical server (CMS). For this reason, we measured and compared the performance of the schemes in [21,27,28,53] and the proposed scheme. It is worth to note that the security is the most important issue in cryptographic scheme i.e., the scheme should be free from security attacks with reasonable complexities cost such as computation and communication cost as well as smart card storage cost.…”

Section: Performance Evaluationmentioning

confidence: 99%

“…1). The articles [21,28] demonstrated that the scheme in [53] has several security weaknesses and the article [42] showed that the scheme in [21] has several security weaknesses such as known session-specific temporary information attack, impersonation attack, draw backs in password change phase and no provision for revocation and re-registration. According to [21], the scheme in [53] cannot withstand the insider attack, user impersonation attack and cannot achieve user anonymity.…”

Section: Performance Evaluationmentioning

confidence: 99%

See 2 more Smart Citations

An Efficient and Practical Smart Card Based Anonymity Preserving User Authentication Scheme for TMIS using Elliptic Curve Cryptography

et al. 2015

View full text Add to dashboard Cite

In the last few years, numerous remote user authentication and session key agreement schemes have been put forwarded for Telecare Medical Information System, where the patient and medical server exchange medical information using Internet. We have found that most of the schemes are not usable for practical applications due to known security weaknesses. It is also worth to note that unrestricted number of patients login to the single medical server across the globe. Therefore, the computation and maintenance overhead would be high and the server may fail to provide services. In this article, we have designed a medical system architecture and a standard mutual authentication scheme for single medical server, where the patient can securely exchange medical data with the doctor(s) via trusted central medical server over any insecure network. We then explored the security of the scheme with its resilience to attacks. Moreover, we formally validated the proposed scheme through the simulation using Automated Validation of Internet Security Schemes and Applications software whose outcomes confirm that the scheme is protected against active and passive attacks. The performance comparison demonstrated that the proposed scheme has lower communication cost than the existing schemes in literature. In addition, the computation cost of the proposed scheme is nearly equal to the exiting schemes. The proposed scheme not only efficient in terms of different security attacks, but it also provides an efficient login, mutual authentication, session key agreement and verification and password update phases along with password recovery.

show abstract

Section: Performance Evaluationmentioning

confidence: 81%

Section: Performance Evaluationmentioning

confidence: 99%

Section: Performance Evaluationmentioning

confidence: 99%

See 1 more Smart Citation

An Efficient and Practical Smart Card Based Anonymity Preserving User Authentication Scheme for TMIS using Elliptic Curve Cryptography

et al. 2015

View full text Add to dashboard Cite

show abstract

“…In Section II-A, the upsides and downsides of these frameworks are clarified and the utilization of biometrics is proposed as an option. Biometrics have as of now been joined in remote confirmation (see [3], [4], [5]) however just as secret word substitution in shrewd cards. Keeping in mind the end goal to research their full probability, biometrics can be fused in cross breed cryptosteganographic plans.…”

Section: International Journal Of Advance Engineering and Research Dementioning

confidence: 99%

Implementation of Remote Authentication via Biometrics: A Robust Video-Object Steganographic Mechanism Over Wireless Networks

2017

IJAERD

View full text Add to dashboard Cite

-In remote interchanges touchy data is as often as possible traded, requiring remote validation. Remote verification includes the accommodation of encoded data, alongside visual and sound signs (facial pictures/recordings, human voice and so on.). All things considered, Trojan Horse and different assaults can bring about major issues, particularly in instances of remote examinations (in remote contemplating) or meeting (for work force contracting). This paper proposes a powerful verification component in view of semantic division, disorderly encryption and information covering up. Expecting that client X needs to be remotely verified, at first X's video object (VO) is consequently fragmented, utilizing a head and-body identifier. Next, one of X's biometric signs is scrambled by a disorderly figure. A short time later the encoded flag is embedded to the most critical wavelet coefficients of the VO, using its Qualified Significant Wavelet Trees (QSWTs). QSWTs provide both invisibility and significant resistance against lossy transmission and compression, conditions that are typical in wireless networks .Finally, the Inverse Discrete Wavelet Transform (IDWT) is connected to give the stego-object (SO). Test comes about, in regards to

show abstract

“…Recently, Li et al [34] found some security weaknesses of Das [31] and Lee et al [35], such as session-key agreement and key-impersonation attacks using biometric-based user authentication schemes. As a consequence, none of the existing authentication schemes [9][10][11][12][28][29][30][31][32][33][34][35][36][37][38][39][40][41][42] fulfill the security properties of the AKA protocol and resist most of the potential attacks, such as password guessing, key impersonation, and so on, in the multimedia client-server environment. Most recently, Deebak et al [36] presented a secure key AKA protocol scheme to satisfy the promising feature of the 3GPP AKA protocol using IP multimedia server-client systems.…”

Section: Related Workmentioning

confidence: 99%

Analyzing the mutual authenticated session key in IP multimedia server-client systems for 4G networks

Deebak¹,

Muthaiah²,

Thenmozhi³

et al. 2016

Turk J Elec Eng & Comp Sci

View full text Add to dashboard Cite

This paper scrutinizes the authentication and key agreement protocol adopted by the Universal Mobile Telecommunication System to meet the standards of a fourth-generation network. Lately, communication of multimedia (CoM) has drawn the attention of researchers for the future of secure wireless mobile communication. However, the CoM has not had any defensive mechanism to fulfil the specifications of 3GPP and reduce the computation and communication overheads and susceptible attacks like redirection, man-in-the-middle, and denial of service attacks. In addition, this paper has thoroughly investigated some existing protocols from the literature for the identification of new challenges in server-client authentication. To probe the challenges of the existing schemes realistically, the multimedia client and multimedia server components (proxy, interrogating, serving, and home subscriber server) were physically deployed on the Linux platform to examine the specifications of 3GPP, vulnerable attacks, computation, and communication overheads.We observed that the examined existing schemes are not able to fulfill the above criteria. We thus propose addition of the mutual authenticated session key (MASK) to the physical environment of the multimedia server-client. To satisfy the 3GPP specifications, the protocol of MASK offers mutual authenticity to the multimedia server-client. Moreover, the feature of mutual authenticity reduces the computation and communication overheads of the multimedia server-client.Since the session keys are jointly shared between the multimedia server and client, the protocol of MASK can additionally provide privacy preservation and forward secrecy.

show abstract

Cryptanalysis and Improvement of a Biometrics-Based Multi-server Authentication with Key Agreement Scheme

Cited by 43 publications

References 21 publications

An Efficient and Practical Smart Card Based Anonymity Preserving User Authentication Scheme for TMIS using Elliptic Curve Cryptography

An Efficient and Practical Smart Card Based Anonymity Preserving User Authentication Scheme for TMIS using Elliptic Curve Cryptography

Implementation of Remote Authentication via Biometrics: A Robust Video-Object Steganographic Mechanism Over Wireless Networks

Analyzing the mutual authenticated session key in IP multimedia server-client systems for 4G networks

Contact Info

Product

Resources

About