Cryptanalysis and Improvement of a Biometrics-Based Multi-server Authentication with Key Agreement Scheme
详细信息 查看全文
- 作者:Hakhyun Kim (1) hhkim@security.re.kr
Woongryul Jeon (1) wrjeon@security.re.kr
Kwangwoo Lee (1)
Yunho Lee (2) leeyh@gwangju.ac.kr
Dongho Won (1) dhwon@security.re.kr - 关键词:cryptanalysis – ; key agreement – ; authentication – ; biometrics
- 刊名:Lecture Notes in Computer Science
- 出版年:2012
- 出版时间:2012
- 年:2012
- 卷:7335
- 期:1
- 页码:391-406
- 全文大小:458.7 KB
- 参考文献:1. Lamport, L.: Password authentication with insecure communication. Communication of ACM 24, 28–30 (1981)
2. Yoon, E.J., Yoo, K.Y.: Robust biometrics-based multi-server authentication with key agreement scheme for smart cards on elliptic curve cryptosystem. Journal of Supercomputing (2010), doi:10.1007/s11227-010-0512-1
3. Sutcu, Y., Sencar, T., Memon, N.: A secure biometric authentication scheme based on robust hashing. In: ACM MMSEC Workshop, pp. 111–116 (2005)
4. Leung, K.C., Cheng, L.M., Fong, A.S., Chang, C.K.: Cryptanalysis of a modified remote user authentication scheme using smart cards. IEEE Trans. Consum. Electron 49(4), 1243–1245 (2003)
5. Li, L., Lin, I., Hwang, M.: A remote password authentication scheme for multi-server architecture using neural networks. IEEE Trans. Neural Netw. 12(6), 1498–1504 (2001)
6. Fan, L., Xu, C.X., Li, J.H.: User authentication scheme using smart cards for multi-server environments. Chinese Journal of Electronics 13(1), 179–181 (2004)
7. Hwang, R.-J., Shiau, S.-H.: Password authenticated key agreement protocol for multi-servers architecture In: International Conference on Wireless Networks Communications and Mobile Computing, pp. 279–284 (2005)
8. Chang, C.-C., Kuo, J.-Y.: An efficient multi-server password authenticated key agreement scheme using smart cards with access control. In: Proceedings of the 19th International Conference on Advanced Information Networking and Applications (AINA 2005), vol. 2, pp. 257–260 (2005)
9. Cao, Z.-F., Sun, D.-Z.: Cryptanalysis and improvement of user authentication scheme using smart cards for multi-server environments. In: Proceedings of the Fifth International Conference on Machine Learning and Cybernetics, pp. 2818–2822 (2006)
10. Hu, L., Niu, X., Yang, Y.: An efficient multi-server password authenticated key agreement scheme using smart cards. In: International Conference on Multimedia and Ubiquitous Engineering (MUE 2007), pp. 903–907 (2007)
11. Lee, Y., Won, D.: Security weaknesses in Chang and Wu’s key agreement protocol for a multi-server environment. In: IEEE International Conference on e-Business Engineering, pp. 304–308 (2008)
12. Geng, J., Zhang, L.: A dynamic ID-based user authentication and key agreement scheme for multi-server environment using bilinear pairings. In: Workshop on Power Electronics and Intelligent Transportation System, pp. 33–37 (2008)
13. Lim, M.-H., Lee, S., Lee, H.: An efficient multi-server password authenticated key agreement scheme revisited. In: Third International Conference on Convergence and Hybrid Information Technology, pp. 396–400 (2008)
14. Liao, Y.-P., Wang, S.-S.: A secure dynamic ID based remote user authentication scheme for multi-server environment. Computer Standards & Interfaces 31, 24–29 (2009)
15. Chen, Y., Huang, C.-H., Chou, J.-S.: A novel multi-server authentication protocol. Cryptology ePrint Archive (2009), http://eprint.iacr.org/2009/176
16. Zhu, H., Liu, T., Liu, J.: Robust and simple multi-server authentication protocol without verification. In: Ninth International Conference on Hybrid Intelligent Systems, pp. 51–56 (2009)
17. Yoon, E.-J., Yoo, K.-Y.: Robust multi-server authentication scheme, In. In: Sixth IFIP International Conference on Network and Parallel Computing, pp. 197–203 (2009)
18. Tsaur, W.J., Wu, C.C., Lee, W.B.: A smart card-based remote scheme for password authentication in multi-server Internet services. Computer Standards & Interfaces 27, 39–51 (2004)
19. Juang, W.-S.: Efficient multi-server password authenticated key agreement using smart cards. IEEE Transactions on Consumer Electronics 50(1), 251–255 (2004)
20. Chang, C.C., Lee, J.S.: An efficient and secure multi-server password authentication scheme using smart cards. In: International Conference on Cyber worlds (CW 2004), pp. 417–422 (2004)
21. Lee, J.H., Lee, D.H.: Efficient and secure remote authenticated key agreement scheme for multi-server using mobile equipment. In: Proceedings of International Conference on Consumer Electronics, pp. 1–2 (2008)
22. Tsai, J.L.: Efficient multi-server authentication scheme based on one-way hash function without verification table. Computers & Security 27(3-4), 115–121 (2008)
23. Chen, J., Yang, Y.: Temporal dependency based checkpoint selection for dynamic verification of temporal constraints in scientific workflow systems. ACM Trans. Softw. Eng. Methodol (June 17, 2009), http://www.swinflow.org/papers/TOSEM.pdf (in press, accepted)
24. Wang, M., Kotagiri, R., Chen, J.: Trust-based robust scheduling and runtime adaptation of scientific workflow. Concurr. Comput. Pract. Exp. 21(16), 1982–1998 (2009)
25. Chen, J., Yang, Y.: Activity completion duration based checkpoint selection for dynamic verification of temporal constraints in grid workflow systems. Int. J. High Perform Comput. Appl. 22(3), 319–329 (2008)
26. Nam, J., Kim, S., Won, D.H.: Secure Group Communications over Combined Wired and Wireless Networks. In: Katsikas, S.K., L贸pez, J., Pernul, G. (eds.) TrustBus 2005. LNCS, vol. 3592, pp. 90–99. Springer, Heidelberg (2005)
27. Lee, K., Won, D., Kim, S.: A Secure and Efficient E-Will System Based on PKI. Information - An International Interdisciplinary Journal, International Information Institute 14(7), 2187–2206 (2011)
28. Park, N., Kim, S., Won, D.H., Kim, H.W.: Security Analysis and Implementation Leveraging Globally Networked RFIDs. In: Cuenca, P., Orozco-Barbosa, L. (eds.) PWC 2006. LNCS, vol. 4217, pp. 494–505. Springer, Heidelberg (2006) - 作者单位:1. Information Security Group, School of Information and Communication Engineering, Sungkyunkwan University, 300 Cheoncheon-dong, Jangan-gu, Suwon, Gyeonggi-do 440-746, Korea2. Department of Cyber Security & Police, Gwangju University, 52 Hyoduk-ro, Nam-gu, Gwangju-si, 503-703 Korea
- 刊物类别:Computer Science
- 刊物主题:Artificial Intelligence and Robotics
Computer Communication Networks
Software Engineering
Data Encryption
Database Management
Computation by Abstract Devices
Algorithm Analysis and Problem Complexity - 出版者:Springer Berlin / Heidelberg
- ISSN:1611-3349
文摘
In 1981, Lamport proposed a password authentication scheme to provide authentication between single user and single remote server. In a smart card based password authentication scheme, the smart card takes password as input, makes a login message and sends it to the server. Many smart card based password authentication schemes with a single server have already been constructed. However it is impossible to apply the authentication methods in single server environment to multi-server environment. Therefore, some smart card based password authentication schemes for the multi-server environment are proposed. In 2010, Yoon et al. proposed a robust biometrics-based multi-server authentication with key agreement scheme for smart cards on elliptic curve cryptosystem. In this paper, however, we show that scheme of Yoon et al. is vulnerable to off-line password guessing attack and propose an improved scheme to prevent the attack.