Vulnerability Analysis on Multi-Server Authentication Scheme using Smart Card and Biometric Data (스마트카드와 생체정보를 이용한 다중서버 인증스킴의 취약성 분석)

Kwang Cheul Shin (신광철)

Vulnerability Analysis on Multi-Server Authentication Scheme using Smart Card and Biometric Data

Journal of Knowledge Information Technology and Systems
Abbr : JKITS
2016, 11(4), pp.371-383
Publisher : Korea Knowledge Information Technology Society
Research Area : Interdisciplinary Studies > Interdisciplinary Research
Published : August 31, 2016

Kwang Cheul Shin ¹

¹성결대학교

Accredited

ABSTRACT

In the past, most of the existing password authentication schemes are based on a single server environment which are inadequate for the multi-server environments. But recently, researches have been performed focusing on the remote user authentication scheme by password and bio-metric data in a multi-server environment. The following study analyzes weaknesses in user Authentication schemes in multiple server environments as suggested by Mishra et al’.s. Over the years, various identifier and password based schemes for multiple server environments have been suggested. However, they have been found of password guessing or dictionary attack based vulnerabilities. In order to overcome such weaknesses, there's been many papers since then that suggested various multiple server verification schemes that utilize biometric data for use in multiple server environments and distributed networks. In order to prevent weaknesses in Mishra et al'.s scheme and Chuang et al'.s scheme, the user verification parameter h(PSK) was utilized to improve upon the weaknesses. However, Mishra et al'.s scheme is vulnerable to user/server spoof attack, denial of service attack, impersonation attack, and man-in-the-middle attack. The following study analyzes C&C scheme and improves it, in order to reanalyze and compare weaknesses and problems to Mishra et al'.s scheme.

KEYWORDS

Smart card, Biometrics, User/Server impersonation attack, DoS attack

Citation status

* References for papers published after 2023 are currently being built.

[journal] H. C. Hsiang. / 2009 / Improvement of the secure dynamic ID based remote user authentication scheme for multi-server environment / Computer Standards &Interfaces 31 : 1118~1123

[journal] S. K. Sood. / 2011 / 2011A secure dynamic identity based authentication protocol for multi-server architecture / Journal of Network and Computer Applications 34(2) : 609~618

[journal] 신광철 / 2015 / A Study on Weakness of a Secure Dynamic Identify based Remote User Authentication scheme for Multi-server Environment using Smart Card / 한국지식정보기술학회 논문지 / 한국지식정보기술학회 10(5) : 523~536

[confproc] P. Kocher. / 1999 / Differential power analysis / Advances in Cryptology—RYPTO ’99, Lecture Notes in Computer Science / Springer : 388~397

[journal] T. S. Messerges. / 2002 / Examining smart-card security under the threat of power analysis attacks / IEEE Transactions on Computers 51(5) : 541~552

[journal] C. T. Li. / 2010 / An efficient biometrics-based remote user authentication scheme using smart cards / Journal of Network and Computer Applications 33(1) : 1~5

[journal] W. S. Juang / 2004 / Efficient multi-server password authenticated key agreement using smart cards, Consumer Electronics / IEEE Transactions on 50(1) : 251~255

[journal] J. L. Tsai / 2008 / Efficient multi-server authentication protocol based on one-way hash function without verification table / Computers & Security 27(3) : 115~121

[journal] Y. P. Liao / 2009 / A secure dynamic ID based remote user authentication scheme for multi-server environment / Computer Standards and Interfaces 31(1) : 24~29

[confproc] D. Yang. / 2010 / A biometric password-basedmulti-server authentication scheme with smart card / Proceedings of the International Conference on Computer Design and Applications(ICCDA ’10) 5 : 554~559

[journal] E. -J. Yoon. / 2013 / Robust biometrics-based multiserver authentication with key agreement scheme for smart cards on elliptic curve cryptosystem / The Journal of Supercomputing 63(1) : 235~255

[journal] B. Wang. / 2013 / A smart card based efficient and secured multi-server authentication scheme / Wireless Personal Communications 68(2) : 361~378

[journal] M. C. Chuang. / 2014 / An anonymous multi-server authenticated key agreement scheme based on trust computing using smart cards and biometrics / Expert Systems with Applications 41(4) : 1411~1418

[journal] D. Mishra. / 2014 / A secure user anonymity-preserving biometricbased multi-server authenticated key agreement scheme using smart cards / Expert Systems with Applications 41(18) : 8129~8143

[other] C. Kaufman / 2005 / Internet key exchange (ikev2)protocol

KJCKorea
Journal Central

Journal of Knowledge Information Technology and Systems 2023 KCI Impact Factor : 0.89