Cryptanalysis of Biometric-based to Lin et al&#039;.s Multi-Server User Authentication Scheme (생체정보 기반의 Lin et al.&#039;s 다중서버 사용자 인증 스킴에 대한 안전성 분석)

Kwang Cheul Shin (신광철)

doi:10.34163/jkits.2018.13.5.003

Cryptanalysis of Biometric-based to Lin et al'.s Multi-Server User Authentication Scheme

Journal of Knowledge Information Technology and Systems
Abbr : JKITS
2018, 13(5), pp.533-543
DOI : 10.34163/jkits.2018.13.5.003
Publisher : Korea Knowledge Information Technology Society
Research Area : Interdisciplinary Studies > Interdisciplinary Research
Published : October 31, 2018

Kwang Cheul Shin ¹

¹성결대학교

Accredited

ABSTRACT

The use of biomedical technology has been applied to all smart devices such as smart phones and tablet PCs, mainly shopping malls, medical systems, and financial institutions. The core of biomedical technology is the authentication function. Authentication verifies the validity of the identity at the remote server by the registered user. It is also a basic security service that allows access to remote servers. Passwords, smart cards, and biometrics are three commonly used elements in authentication. Remote user authentication schemes for various multi-server environments have been proposed by many researchers. Lin et al.'s suggested that the scheme of Baruah et al.'s is vulnerable to impersonation attacks, smart card theft attacks, etc. in a multi-server environment and proposed an improved scheme. However, there is a weakness of some parameter calculations as a result of Lin et al.'s analysis of the authentication scheme. It was revealed that users and servers were colluding, or when users' smart cards were stolen, they were vulnerable to impersonation attacks, smart card stolen attacks, replay attacks, and denial of service attacks. Thus, this paper logically reanalyzes and compares the vulnerabilities of the Lin et al 's scheme.

KEYWORDS

Biometrics, Mutual authentication, Impersonation attack, Session key agreement, Smart card

Citation status

* References for papers published after 2023 are currently being built.

[journal] W. J. Tsaur / 2004 / A smart card-based remote scheme for password authentication in multi-server Internet services / Computer Standard &Interfaces 27(1) : 39~51

[journal] J. L. Tsai / 2008 / Efficient multi-server authentication scheme based on one-way hash function without verification table / Computers & Security 27(3) : 115~121

[journal] Y. P. Liao / 2009 / A secure dynamic ID based remote user authentication scheme for multi-server environment / Computer Standards &Interfaces 31(1) : 24~29

[journal] H. C. Hsiang / 2009 / Improvement of the secure dynamic ID based remote user authentication scheme for multi-server environment / Computer Standards & Interfaces 31(6) : 1118~1123

[journal] T. Wan / 2014 / Cryptanalysis of two dynamic identity based authentication schemes for multi-server architecture / Communications, China 11(11) : 125~134

[journal] T. S. Messerges / 2002 / Examining smart-card security under the threat of power analysis attacks / IEEE Transactions on Computers 51(5) : 541~552

[journal] C. T. Li / 2010 / An efficient biometrics-based remote user authentication scheme using smart cards / Journal of Network and Computer Applications 33(1) : 1~5

[journal] J. Moon / 2015 / An Improvement of Robust Biometrics-Based Authentication and Key Agreement Scheme for Multi-Server Environments Using Smart Cards / PLoS ONE 10(12) : 1~15

[journal] Y. R. Lu / 2015 / An enhanced biometric-based authentication scheme for telecare medicine information systems using elliptic curve cryptosystem / Journal of Medical Systems 39(32) : 1~8

[journal] Y. Choi / 2016 / Security improvement on biometric based authentication scheme for wireless sensor networks using fuzzy extraction / International Journal of Distributed Sensor Networks 2016 : 1~16

[journal] C. Li / 2010 / An efficient biometrics-based remote user authentication scheme using smart card / Journal of Network and Computer Applications 33 : 1~5

[journal] X. Li / 2011 / Cryptanalysis and improvement of a biometrics-based remote user authentication scheme using smart cards / Journal of Network and Computer Applications 34 : 73~79

[journal] M. C. Chuang / 2014 / An anonymous multi-server authenticated key agreement scheme based on trust computing using smart cards and biometrics / Expert Systems with Applications 41(4) : 1411~1418

[journal] D. Mishra / 2014 / A secure user anonymity-preserving biometric-based multiserver authenticated key agreement scheme using smart cards / Expert Systems with Applications 41(18) : 8129~8143

[journal] K. C. Baruah / 2015 / An improved biometric-based multi-server authentication scheme using smart card / International Journal of Security and Its Applications 9(1) : 397~408

[journal] Y. Lin / 2016 / An enhanced biometric-based three factors user authentication scheme for multi-server environments / International Journal of Security and Its Applications 10(1) : 315~328

[journal] Y. Dodis / 2004 / Fuzzy extractors: How to generate strong keys from biometrics and other noisy data / Advances in Cryptology 3027 : 523~540

KJCKorea
Journal Central

Journal of Knowledge Information Technology and Systems 2023 KCI Impact Factor : 0.89

Cryptanalysis of Biometric-based to Lin et al'.s Multi-Server User Authentication Scheme

ABSTRACT

KEYWORDS

Citation status

* References for papers published after 2023 are currently being built.

Journal of Knowledge Information Technology and Systems 2023 KCI Impact Factor : 0.89

Cryptanalysis of Biometric-based to Lin et al'.s Multi-Server User Authentication Scheme

ABSTRACT

KEYWORDS

Statistics

Tools

Issue List

Citation status

KCI Citation Counts (0)

REFERENCES (17) * References for papers published after 2023 are currently being built.

Search PDF

Citation

* References for papers published after 2023 are currently being built.