Advertisement

The Journal of Supercomputing

, Volume 63, Issue 1, pp 235–255 | Cite as

Robust biometrics-based multi-server authentication with key agreement scheme for smart cards on elliptic curve cryptosystem

  • Eun-Jun YoonEmail author
  • Kee-Young Yoo
Article

Abstract

Conventional single-server authentication schemes suffer a significant shortcoming. If a remote user wishes to use numerous network services, he/she must register his/her identity and password at these servers. It is extremely tedious for users to register numerous servers. In order to resolve this problem, various multi-server authentication schemes recently have been proposed. However, these schemes are insecure against some cryptographic attacks or inefficiently designed because of high computation costs. Moreover, these schemes do not provide strong key agreement function which can provide perfect forward secrecy. Based on these motivations, this paper proposes a new efficient and secure biometrics-based multi-server authentication with key agreement scheme for smart cards on elliptic curve cryptosystem (ECC) without verification table to minimize the complexity of hash operation among all users and fit multi-server communication environments. By adopting the biometrics technique, the proposed scheme can provide more strong user authentication function. By adopting the ECC technique, the proposed scheme can provide strong key agreement function with the property of perfect forward secrecy to reduce the computation loads for smart cards. As a result, compared with related multi-serve authentication schemes, the proposed scheme has strong security and enhanced computational efficiency. Thus, the proposed scheme is extremely suitable for use in distributed multi-server network environments such as the Internet and in limited computations and communication resource environments to access remote information systems since it provides security, reliability, and efficiency.

Keywords

Authentication Multi-server Key agreement Smart card Biometrics Elliptic curve cryptosystem 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Lamport L (1981) Password authentication with insecure communication. Commun ACM 24(11):770–772 MathSciNetCrossRefGoogle Scholar
  2. 2.
    Hwang T, Chen Y, Laih CS (1990) Non-interactive password authentication without password tables. In: Proc of IEEE region conference on computer and communication system, pp 429–431 Google Scholar
  3. 3.
    Wang XY, Yu HG (2005) How to break MD5 and other hash functions. In: Proc of Eurocrypt’05. Lecture notes in computer science, vol 3494. Springer, Berlin, pp 19–35 Google Scholar
  4. 4.
    Sun HM (2000) An efficient remote use authentication scheme using smart cards. IEEE Trans Consum Electron 46(4):958–961 CrossRefGoogle Scholar
  5. 5.
    Lin CH, Lai YY (2004) A flexible biometrics remote user authentication scheme. Comput Stand Interfaces 27(1):19–23 CrossRefGoogle Scholar
  6. 6.
    Lee NY, Chiu YC (2005) Improved remote authentication scheme with smart card. Comput Stand Interfaces 27(2):177–180 CrossRefGoogle Scholar
  7. 7.
    Yoon EJ, Ryu EK, Yoo KY (2005) An improvement of Hwang–Lee–Tang’s simple remote user authentication scheme. Comput Secur 24(1):50–56 CrossRefGoogle Scholar
  8. 8.
    Chang YF, Chang CC, Su YW (2006) A secure improvement on the user-friendly remote authentication scheme with no time concurrency mechanism. In: Proc of 20th international conference on advanced information networking and applications (AINA’06). IEEE Computer Society, Los Alamitos, pp 741–745 Google Scholar
  9. 9.
    Khan MK, Zhang J (2007) Improving the security of ‘a flexible biometrics remote user authentication scheme. Comput Stand Interfaces 29(1):82–85 CrossRefGoogle Scholar
  10. 10.
    Khan MK, Zhang J, Wang X (2008) Chaotic hash-based fingerprint biometric remote user authentication scheme on mobile devices. Chaos Solitons Fractals 35(3):519–524 CrossRefGoogle Scholar
  11. 11.
    Li CT, Hwang MS (2010) An efficient biometrics-based remote user authentication scheme using smart cards. J Netw Comput Appl 33(1):1–5 CrossRefGoogle Scholar
  12. 12.
    Li LH, Lin IC, Hwang MS (2001) A remote password authentication scheme for multi-server architecture using neural networks. IEEE Trans Neural Netw 12(6):1498–1504 CrossRefGoogle Scholar
  13. 13.
    Lin IC, Hwang MS, Li LH (2003) A new remote user authentication scheme for multi-server architecture. Future Gener Comput Syst 19:13–22 zbMATHCrossRefGoogle Scholar
  14. 14.
    Juang WS (2004) Efficient multi-server password authenticated key agreement using smart cards. IEEE Trans Consum Electron 50(1):251–255 CrossRefGoogle Scholar
  15. 15.
    Chang CC, Lee JS (2004) An efficient and secure multi-server password authentication scheme using smart cards. In: Proc of third international conference on cyberworlds (CW’04). IEEE Computer Society, Los Alamitos, pp 417–422 CrossRefGoogle Scholar
  16. 16.
    Tsaur WJ, Wu CC, Lee WB (2004) A smart card-based remote scheme for password authentication in multi-server Internet services. Comput Stand Interfaces 27:39–51 CrossRefGoogle Scholar
  17. 17.
    Tsai JL (2008) Efficient multi-server authentication scheme based on one-way hash function without verification table. Comput Secur 27(3–4):115–121 CrossRefGoogle Scholar
  18. 18.
    Messergers TS, Dabbish EA, Sloan RH (2002) Examining smart card security under the threat of power analysis attacks. IEEE Trans Comput 51(5):541–552 MathSciNetCrossRefGoogle Scholar
  19. 19.
    Ding CC (2008) Security weaknesses in two multi-server password based authentication protocol. Master’s thesis of Nan-Hua University, 1–31 Google Scholar
  20. 20.
    Chen Y, Huang CH, Chou JS (2008) Comments on two multi-server authentication protocols. ePrint Archive, Report 2008/544, available at http://eprint.iacr.org/2008/544.pdf
  21. 21.
    Lee SG (2009) Cryptanalysis of multiple-server password-authenticated key agreement schemes using smart cards. ePrint Archive, Report 2009/490, available at http://eprint.iacr.org/2009/490.pdf
  22. 22.
    Yoon EJ, Yoo KY (2009) Robust multi-server authentication scheme. In: Proc of the 6th IFIP international conference on network and parallel computing (NPC’09). IEEE Computer Society, Los Alamitos, pp 197–203 CrossRefGoogle Scholar
  23. 23.
    Blake-Wilson S, Menezes A (1999) Authenticated Diffie–Hellman key agreement protocols. In: Proc of SAC’99. Lecture notes in computer science, vol 1556. Springer, Berlin, pp 339–361 Google Scholar
  24. 24.
    Koblitz N (1987) Elliptic curve cryptosystem. Math Comput 48:203–209 MathSciNetzbMATHCrossRefGoogle Scholar
  25. 25.
    Miller V (1986) Uses of elliptic curves in cryptography. In: Proc of CRYPTO’85. Lecture notes in computer science, vol 218. Springer, Berlin, pp 417–426 Google Scholar
  26. 26.
    Hankerson D, Menezes A, Vanstone S (2004) Guide to elliptic curve cryptography, Lecture notes in computer science. Springer, Berlin Google Scholar
  27. 27.
    Chen J, Yang Y (2009) Temporal dependency based checkpoint selection for dynamic verification of temporal constraints in scientific workflow systems. ACM Trans Softw Eng Methodol (in press, accepted on June 17, 2009), available at http://www.swinflow.org/papers/TOSEM.pdf
  28. 28.
    Wang M, Kotagiri R, Chen J (2009) Trust-based robust scheduling and runtime adaptation of scientific workflow. Concurr Comput Pract Exp 21(16):1982–1998 CrossRefGoogle Scholar
  29. 29.
    Chen J, Yang Y (2008) Activity completion duration based checkpoint selection for dynamic verification of temporal constraints in grid workflow systems. Int J High Perform Comput Appl 22(3):319–329 CrossRefGoogle Scholar
  30. 30.
    Shneier B (1996) Applied cryptography, 2nd edn. Wiley, New York Google Scholar
  31. 31.
    Menezes AJ, Oorschot PC, Vanstone SA (1997) Handbook of applied cryptograph. CRC Press, New York Google Scholar
  32. 32.
    Mao W (2004) Modern cryptography theory and practice. Prentice Hall, New York Google Scholar
  33. 33.
    Stinson D (2002) Cryptography theory and practice, 2nd edn. Chapman & Hall/CRC, London/Boca Raton Google Scholar
  34. 34.
    Boyd C, Mathuria A (2003) Protocols for authentication and key establishment. Springer, Berlin Google Scholar
  35. 35.
    Dasari NR, Sreenivasarao V (2010) Performance of multi server authentication and key agreement with user protection in network security. Int J Comput Sci Eng 2(5):1705–1712 Google Scholar
  36. 36.
    Chou JS, Chen Y, Huang CH (2010) A privacy-flexible password authentication scheme for multi-server environment. Cryptol ePrint Arch 2010(393):1–23 Google Scholar
  37. 37.
    Steiner JG, Neuman BC, Schiller JI (1988) Kerberos: an authentication service for open network systems. In: Proc of the winter 1988 usenix conference Google Scholar
  38. 38.
    Michael K, Kathrin M, Petra S, Ulrike L (2004) Identities management: An approach to overcome basic barriers in e-commerce and collaboration applications. In: Proc of the EURAM conference, St. Andrews, pp 5–8 Google Scholar
  39. 39.
    Inuma M, Otsuka A, Imai H (2009) Theoretical framework for constructing matching algorithms in biometric authentication systems. In: Proc of ICB’09. Lecture notes in computer science, vol 5558. Springer, Berlin, pp 806–815 Google Scholar

Copyright information

© Springer Science+Business Media, LLC 2010

Authors and Affiliations

  1. 1.School of Electrical Engineering and Computer ScienceKyungpook National UniversityDaeguSouth Korea
  2. 2.Department of Computer EngineeringKyungpook National UniversityDaeguSouth Korea

Personalised recommendations