Paper 2014/715

Cryptanalysis on `Robust Biometrics-Based Authentication Scheme for Multi-server Environment'

Vanga Odelu, Ashok Kumar Das, and Adrijit Goswami

Abstract

Authentication plays an important role in an open network environment in order to authenticate two communication parties among each other. Authentication protocols should protect the sensitive information against a malicious adversary by providing a variety of services, such as authentication, user credentials' privacy, user revocation and re-registration, when the smart card is lost/stolen or the private key of a user or a server is revealed. Unfortunately, most of the existing multi-server authentication schemes proposed in the literature do not support the fundamental security property such as the revocation and re-registration with same identity. Recently, in 2014, He and Wang proposed a robust and efficient multi-server authentication scheme using biometrics-based smart card and elliptic curve cryptography (ECC). In this paper, we analyze the He-Wang's scheme and show that He-Wang's scheme is vulnerable to a known session-specific temporary information attack and impersonation attack. In addition, we show that their scheme does not provide strong user's anonymity. Furthermore, He-Wang's scheme cannot support the revocation and re-registration property. Apart from these, He-Wang's scheme has some design flaws, such as wrong password login and its consequences, and wrong password update during password change phase.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Preprint. MINOR revision.
Keywords
SecurityCredentials privacySmart cardRevocation and re-registrationAuthentication.
Contact author(s)
odelu phd @ maths iitkgp ernet in
History
2014-09-16: received
Short URL
https://ia.cr/2014/715
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2014/715,
      author = {Vanga Odelu and Ashok Kumar Das and Adrijit Goswami},
      title = {Cryptanalysis on `Robust Biometrics-Based Authentication Scheme for Multi-server Environment'},
      howpublished = {Cryptology ePrint Archive, Paper 2014/715},
      year = {2014},
      note = {\url{https://eprint.iacr.org/2014/715}},
      url = {https://eprint.iacr.org/2014/715}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.