Paper 2014/715
Cryptanalysis on `Robust Biometrics-Based Authentication Scheme for Multi-server Environment'
Vanga Odelu, Ashok Kumar Das, and Adrijit Goswami
Abstract
Authentication plays an important role in an open network environment in order to authenticate two communication parties among each other. Authentication protocols should protect the sensitive information against a malicious adversary by providing a variety of services, such as authentication, user credentials' privacy, user revocation and re-registration, when the smart card is lost/stolen or the private key of a user or a server is revealed. Unfortunately, most of the existing multi-server authentication schemes proposed in the literature do not support the fundamental security property such as the revocation and re-registration with same identity. Recently, in 2014, He and Wang proposed a robust and efficient multi-server authentication scheme using biometrics-based smart card and elliptic curve cryptography (ECC). In this paper, we analyze the He-Wang's scheme and show that He-Wang's scheme is vulnerable to a known session-specific temporary information attack and impersonation attack. In addition, we show that their scheme does not provide strong user's anonymity. Furthermore, He-Wang's scheme cannot support the revocation and re-registration property. Apart from these, He-Wang's scheme has some design flaws, such as wrong password login and its consequences, and wrong password update during password change phase.
Metadata
- Available format(s)
- Category
- Cryptographic protocols
- Publication info
- Preprint. MINOR revision.
- Keywords
- SecurityCredentials privacySmart cardRevocation and re-registrationAuthentication.
- Contact author(s)
- odelu phd @ maths iitkgp ernet in
- History
- 2014-09-16: received
- Short URL
- https://ia.cr/2014/715
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2014/715, author = {Vanga Odelu and Ashok Kumar Das and Adrijit Goswami}, title = {Cryptanalysis on `Robust Biometrics-Based Authentication Scheme for Multi-server Environment'}, howpublished = {Cryptology {ePrint} Archive, Paper 2014/715}, year = {2014}, url = {https://eprint.iacr.org/2014/715} }