Cryptology ePrint Archive: Report 2014/715

Cryptanalysis on `Robust Biometrics-Based Authentication Scheme for Multi-server Environment'

Vanga Odelu and Ashok Kumar Das and Adrijit Goswami

Abstract: Authentication plays an important role in an open network environment in order to authenticate two communication parties among each other. Authentication protocols should protect the sensitive information against a malicious adversary by providing a variety of services, such as authentication, user credentials' privacy, user revocation and re-registration, when the smart card is lost/stolen or the private key of a user or a server is revealed. Unfortunately, most of the existing multi-server authentication schemes proposed in the literature do not support the fundamental security property such as the revocation and re-registration with same identity. Recently, in 2014, He and Wang proposed a robust and efficient multi-server authentication scheme using biometrics-based smart card and elliptic curve cryptography (ECC). In this paper, we analyze the He-Wang's scheme and show that He-Wang's scheme is vulnerable to a known session-specific temporary information attack and impersonation attack. In addition, we show that their scheme does not provide strong user's anonymity. Furthermore, He-Wang's scheme cannot support the revocation and re-registration property. Apart from these, He-Wang's scheme has some design flaws, such as wrong password login and its consequences, and wrong password update during password change phase.

Category / Keywords: cryptographic protocols / Security, Credentials privacy, Smart card, Revocation and re-registration, Authentication.

Date: received 12 Sep 2014

Contact author: odelu phd at maths iitkgp ernet in

Available format(s): PDF | BibTeX Citation

Version: 20140916:160907 (All versions of this report)

Short URL:

Discussion forum: Show discussion | Start new discussion

[ Cryptology ePrint archive ]