Robust Multiple Servers Architecture Based Authentication Scheme Preserving Anonymity

Robust Multiple Servers Architecture Based Authentication Scheme Preserving Anonymity

Recently, many dynamic ID based remote user authentication schemes using smart card have been proposed to improve the security in multiple servers architecture authentication systems. In 2017, Kumari and Om proposed an anonymous multi-server authenticated key agreement scheme, which is believed to b...

Full description

Bibliographic Details
Main Authors: Huawei Wang, Dianli Guo, Hua Zhang, Qiaoyan Wen
Format: Article
Language:English
Published: MDPI AG 2019-07-01
Series:Sensors
Subjects:
authentication
anonymity
BAN-logic
biometrics
multiple server
Online Access:https://www.mdpi.com/1424-8220/19/14/3144
id doaj-e50892379bd14fb7b321e285efbf7811
record_format Article
spelling doaj-e50892379bd14fb7b321e285efbf78112020-11-25T02:34:56ZengMDPI AGSensors1424-82202019-07-011914314410.3390/s19143144s19143144Robust Multiple Servers Architecture Based Authentication Scheme Preserving AnonymityHuawei Wang0Dianli Guo1Hua Zhang2Qiaoyan Wen3State Key Laboratory of Networking and Switching Technology, Beijing University of Posts and Telecommunications, Beijing 100876, ChinaThe 6th Research Institute of China Electronics Corporation, Beijing 100083, ChinaState Key Laboratory of Networking and Switching Technology, Beijing University of Posts and Telecommunications, Beijing 100876, ChinaState Key Laboratory of Networking and Switching Technology, Beijing University of Posts and Telecommunications, Beijing 100876, ChinaRecently, many dynamic ID based remote user authentication schemes using smart card have been proposed to improve the security in multiple servers architecture authentication systems. In 2017, Kumari and Om proposed an anonymous multi-server authenticated key agreement scheme, which is believed to be secure against a range of network attacks. Nevertheless, in this paper we reanalyze the security of their scheme, and show that the scheme is vulnerable to impersonation attack and server spoofing attack launched by any adversary without knowing any secret information of the victim users. In addition, their protocol fails to achieve the claimed user privacy protection. For handling these aforementioned shortcomings, we introduce a new biometric-based authentication scheme for multi-server architecture preserving user anonymity. Besides, Burrows—Abadi—Needham (BAN)-logic validated proof and discussion on possible attacks demonstrate the completeness and security of our scheme, respectively. Further, the comparisons in terms of security analysis and performance evaluation of several related protocols show that our proposal can provide stronger security without sacrificing efficiency.https://www.mdpi.com/1424-8220/19/14/3144authenticationanonymityBAN-logicbiometricsmultiple server
collection DOAJ
language English
format Article
sources DOAJ
author Huawei Wang
Dianli Guo
Hua Zhang
Qiaoyan Wen
spellingShingle Huawei Wang
Dianli Guo
Hua Zhang
Qiaoyan Wen
Robust Multiple Servers Architecture Based Authentication Scheme Preserving Anonymity
Sensors
authentication
anonymity
BAN-logic
biometrics
multiple server
author_facet Huawei Wang
Dianli Guo
Hua Zhang
Qiaoyan Wen
author_sort Huawei Wang
title Robust Multiple Servers Architecture Based Authentication Scheme Preserving Anonymity
title_short Robust Multiple Servers Architecture Based Authentication Scheme Preserving Anonymity
title_full Robust Multiple Servers Architecture Based Authentication Scheme Preserving Anonymity
title_fullStr Robust Multiple Servers Architecture Based Authentication Scheme Preserving Anonymity
title_full_unstemmed Robust Multiple Servers Architecture Based Authentication Scheme Preserving Anonymity
title_sort robust multiple servers architecture based authentication scheme preserving anonymity
publisher MDPI AG
series Sensors
issn 1424-8220
publishDate 2019-07-01
description Recently, many dynamic ID based remote user authentication schemes using smart card have been proposed to improve the security in multiple servers architecture authentication systems. In 2017, Kumari and Om proposed an anonymous multi-server authenticated key agreement scheme, which is believed to be secure against a range of network attacks. Nevertheless, in this paper we reanalyze the security of their scheme, and show that the scheme is vulnerable to impersonation attack and server spoofing attack launched by any adversary without knowing any secret information of the victim users. In addition, their protocol fails to achieve the claimed user privacy protection. For handling these aforementioned shortcomings, we introduce a new biometric-based authentication scheme for multi-server architecture preserving user anonymity. Besides, Burrows—Abadi—Needham (BAN)-logic validated proof and discussion on possible attacks demonstrate the completeness and security of our scheme, respectively. Further, the comparisons in terms of security analysis and performance evaluation of several related protocols show that our proposal can provide stronger security without sacrificing efficiency.
topic authentication
anonymity
BAN-logic
biometrics
multiple server
url https://www.mdpi.com/1424-8220/19/14/3144
work_keys_str_mv AT huaweiwang robustmultipleserversarchitecturebasedauthenticationschemepreservinganonymity
AT dianliguo robustmultipleserversarchitecturebasedauthenticationschemepreservinganonymity
AT huazhang robustmultipleserversarchitecturebasedauthenticationschemepreservinganonymity
AT qiaoyanwen robustmultipleserversarchitecturebasedauthenticationschemepreservinganonymity
_version_ 1724806448888676352

Similar Items