Limits...
An Enhanced Biometric Based Authentication with Key-Agreement Protocol for Multi-Server Architecture Based on Elliptic Curve Cryptography.

Reddy AG, Das AK, Odelu V, Yoo KY - PLoS ONE (2016)

Bottom Line: Biometric based authentication protocols for multi-server architectures have gained momentum in recent times due to advancements in wireless technologies and associated constraints.The careful investigation of this paper proves that Lu et al.'s protocol does not provide user anonymity, perfect forward secrecy and is susceptible to server and user impersonation attacks, man-in-middle attacks and clock synchronization problems.The formal and informal security analyses and performance analysis demonstrates that the proposed protocol is robust and efficient compared to Lu et al.'s protocol and existing similar protocols.

View Article: PubMed Central - PubMed

Affiliation: School of Computer Science and Engineering, Kyungpook National University, Daegu, Korea.

ABSTRACT
Biometric based authentication protocols for multi-server architectures have gained momentum in recent times due to advancements in wireless technologies and associated constraints. Lu et al. recently proposed a robust biometric based authentication with key agreement protocol for a multi-server environment using smart cards. They claimed that their protocol is efficient and resistant to prominent security attacks. The careful investigation of this paper proves that Lu et al.'s protocol does not provide user anonymity, perfect forward secrecy and is susceptible to server and user impersonation attacks, man-in-middle attacks and clock synchronization problems. In addition, this paper proposes an enhanced biometric based authentication with key-agreement protocol for multi-server architecture based on elliptic curve cryptography using smartcards. We proved that the proposed protocol achieves mutual authentication using Burrows-Abadi-Needham (BAN) logic. The formal security of the proposed protocol is verified using the AVISPA (Automated Validation of Internet Security Protocols and Applications) tool to show that our protocol can withstand active and passive attacks. The formal and informal security analyses and performance analysis demonstrates that the proposed protocol is robust and efficient compared to Lu et al.'s protocol and existing similar protocols.

No MeSH data available.


Role specification for application server AS.
© Copyright Policy
Related In: Results  -  Collection

License
getmorefigures.php?uid=PMC4862638&req=5

pone.0154308.g006: Role specification for application server AS.

Mentions: In a similar way, the roles of the AS and RS of the proposed protocol are implemented and shown in Figs 6 and 7, respectively. The declaration, request(Ui, AS, ui as xu, xu’), signifies the AS’s acceptance of the value xU generated for AS by Ui. The roles for the goal and environment, and the session of the proposed protocol are also shown in Figs 8 and 9, respectively. In the session role, all the basic roles including user, registrationserver and applicationserver are the instances with concrete arguments. The top-level role (environment) is always specified in the HLPSL implementation. The intruder (i) participates in the execution of protocol as a concrete session as shown in Fig 8. In the proposed protocol, we have three secrecy goals and three authentication goals. For example, the secrecy goal: secrecy of s1 indicates that the information IDU, b and PWU are kept secret to Ui only. The authentication goal: authentication_on ui_as_x denotes that the Ui has freshly generated random number x for the AS, where x is only known to Ui. When the AS receives x from messages of Ui, the AS checks a strong authentication for Ui based on x. Similarly, the other authentication goal authentication_on as_ui_n1 denotes that the AS generates a random number N1 for Ui and when Ui receives N1 from other messages from the AS, Ui checks a strong authentication for the AS based on N1.


An Enhanced Biometric Based Authentication with Key-Agreement Protocol for Multi-Server Architecture Based on Elliptic Curve Cryptography.

Reddy AG, Das AK, Odelu V, Yoo KY - PLoS ONE (2016)

Role specification for application server AS.
© Copyright Policy
Related In: Results  -  Collection

License
Show All Figures
getmorefigures.php?uid=PMC4862638&req=5

pone.0154308.g006: Role specification for application server AS.
Mentions: In a similar way, the roles of the AS and RS of the proposed protocol are implemented and shown in Figs 6 and 7, respectively. The declaration, request(Ui, AS, ui as xu, xu’), signifies the AS’s acceptance of the value xU generated for AS by Ui. The roles for the goal and environment, and the session of the proposed protocol are also shown in Figs 8 and 9, respectively. In the session role, all the basic roles including user, registrationserver and applicationserver are the instances with concrete arguments. The top-level role (environment) is always specified in the HLPSL implementation. The intruder (i) participates in the execution of protocol as a concrete session as shown in Fig 8. In the proposed protocol, we have three secrecy goals and three authentication goals. For example, the secrecy goal: secrecy of s1 indicates that the information IDU, b and PWU are kept secret to Ui only. The authentication goal: authentication_on ui_as_x denotes that the Ui has freshly generated random number x for the AS, where x is only known to Ui. When the AS receives x from messages of Ui, the AS checks a strong authentication for Ui based on x. Similarly, the other authentication goal authentication_on as_ui_n1 denotes that the AS generates a random number N1 for Ui and when Ui receives N1 from other messages from the AS, Ui checks a strong authentication for the AS based on N1.

Bottom Line: Biometric based authentication protocols for multi-server architectures have gained momentum in recent times due to advancements in wireless technologies and associated constraints.The careful investigation of this paper proves that Lu et al.'s protocol does not provide user anonymity, perfect forward secrecy and is susceptible to server and user impersonation attacks, man-in-middle attacks and clock synchronization problems.The formal and informal security analyses and performance analysis demonstrates that the proposed protocol is robust and efficient compared to Lu et al.'s protocol and existing similar protocols.

View Article: PubMed Central - PubMed

Affiliation: School of Computer Science and Engineering, Kyungpook National University, Daegu, Korea.

ABSTRACT
Biometric based authentication protocols for multi-server architectures have gained momentum in recent times due to advancements in wireless technologies and associated constraints. Lu et al. recently proposed a robust biometric based authentication with key agreement protocol for a multi-server environment using smart cards. They claimed that their protocol is efficient and resistant to prominent security attacks. The careful investigation of this paper proves that Lu et al.'s protocol does not provide user anonymity, perfect forward secrecy and is susceptible to server and user impersonation attacks, man-in-middle attacks and clock synchronization problems. In addition, this paper proposes an enhanced biometric based authentication with key-agreement protocol for multi-server architecture based on elliptic curve cryptography using smartcards. We proved that the proposed protocol achieves mutual authentication using Burrows-Abadi-Needham (BAN) logic. The formal security of the proposed protocol is verified using the AVISPA (Automated Validation of Internet Security Protocols and Applications) tool to show that our protocol can withstand active and passive attacks. The formal and informal security analyses and performance analysis demonstrates that the proposed protocol is robust and efficient compared to Lu et al.'s protocol and existing similar protocols.

No MeSH data available.