Limits...
An Enhanced Biometric Based Authentication with Key-Agreement Protocol for Multi-Server Architecture Based on Elliptic Curve Cryptography.

Reddy AG, Das AK, Odelu V, Yoo KY - PLoS ONE (2016)

Bottom Line: Biometric based authentication protocols for multi-server architectures have gained momentum in recent times due to advancements in wireless technologies and associated constraints.The careful investigation of this paper proves that Lu et al.'s protocol does not provide user anonymity, perfect forward secrecy and is susceptible to server and user impersonation attacks, man-in-middle attacks and clock synchronization problems.The formal and informal security analyses and performance analysis demonstrates that the proposed protocol is robust and efficient compared to Lu et al.'s protocol and existing similar protocols.

View Article: PubMed Central - PubMed

Affiliation: School of Computer Science and Engineering, Kyungpook National University, Daegu, Korea.

ABSTRACT
Biometric based authentication protocols for multi-server architectures have gained momentum in recent times due to advancements in wireless technologies and associated constraints. Lu et al. recently proposed a robust biometric based authentication with key agreement protocol for a multi-server environment using smart cards. They claimed that their protocol is efficient and resistant to prominent security attacks. The careful investigation of this paper proves that Lu et al.'s protocol does not provide user anonymity, perfect forward secrecy and is susceptible to server and user impersonation attacks, man-in-middle attacks and clock synchronization problems. In addition, this paper proposes an enhanced biometric based authentication with key-agreement protocol for multi-server architecture based on elliptic curve cryptography using smartcards. We proved that the proposed protocol achieves mutual authentication using Burrows-Abadi-Needham (BAN) logic. The formal security of the proposed protocol is verified using the AVISPA (Automated Validation of Internet Security Protocols and Applications) tool to show that our protocol can withstand active and passive attacks. The formal and informal security analyses and performance analysis demonstrates that the proposed protocol is robust and efficient compared to Lu et al.'s protocol and existing similar protocols.

No MeSH data available.


The result of the analysis using OFMC and CL-AtSe backends.
© Copyright Policy
Related In: Results  -  Collection

License
getmorefigures.php?uid=PMC4862638&req=5

pone.0154308.g010: The result of the analysis using OFMC and CL-AtSe backends.

Mentions: Replay attack check: For replay attack check, the OFMC and CL-AtSe back-ends verify if the legitimate agents can execute the specified protocol by performing a search of a passive intruder. Both backends provide the intruder the knowledge of some normal sessions between the legitimate agents. The test results reported in Fig 10 clearly indicate that the proposed protocol is secure against the replay attack.


An Enhanced Biometric Based Authentication with Key-Agreement Protocol for Multi-Server Architecture Based on Elliptic Curve Cryptography.

Reddy AG, Das AK, Odelu V, Yoo KY - PLoS ONE (2016)

The result of the analysis using OFMC and CL-AtSe backends.
© Copyright Policy
Related In: Results  -  Collection

License
Show All Figures
getmorefigures.php?uid=PMC4862638&req=5

pone.0154308.g010: The result of the analysis using OFMC and CL-AtSe backends.
Mentions: Replay attack check: For replay attack check, the OFMC and CL-AtSe back-ends verify if the legitimate agents can execute the specified protocol by performing a search of a passive intruder. Both backends provide the intruder the knowledge of some normal sessions between the legitimate agents. The test results reported in Fig 10 clearly indicate that the proposed protocol is secure against the replay attack.

Bottom Line: Biometric based authentication protocols for multi-server architectures have gained momentum in recent times due to advancements in wireless technologies and associated constraints.The careful investigation of this paper proves that Lu et al.'s protocol does not provide user anonymity, perfect forward secrecy and is susceptible to server and user impersonation attacks, man-in-middle attacks and clock synchronization problems.The formal and informal security analyses and performance analysis demonstrates that the proposed protocol is robust and efficient compared to Lu et al.'s protocol and existing similar protocols.

View Article: PubMed Central - PubMed

Affiliation: School of Computer Science and Engineering, Kyungpook National University, Daegu, Korea.

ABSTRACT
Biometric based authentication protocols for multi-server architectures have gained momentum in recent times due to advancements in wireless technologies and associated constraints. Lu et al. recently proposed a robust biometric based authentication with key agreement protocol for a multi-server environment using smart cards. They claimed that their protocol is efficient and resistant to prominent security attacks. The careful investigation of this paper proves that Lu et al.'s protocol does not provide user anonymity, perfect forward secrecy and is susceptible to server and user impersonation attacks, man-in-middle attacks and clock synchronization problems. In addition, this paper proposes an enhanced biometric based authentication with key-agreement protocol for multi-server architecture based on elliptic curve cryptography using smartcards. We proved that the proposed protocol achieves mutual authentication using Burrows-Abadi-Needham (BAN) logic. The formal security of the proposed protocol is verified using the AVISPA (Automated Validation of Internet Security Protocols and Applications) tool to show that our protocol can withstand active and passive attacks. The formal and informal security analyses and performance analysis demonstrates that the proposed protocol is robust and efficient compared to Lu et al.'s protocol and existing similar protocols.

No MeSH data available.