Skip to main content
SpringerLink
Log in

Robust biometrics-based multi-server authentication with key agreement scheme for smart cards on elliptic curve cryptosystem

  • Published:
The Journal of Supercomputing Aims and scope Submit manuscript

Abstract

Conventional single-server authentication schemes suffer a significant shortcoming. If a remote user wishes to use numerous network services, he/she must register his/her identity and password at these servers. It is extremely tedious for users to register numerous servers. In order to resolve this problem, various multi-server authentication schemes recently have been proposed. However, these schemes are insecure against some cryptographic attacks or inefficiently designed because of high computation costs. Moreover, these schemes do not provide strong key agreement function which can provide perfect forward secrecy. Based on these motivations, this paper proposes a new efficient and secure biometrics-based multi-server authentication with key agreement scheme for smart cards on elliptic curve cryptosystem (ECC) without verification table to minimize the complexity of hash operation among all users and fit multi-server communication environments. By adopting the biometrics technique, the proposed scheme can provide more strong user authentication function. By adopting the ECC technique, the proposed scheme can provide strong key agreement function with the property of perfect forward secrecy to reduce the computation loads for smart cards. As a result, compared with related multi-serve authentication schemes, the proposed scheme has strong security and enhanced computational efficiency. Thus, the proposed scheme is extremely suitable for use in distributed multi-server network environments such as the Internet and in limited computations and communication resource environments to access remote information systems since it provides security, reliability, and efficiency.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Lamport L (1981) Password authentication with insecure communication. Commun ACM 24(11):770–772

    Article  MathSciNet  Google Scholar 

  2. Hwang T, Chen Y, Laih CS (1990) Non-interactive password authentication without password tables. In: Proc of IEEE region conference on computer and communication system, pp 429–431

    Google Scholar 

  3. Wang XY, Yu HG (2005) How to break MD5 and other hash functions. In: Proc of Eurocrypt’05. Lecture notes in computer science, vol 3494. Springer, Berlin, pp 19–35

    Google Scholar 

  4. Sun HM (2000) An efficient remote use authentication scheme using smart cards. IEEE Trans Consum Electron 46(4):958–961

    Article  Google Scholar 

  5. Lin CH, Lai YY (2004) A flexible biometrics remote user authentication scheme. Comput Stand Interfaces 27(1):19–23

    Article  Google Scholar 

  6. Lee NY, Chiu YC (2005) Improved remote authentication scheme with smart card. Comput Stand Interfaces 27(2):177–180

    Article  Google Scholar 

  7. Yoon EJ, Ryu EK, Yoo KY (2005) An improvement of Hwang–Lee–Tang’s simple remote user authentication scheme. Comput Secur 24(1):50–56

    Article  Google Scholar 

  8. Chang YF, Chang CC, Su YW (2006) A secure improvement on the user-friendly remote authentication scheme with no time concurrency mechanism. In: Proc of 20th international conference on advanced information networking and applications (AINA’06). IEEE Computer Society, Los Alamitos, pp 741–745

    Google Scholar 

  9. Khan MK, Zhang J (2007) Improving the security of ‘a flexible biometrics remote user authentication scheme. Comput Stand Interfaces 29(1):82–85

    Article  Google Scholar 

  10. Khan MK, Zhang J, Wang X (2008) Chaotic hash-based fingerprint biometric remote user authentication scheme on mobile devices. Chaos Solitons Fractals 35(3):519–524

    Article  Google Scholar 

  11. Li CT, Hwang MS (2010) An efficient biometrics-based remote user authentication scheme using smart cards. J Netw Comput Appl 33(1):1–5

    Article  Google Scholar 

  12. Li LH, Lin IC, Hwang MS (2001) A remote password authentication scheme for multi-server architecture using neural networks. IEEE Trans Neural Netw 12(6):1498–1504

    Article  Google Scholar 

  13. Lin IC, Hwang MS, Li LH (2003) A new remote user authentication scheme for multi-server architecture. Future Gener Comput Syst 19:13–22

    Article  MATH  Google Scholar 

  14. Juang WS (2004) Efficient multi-server password authenticated key agreement using smart cards. IEEE Trans Consum Electron 50(1):251–255

    Article  Google Scholar 

  15. Chang CC, Lee JS (2004) An efficient and secure multi-server password authentication scheme using smart cards. In: Proc of third international conference on cyberworlds (CW’04). IEEE Computer Society, Los Alamitos, pp 417–422

    Chapter  Google Scholar 

  16. Tsaur WJ, Wu CC, Lee WB (2004) A smart card-based remote scheme for password authentication in multi-server Internet services. Comput Stand Interfaces 27:39–51

    Article  Google Scholar 

  17. Tsai JL (2008) Efficient multi-server authentication scheme based on one-way hash function without verification table. Comput Secur 27(3–4):115–121

    Article  Google Scholar 

  18. Messergers TS, Dabbish EA, Sloan RH (2002) Examining smart card security under the threat of power analysis attacks. IEEE Trans Comput 51(5):541–552

    Article  MathSciNet  Google Scholar 

  19. Ding CC (2008) Security weaknesses in two multi-server password based authentication protocol. Master’s thesis of Nan-Hua University, 1–31

  20. Chen Y, Huang CH, Chou JS (2008) Comments on two multi-server authentication protocols. ePrint Archive, Report 2008/544, available at http://eprint.iacr.org/2008/544.pdf

  21. Lee SG (2009) Cryptanalysis of multiple-server password-authenticated key agreement schemes using smart cards. ePrint Archive, Report 2009/490, available at http://eprint.iacr.org/2009/490.pdf

  22. Yoon EJ, Yoo KY (2009) Robust multi-server authentication scheme. In: Proc of the 6th IFIP international conference on network and parallel computing (NPC’09). IEEE Computer Society, Los Alamitos, pp 197–203

    Chapter  Google Scholar 

  23. Blake-Wilson S, Menezes A (1999) Authenticated Diffie–Hellman key agreement protocols. In: Proc of SAC’99. Lecture notes in computer science, vol 1556. Springer, Berlin, pp 339–361

    Google Scholar 

  24. Koblitz N (1987) Elliptic curve cryptosystem. Math Comput 48:203–209

    Article  MathSciNet  MATH  Google Scholar 

  25. Miller V (1986) Uses of elliptic curves in cryptography. In: Proc of CRYPTO’85. Lecture notes in computer science, vol 218. Springer, Berlin, pp 417–426

    Google Scholar 

  26. Hankerson D, Menezes A, Vanstone S (2004) Guide to elliptic curve cryptography, Lecture notes in computer science. Springer, Berlin

    Google Scholar 

  27. Chen J, Yang Y (2009) Temporal dependency based checkpoint selection for dynamic verification of temporal constraints in scientific workflow systems. ACM Trans Softw Eng Methodol (in press, accepted on June 17, 2009), available at http://www.swinflow.org/papers/TOSEM.pdf

  28. Wang M, Kotagiri R, Chen J (2009) Trust-based robust scheduling and runtime adaptation of scientific workflow. Concurr Comput Pract Exp 21(16):1982–1998

    Article  Google Scholar 

  29. Chen J, Yang Y (2008) Activity completion duration based checkpoint selection for dynamic verification of temporal constraints in grid workflow systems. Int J High Perform Comput Appl 22(3):319–329

    Article  Google Scholar 

  30. Shneier B (1996) Applied cryptography, 2nd edn. Wiley, New York

    Google Scholar 

  31. Menezes AJ, Oorschot PC, Vanstone SA (1997) Handbook of applied cryptograph. CRC Press, New York

    Google Scholar 

  32. Mao W (2004) Modern cryptography theory and practice. Prentice Hall, New York

    Google Scholar 

  33. Stinson D (2002) Cryptography theory and practice, 2nd edn. Chapman & Hall/CRC, London/Boca Raton

    Google Scholar 

  34. Boyd C, Mathuria A (2003) Protocols for authentication and key establishment. Springer, Berlin

    Google Scholar 

  35. Dasari NR, Sreenivasarao V (2010) Performance of multi server authentication and key agreement with user protection in network security. Int J Comput Sci Eng 2(5):1705–1712

    Google Scholar 

  36. Chou JS, Chen Y, Huang CH (2010) A privacy-flexible password authentication scheme for multi-server environment. Cryptol ePrint Arch 2010(393):1–23

    Google Scholar 

  37. Steiner JG, Neuman BC, Schiller JI (1988) Kerberos: an authentication service for open network systems. In: Proc of the winter 1988 usenix conference

    Google Scholar 

  38. Michael K, Kathrin M, Petra S, Ulrike L (2004) Identities management: An approach to overcome basic barriers in e-commerce and collaboration applications. In: Proc of the EURAM conference, St. Andrews, pp 5–8

    Google Scholar 

  39. Inuma M, Otsuka A, Imai H (2009) Theoretical framework for constructing matching algorithms in biometric authentication systems. In: Proc of ICB’09. Lecture notes in computer science, vol 5558. Springer, Berlin, pp 806–815

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. School of Electrical Engineering and Computer Science, Kyungpook National University, 1370 Sankyuk-Dong, Buk-Gu, Daegu, 702-701, South Korea

    Eun-Jun Yoon

  2. Department of Computer Engineering, Kyungpook National University, 1370 Sankyuk-Dong, Buk-Gu, Daegu, 702-701, South Korea

    Kee-Young Yoo

Authors
  1. Eun-Jun Yoon
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Kee-Young Yoo
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Eun-Jun Yoon.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Yoon, EJ., Yoo, KY. Robust biometrics-based multi-server authentication with key agreement scheme for smart cards on elliptic curve cryptosystem. J Supercomput 63, 235–255 (2013). https://doi.org/10.1007/s11227-010-0512-1

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11227-010-0512-1

Keywords

Search

Navigation