{"title":"Cryptanalysis of Four Biometric Based Authentication Schemes with Privacy-preserving for Multi-server Environment and Design Guidelines","authors":"Yun-Hsin Chuang, C. Lei, Hung-Jr Shiu","doi":"10.1109/AsiaJCIS50894.2020.00022","DOIUrl":null,"url":null,"abstract":"With the growing demand of user privacy preserving, there is an urgent requirement for designing a secure remote user authentication and key agreement (AKA) scheme with user privacy preserving. We survey and discuss present three-factor based remote user AKA schemes with user privacy preserving for multi-server environment, and we find that four of them have security defects. We will demonstrate that Ali-Pal scheme is vulnerable to malignant server attack and user untraceability attack, Chandrakar and Om’s schemes are vulnerable to insider attacks, and Choi et al.’s scheme does not achieve user anonymity. We then analyze the relevant schemes to propose the guidelines for designing a secure AKA scheme with user privacy preserving for multi-server environment. This paper is helpful for designing a better AKA scheme.","PeriodicalId":247481,"journal":{"name":"2020 15th Asia Joint Conference on Information Security (AsiaJCIS)","volume":"47 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2020-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"7","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2020 15th Asia Joint Conference on Information Security (AsiaJCIS)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/AsiaJCIS50894.2020.00022","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 7
Abstract
With the growing demand of user privacy preserving, there is an urgent requirement for designing a secure remote user authentication and key agreement (AKA) scheme with user privacy preserving. We survey and discuss present three-factor based remote user AKA schemes with user privacy preserving for multi-server environment, and we find that four of them have security defects. We will demonstrate that Ali-Pal scheme is vulnerable to malignant server attack and user untraceability attack, Chandrakar and Om’s schemes are vulnerable to insider attacks, and Choi et al.’s scheme does not achieve user anonymity. We then analyze the relevant schemes to propose the guidelines for designing a secure AKA scheme with user privacy preserving for multi-server environment. This paper is helpful for designing a better AKA scheme.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
