Robust biometrics based authentication and key agreement scheme for multi-server environments using smart cards

Robust biometrics based authentication and key agreement scheme for multi-server environments using smart cards

Biometrics authenticated schemes using smart cards have attracted much attention in multi-server environments. Several schemes of this type where proposed in the past. However, many of them were found to have some design flaws. This paper concentrates on the security weaknesses of the three-factor a...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:PloS one 2015-05, Vol.10 (5), p.e0126323-e0126323
Hauptverfasser: Lu, Yanrong, Li, Lixiang, Yang, Xing, Yang, Yixian
Format: Artikel
Sprache:eng
Schlagworte:
Access control
Agreements
Analysis
Architectural engineering
Authentication
Authentication (Identity)
Back up systems
Biometrics
Biometry
Communications networks
Computer access control
Computer Security - instrumentation
Disaster recovery
Engineering
Forgery
Health Smart Cards
Humans
Information systems
Laboratories
Mathematical problems
Methods
Network security
Phase transitions
Registration
Safety and security measures
Security
Security measures
Smart cards
Wireless communications
Wireless networks
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:Biometrics authenticated schemes using smart cards have attracted much attention in multi-server environments. Several schemes of this type where proposed in the past. However, many of them were found to have some design flaws. This paper concentrates on the security weaknesses of the three-factor authentication scheme by Mishra et al. After careful analysis, we find their scheme does not really resist replay attack while failing to provide an efficient password change phase. We further propose an improvement of Mishra et al.'s scheme with the purpose of preventing the security threats of their scheme. We demonstrate the proposed scheme is given to strong authentication against several attacks including attacks shown in the original scheme. In addition, we compare the performance and functionality with other multi-server authenticated key schemes.
ISSN:1932-6203
1932-6203
DOI:10.1371/journal.pone.0126323