We found a match
Your institution may have rights to this item. Sign in to continue.
- Title
An Untraceable Biometric-Based Multi-server Authenticated Key Agreement Protocol with Revocation.
- Authors
Chang, Chin-Chen; Nguyen, Ngoc-Tu
- Abstract
Online access has been widely adopted to distribute diversified services to customers. In this architecture, public channels are utilized to exchange information between end users and remote servers at anytime and anywhere. To achieve confidentiality and integrity for transferred data, the related parties have to authenticate each other and negotiate a secret session key to encrypt and decrypt exchanged messages. Since the Lamport's pioneering authentication work in 1981, numerous mechanisms have been proposed to enhance security as well as reduce computation and payload data. Recently, Chuang and Chen proposed a multi-server authenticated agreement protocol employing a smart card and biometric data to eliminate the weaknesses caused by parameters related to low-entropy human-memorable passwords that are stored in a physical location. However, Mishra et al. showed that Chuang and Chen's protocol is not only vulnerable to multiple attacks but also suffers from the drawback of variation of biometric data. To overcome these weaknesses, they proposed an enhanced three-factor authenticated key agreement protocol using the low-error rate Biohashing technique. Unfortunately, we found that Mishra et al.'s scheme is also vulnerable to the denial-of-service attack, the traceable user attack, the impersonation attack, and the pre-shared key attack. Furthermore, the protocol does not provide any user revocation mechanism to control user accesses. In this novel untraceable authenticated key agreement scheme, we adopt the Hamming distance to verify encrypted Biohash codes and a public-key technique to construct the revocation mechanism. Our scheme achieves not only zero errors of biometric verification but also secure against all known attacks.
- Subjects
INFORMATION sharing; INFORMATION resources management; ACCESS to information; OPEN data movement; DISCLOSURE
- Publication
Wireless Personal Communications, 2016, Vol 90, Issue 4, p1695
- ISSN
0929-6212
- Publication type
Article
- DOI
10.1007/s11277-016-3418-2