Research Article
Cryptanalysis of Biometric-based Multi-server Authentication Scheme Using Smart Card
@INPROCEEDINGS{10.4108/eai.19-8-2015.2260660, author={Jongho Mun and Jiye Kim and Donghoon Lee and Dongho Won}, title={Cryptanalysis of Biometric-based Multi-server Authentication Scheme Using Smart Card}, proceedings={11th EAI International Conference on Heterogeneous Networking for Quality, Reliability, Security and Robustness}, publisher={IEEE}, proceedings_a={QSHINE}, year={2015}, month={9}, keywords={remote user authentication biometric smart card network security}, doi={10.4108/eai.19-8-2015.2260660} }- Jongho Mun
Jiye Kim
Donghoon Lee
Dongho Won
Year: 2015
Cryptanalysis of Biometric-based Multi-server Authentication Scheme Using Smart Card
QSHINE
IEEE
DOI: 10.4108/eai.19-8-2015.2260660
Abstract
Remote user authentication scheme is one of the most convenient authentication schemes to deal with secret data via insecure communication channel. During the last couple of decades, many researchers have proposed a remote user authentication schemes which are ID-based, password-based, and smart card-based. Above all, smart card-based remote user authentication schemes for multi-server environment are a widely used and researched method. One of the benefits of smart card-based authentication scheme is that a server does not have to keep a verifier table. Furthermore, remote user authentication scheme for multi-server environment has resolved the problem of users to manage the different identities and passwords. In 2015, Baruah et al. improved Mishra et al.'s scheme, and claimed that their scheme is more secure and practical remote user authentication scheme. However, we find that Baruah et al.'s scheme is still insecure. In this paper, we demonstrate that their scheme is vulnerable to outsider attack, smart card stolen attack, user impersonation attack and replay attack.