Cryptanalysis of Four Biometric Based Authentication Schemes with Privacy-preserving for Multi-server Environment and Design Guidelines

Yun Hsin Chuang; Chin Laung Lei; Hung Jr Shiu

doi:10.1109/AsiaJCIS50894.2020.00022

Cryptanalysis of Four Biometric Based Authentication Schemes with Privacy-preserving for Multi-server Environment and Design Guidelines

Yun Hsin Chuang, Chin Laung Lei, Hung Jr Shiu

Engineering Management Graduate Program

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

6 Citations (Scopus)

Abstract

With the growing demand of user privacy preserving, there is an urgent requirement for designing a secure remote user authentication and key agreement (AKA) scheme with user privacy preserving. We survey and discuss present three-factor based remote user AKA schemes with user privacy preserving for multi-server environment, and we find that four of them have security defects. We will demonstrate that Ali-Pal scheme is vulnerable to malignant server attack and user untraceability attack, Chandrakar and Om's schemes are vulnerable to insider attacks, and Choi et al.'s scheme does not achieve user anonymity. We then analyze the relevant schemes to propose the guidelines for designing a secure AKA scheme with user privacy preserving for multi-server environment. This paper is helpful for designing a better AKA scheme.

Original language	English
Title of host publication	Proceedings - 2020 15th Asia Joint Conference on Information Security, AsiaJCIS 2020
Publisher	Institute of Electrical and Electronics Engineers Inc.
Pages	66-73
Number of pages	8
ISBN (Electronic)	9781728199221
DOIs	https://doi.org/10.1109/AsiaJCIS50894.2020.00022
Publication status	Published - 2020 Aug
Event	15th Annual Asia Joint Conference on Information Security, AsiaJCIS 2020 - Taipei, Taiwan Duration: 2020 Aug 20 → 2020 Aug 21

Publication series

Name	Proceedings - 2020 15th Asia Joint Conference on Information Security, AsiaJCIS 2020

Conference

Conference	15th Annual Asia Joint Conference on Information Security, AsiaJCIS 2020
Country/Territory	Taiwan
City	Taipei
Period	20-08-20 → 20-08-21

All Science Journal Classification (ASJC) codes

Safety, Risk, Reliability and Quality
Computer Networks and Communications
Information Systems
Information Systems and Management

Access to Document

10.1109/AsiaJCIS50894.2020.00022

Cite this

Chuang, Y. H., Lei, C. L., & Shiu, H. J. (2020). Cryptanalysis of Four Biometric Based Authentication Schemes with Privacy-preserving for Multi-server Environment and Design Guidelines. In Proceedings - 2020 15th Asia Joint Conference on Information Security, AsiaJCIS 2020 (pp. 66-73). Article 9194111 (Proceedings - 2020 15th Asia Joint Conference on Information Security, AsiaJCIS 2020). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/AsiaJCIS50894.2020.00022

Chuang, Yun Hsin ; Lei, Chin Laung ; Shiu, Hung Jr. / Cryptanalysis of Four Biometric Based Authentication Schemes with Privacy-preserving for Multi-server Environment and Design Guidelines. Proceedings - 2020 15th Asia Joint Conference on Information Security, AsiaJCIS 2020. Institute of Electrical and Electronics Engineers Inc., 2020. pp. 66-73 (Proceedings - 2020 15th Asia Joint Conference on Information Security, AsiaJCIS 2020).

@inproceedings{7c24a539c53b4cd0a49b3ece78e1e998,

title = "Cryptanalysis of Four Biometric Based Authentication Schemes with Privacy-preserving for Multi-server Environment and Design Guidelines",

abstract = "With the growing demand of user privacy preserving, there is an urgent requirement for designing a secure remote user authentication and key agreement (AKA) scheme with user privacy preserving. We survey and discuss present three-factor based remote user AKA schemes with user privacy preserving for multi-server environment, and we find that four of them have security defects. We will demonstrate that Ali-Pal scheme is vulnerable to malignant server attack and user untraceability attack, Chandrakar and Om's schemes are vulnerable to insider attacks, and Choi et al.'s scheme does not achieve user anonymity. We then analyze the relevant schemes to propose the guidelines for designing a secure AKA scheme with user privacy preserving for multi-server environment. This paper is helpful for designing a better AKA scheme.",

author = "Chuang, {Yun Hsin} and Lei, {Chin Laung} and Shiu, {Hung Jr}",

note = "Funding Information: The authors thank the anonymous referees for their valuable comments. This work was supported by the Ministry of Science and Technology, Taiwan, under Grant MOST 107-2221-E-002-033-MY3 and Grant MOST 108-2221-E-002 -073 -MY3. Publisher Copyright: {\textcopyright} 2020 IEEE.; 15th Annual Asia Joint Conference on Information Security, AsiaJCIS 2020 ; Conference date: 20-08-2020 Through 21-08-2020",

year = "2020",

month = aug,

doi = "10.1109/AsiaJCIS50894.2020.00022",

language = "English",

series = "Proceedings - 2020 15th Asia Joint Conference on Information Security, AsiaJCIS 2020",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

pages = "66--73",

booktitle = "Proceedings - 2020 15th Asia Joint Conference on Information Security, AsiaJCIS 2020",

address = "United States",

}

Chuang, YH, Lei, CL & Shiu, HJ 2020, Cryptanalysis of Four Biometric Based Authentication Schemes with Privacy-preserving for Multi-server Environment and Design Guidelines. in Proceedings - 2020 15th Asia Joint Conference on Information Security, AsiaJCIS 2020., 9194111, Proceedings - 2020 15th Asia Joint Conference on Information Security, AsiaJCIS 2020, Institute of Electrical and Electronics Engineers Inc., pp. 66-73, 15th Annual Asia Joint Conference on Information Security, AsiaJCIS 2020, Taipei, Taiwan, 20-08-20. https://doi.org/10.1109/AsiaJCIS50894.2020.00022

Cryptanalysis of Four Biometric Based Authentication Schemes with Privacy-preserving for Multi-server Environment and Design Guidelines. / Chuang, Yun Hsin; Lei, Chin Laung; Shiu, Hung Jr.
Proceedings - 2020 15th Asia Joint Conference on Information Security, AsiaJCIS 2020. Institute of Electrical and Electronics Engineers Inc., 2020. p. 66-73 9194111 (Proceedings - 2020 15th Asia Joint Conference on Information Security, AsiaJCIS 2020).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

TY - GEN

T1 - Cryptanalysis of Four Biometric Based Authentication Schemes with Privacy-preserving for Multi-server Environment and Design Guidelines

AU - Chuang, Yun Hsin

AU - Lei, Chin Laung

AU - Shiu, Hung Jr

N1 - Funding Information: The authors thank the anonymous referees for their valuable comments. This work was supported by the Ministry of Science and Technology, Taiwan, under Grant MOST 107-2221-E-002-033-MY3 and Grant MOST 108-2221-E-002 -073 -MY3. Publisher Copyright: © 2020 IEEE.

PY - 2020/8

Y1 - 2020/8

N2 - With the growing demand of user privacy preserving, there is an urgent requirement for designing a secure remote user authentication and key agreement (AKA) scheme with user privacy preserving. We survey and discuss present three-factor based remote user AKA schemes with user privacy preserving for multi-server environment, and we find that four of them have security defects. We will demonstrate that Ali-Pal scheme is vulnerable to malignant server attack and user untraceability attack, Chandrakar and Om's schemes are vulnerable to insider attacks, and Choi et al.'s scheme does not achieve user anonymity. We then analyze the relevant schemes to propose the guidelines for designing a secure AKA scheme with user privacy preserving for multi-server environment. This paper is helpful for designing a better AKA scheme.

AB - With the growing demand of user privacy preserving, there is an urgent requirement for designing a secure remote user authentication and key agreement (AKA) scheme with user privacy preserving. We survey and discuss present three-factor based remote user AKA schemes with user privacy preserving for multi-server environment, and we find that four of them have security defects. We will demonstrate that Ali-Pal scheme is vulnerable to malignant server attack and user untraceability attack, Chandrakar and Om's schemes are vulnerable to insider attacks, and Choi et al.'s scheme does not achieve user anonymity. We then analyze the relevant schemes to propose the guidelines for designing a secure AKA scheme with user privacy preserving for multi-server environment. This paper is helpful for designing a better AKA scheme.

UR - http://www.scopus.com/inward/record.url?scp=85093365122&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85093365122&partnerID=8YFLogxK

U2 - 10.1109/AsiaJCIS50894.2020.00022

DO - 10.1109/AsiaJCIS50894.2020.00022

M3 - Conference contribution

AN - SCOPUS:85093365122

T3 - Proceedings - 2020 15th Asia Joint Conference on Information Security, AsiaJCIS 2020

SP - 66

EP - 73

BT - Proceedings - 2020 15th Asia Joint Conference on Information Security, AsiaJCIS 2020

PB - Institute of Electrical and Electronics Engineers Inc.

T2 - 15th Annual Asia Joint Conference on Information Security, AsiaJCIS 2020

Y2 - 20 August 2020 through 21 August 2020

ER -

Chuang YH, Lei CL, Shiu HJ. Cryptanalysis of Four Biometric Based Authentication Schemes with Privacy-preserving for Multi-server Environment and Design Guidelines. In Proceedings - 2020 15th Asia Joint Conference on Information Security, AsiaJCIS 2020. Institute of Electrical and Electronics Engineers Inc. 2020. p. 66-73. 9194111. (Proceedings - 2020 15th Asia Joint Conference on Information Security, AsiaJCIS 2020). doi: 10.1109/AsiaJCIS50894.2020.00022

Cryptanalysis of Four Biometric Based Authentication Schemes with Privacy-preserving for Multi-server Environment and Design Guidelines

Abstract

Publication series

Conference

All Science Journal Classification (ASJC) codes

Access to Document

Other files and links

Fingerprint

Cite this