Cryptanalysis of Four Biometric Based Authentication Schemes with Privacy-preserving for Multi-server Environment and Design Guidelines

Yun Hsin Chuang; Chin Laung Lei; Hung Jr Shiu

doi:10.1109/AsiaJCIS50894.2020.00022

Cryptanalysis of Four Biometric Based Authentication Schemes with Privacy-preserving for Multi-server Environment and Design Guidelines

Yun Hsin Chuang, Chin Laung Lei, Hung Jr Shiu

工程管理碩士在職專班

研究成果: Conference contribution

6 引文斯高帕斯（Scopus）

摘要

With the growing demand of user privacy preserving, there is an urgent requirement for designing a secure remote user authentication and key agreement (AKA) scheme with user privacy preserving. We survey and discuss present three-factor based remote user AKA schemes with user privacy preserving for multi-server environment, and we find that four of them have security defects. We will demonstrate that Ali-Pal scheme is vulnerable to malignant server attack and user untraceability attack, Chandrakar and Om's schemes are vulnerable to insider attacks, and Choi et al.'s scheme does not achieve user anonymity. We then analyze the relevant schemes to propose the guidelines for designing a secure AKA scheme with user privacy preserving for multi-server environment. This paper is helpful for designing a better AKA scheme.

原文	English
主出版物標題	Proceedings - 2020 15th Asia Joint Conference on Information Security, AsiaJCIS 2020
發行者	Institute of Electrical and Electronics Engineers Inc.
頁面	66-73
頁數	8
ISBN（電子）	9781728199221
DOIs	https://doi.org/10.1109/AsiaJCIS50894.2020.00022
出版狀態	Published - 2020 8月
事件	15th Annual Asia Joint Conference on Information Security, AsiaJCIS 2020 - Taipei, Taiwan 持續時間: 2020 8月 20 → 2020 8月 21

出版系列

名字	Proceedings - 2020 15th Asia Joint Conference on Information Security, AsiaJCIS 2020

Conference

Conference	15th Annual Asia Joint Conference on Information Security, AsiaJCIS 2020
國家/地區	Taiwan
城市	Taipei
期間	20-08-20 → 20-08-21

All Science Journal Classification (ASJC) codes

安全、風險、可靠性和品質
電腦網路與通信
資訊系統
資訊系統與管理

存取文件

10.1109/AsiaJCIS50894.2020.00022

其它文件與鏈接

引用此

Chuang, Y. H., Lei, C. L., & Shiu, H. J. (2020). Cryptanalysis of Four Biometric Based Authentication Schemes with Privacy-preserving for Multi-server Environment and Design Guidelines. 於 Proceedings - 2020 15th Asia Joint Conference on Information Security, AsiaJCIS 2020 (頁 66-73). 文章 9194111 (Proceedings - 2020 15th Asia Joint Conference on Information Security, AsiaJCIS 2020). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/AsiaJCIS50894.2020.00022

Chuang, Yun Hsin ; Lei, Chin Laung ; Shiu, Hung Jr. / Cryptanalysis of Four Biometric Based Authentication Schemes with Privacy-preserving for Multi-server Environment and Design Guidelines. Proceedings - 2020 15th Asia Joint Conference on Information Security, AsiaJCIS 2020. Institute of Electrical and Electronics Engineers Inc., 2020. 頁 66-73 (Proceedings - 2020 15th Asia Joint Conference on Information Security, AsiaJCIS 2020).

@inproceedings{7c24a539c53b4cd0a49b3ece78e1e998,

title = "Cryptanalysis of Four Biometric Based Authentication Schemes with Privacy-preserving for Multi-server Environment and Design Guidelines",

abstract = "With the growing demand of user privacy preserving, there is an urgent requirement for designing a secure remote user authentication and key agreement (AKA) scheme with user privacy preserving. We survey and discuss present three-factor based remote user AKA schemes with user privacy preserving for multi-server environment, and we find that four of them have security defects. We will demonstrate that Ali-Pal scheme is vulnerable to malignant server attack and user untraceability attack, Chandrakar and Om's schemes are vulnerable to insider attacks, and Choi et al.'s scheme does not achieve user anonymity. We then analyze the relevant schemes to propose the guidelines for designing a secure AKA scheme with user privacy preserving for multi-server environment. This paper is helpful for designing a better AKA scheme.",

author = "Chuang, {Yun Hsin} and Lei, {Chin Laung} and Shiu, {Hung Jr}",

note = "Funding Information: The authors thank the anonymous referees for their valuable comments. This work was supported by the Ministry of Science and Technology, Taiwan, under Grant MOST 107-2221-E-002-033-MY3 and Grant MOST 108-2221-E-002 -073 -MY3. Publisher Copyright: {\textcopyright} 2020 IEEE.; 15th Annual Asia Joint Conference on Information Security, AsiaJCIS 2020 ; Conference date: 20-08-2020 Through 21-08-2020",

year = "2020",

month = aug,

doi = "10.1109/AsiaJCIS50894.2020.00022",

language = "English",

series = "Proceedings - 2020 15th Asia Joint Conference on Information Security, AsiaJCIS 2020",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

pages = "66--73",

booktitle = "Proceedings - 2020 15th Asia Joint Conference on Information Security, AsiaJCIS 2020",

address = "United States",

}

Chuang, YH, Lei, CL & Shiu, HJ 2020, Cryptanalysis of Four Biometric Based Authentication Schemes with Privacy-preserving for Multi-server Environment and Design Guidelines. 於 Proceedings - 2020 15th Asia Joint Conference on Information Security, AsiaJCIS 2020., 9194111, Proceedings - 2020 15th Asia Joint Conference on Information Security, AsiaJCIS 2020, Institute of Electrical and Electronics Engineers Inc., 頁 66-73, 15th Annual Asia Joint Conference on Information Security, AsiaJCIS 2020, Taipei, Taiwan, 20-08-20. https://doi.org/10.1109/AsiaJCIS50894.2020.00022

Cryptanalysis of Four Biometric Based Authentication Schemes with Privacy-preserving for Multi-server Environment and Design Guidelines. / Chuang, Yun Hsin; Lei, Chin Laung; Shiu, Hung Jr.
Proceedings - 2020 15th Asia Joint Conference on Information Security, AsiaJCIS 2020. Institute of Electrical and Electronics Engineers Inc., 2020. p. 66-73 9194111 (Proceedings - 2020 15th Asia Joint Conference on Information Security, AsiaJCIS 2020).

研究成果: Conference contribution

TY - GEN

T1 - Cryptanalysis of Four Biometric Based Authentication Schemes with Privacy-preserving for Multi-server Environment and Design Guidelines

AU - Chuang, Yun Hsin

AU - Lei, Chin Laung

AU - Shiu, Hung Jr

N1 - Funding Information: The authors thank the anonymous referees for their valuable comments. This work was supported by the Ministry of Science and Technology, Taiwan, under Grant MOST 107-2221-E-002-033-MY3 and Grant MOST 108-2221-E-002 -073 -MY3. Publisher Copyright: © 2020 IEEE.

PY - 2020/8

Y1 - 2020/8

N2 - With the growing demand of user privacy preserving, there is an urgent requirement for designing a secure remote user authentication and key agreement (AKA) scheme with user privacy preserving. We survey and discuss present three-factor based remote user AKA schemes with user privacy preserving for multi-server environment, and we find that four of them have security defects. We will demonstrate that Ali-Pal scheme is vulnerable to malignant server attack and user untraceability attack, Chandrakar and Om's schemes are vulnerable to insider attacks, and Choi et al.'s scheme does not achieve user anonymity. We then analyze the relevant schemes to propose the guidelines for designing a secure AKA scheme with user privacy preserving for multi-server environment. This paper is helpful for designing a better AKA scheme.

AB - With the growing demand of user privacy preserving, there is an urgent requirement for designing a secure remote user authentication and key agreement (AKA) scheme with user privacy preserving. We survey and discuss present three-factor based remote user AKA schemes with user privacy preserving for multi-server environment, and we find that four of them have security defects. We will demonstrate that Ali-Pal scheme is vulnerable to malignant server attack and user untraceability attack, Chandrakar and Om's schemes are vulnerable to insider attacks, and Choi et al.'s scheme does not achieve user anonymity. We then analyze the relevant schemes to propose the guidelines for designing a secure AKA scheme with user privacy preserving for multi-server environment. This paper is helpful for designing a better AKA scheme.

UR - http://www.scopus.com/inward/record.url?scp=85093365122&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85093365122&partnerID=8YFLogxK

U2 - 10.1109/AsiaJCIS50894.2020.00022

DO - 10.1109/AsiaJCIS50894.2020.00022

M3 - Conference contribution

AN - SCOPUS:85093365122

T3 - Proceedings - 2020 15th Asia Joint Conference on Information Security, AsiaJCIS 2020

SP - 66

EP - 73

BT - Proceedings - 2020 15th Asia Joint Conference on Information Security, AsiaJCIS 2020

PB - Institute of Electrical and Electronics Engineers Inc.

T2 - 15th Annual Asia Joint Conference on Information Security, AsiaJCIS 2020

Y2 - 20 August 2020 through 21 August 2020

ER -

Chuang YH, Lei CL, Shiu HJ. Cryptanalysis of Four Biometric Based Authentication Schemes with Privacy-preserving for Multi-server Environment and Design Guidelines. 於 Proceedings - 2020 15th Asia Joint Conference on Information Security, AsiaJCIS 2020. Institute of Electrical and Electronics Engineers Inc. 2020. p. 66-73. 9194111. (Proceedings - 2020 15th Asia Joint Conference on Information Security, AsiaJCIS 2020). doi: 10.1109/AsiaJCIS50894.2020.00022

Cryptanalysis of Four Biometric Based Authentication Schemes with Privacy-preserving for Multi-server Environment and Design Guidelines

摘要

出版系列

Conference

All Science Journal Classification (ASJC) codes

存取文件

其它文件與鏈接

指紋

引用此