원문정보
초록
영어
Authentication and key agreement protocol becomes an important security issue for multi-server architecture. Combining biometrics with password enhances the level of security. Recently, Baruah et al. analyzed that Mishra et al.’s protocol has several drawbacks and proposed an improved biometric based multi-server authentication scheme. They claimed that their scheme satisfies all the required security attributes for a secure authentication. In this paper, we indicate that their scheme is not secure against key reveal attack, replay attack, and smart card forgery attack. Any registered user can retrieve the session key or launch the replay attack by eavesdropping on the communication channel. In addition, registered user can forge smart card when colluding with registered server.
목차
1. Introduction
2. Review of Baruah et al.’s Scheme
2.1. Server Registration Phase
2.2. User Registration Phase
2.3. Login Phase
2.4. Authentication Phase
2.5. Password Change Phase
3. Security Analysis of Baruah et al.’s scheme
3.1. Key Reveal Attack
3.2. Replay Attack
3.3. Smart card Forgery Attack
4. Conclusions
References