Cryptanalysis on `Robust Biometrics-Based Authentication Scheme for Multi-server Environment\u27

Authentication plays an important role in an open network environment in order to authenticate two communication parties among each other. Authentication protocols should protect the sensitive information against a malicious adversary by providing a variety of services, such as authentication, user credentials\u27 privacy, user revocation and re-registration, when the smart card is lost/stolen or the private key of a user or a server is revealed. Unfortunately, most of the existing multi-server authentication schemes proposed in the literature do not support the fundamental security property such as the revocation and re-registration with same identity. Recently, in 2014, He and Wang proposed a robust and efficient multi-server authentication scheme using biometrics-based smart card and elliptic curve cryptography (ECC). In this paper, we analyze the He-Wang\u27s scheme and show that He-Wang\u27s scheme is vulnerable to a known session-specific temporary information attack and impersonation attack. In addition, we show that their scheme does not provide strong user\u27s anonymity. Furthermore, He-Wang\u27s scheme cannot support the revocation and re-registration property. Apart from these, He-Wang\u27s scheme has some design flaws, such as wrong password login and its consequences, and wrong password update during password change phase

Two-way Mechanism to Enhance Confidentiality and Accuracy of Shared Information

As such internet and information technology have influenced the human life significantly thus the current technology cannot solely assure the security of shared information. Hence, to fulfil such requirements mass amount of research have been undertaken by various researchers among which one of the mechanisms is the use of dynamic key rather than static one. In this regard, we have proposed a method of key generation to provide the dynamic keys. The scheme not only can change the key but also provide the error control mechanism. At the end of this paper, a comparison with the existing techniques has also been made to prove the efficiency of the proposed scheme