Cryptanalysis and improvement of a biometrics-based multi-server authentication with key agreement scheme

In 2010, Yoon et al. proposed a robust biometrics- based multi-server authentication with key agreement scheme for smart cards on elliptic curve cryptosystem. In this letter, however, we show that Yoon et al.’s scheme is vulnerable to off-line password guessing attack and propose an improved scheme to prevent the attack

Privacy protection for e-health systems by means of dynamic authentication and three-factor key agreement

During the past decade, the electronic healthcare (e-health) system has been evolved into a more patient-oriented service with smaller and smarter wireless devices. However, these convenient smart devices have limited computing capacity and memory size, which makes it harder to protect the user’s massive private data in the e-health system. Although some works have established a secure session key between the user and the medical server, the weaknesses still exist in preserving the anonymity with low energy consumption. Moreover, the misuse of biometric information in key agreement process may lead to privacy disclosure, which is irreparable. In this study, we design a dynamic privacy protection mechanism offering the biometric authentication at the server side whereas the exact value of the biometric template remains unknown to the server. And the user anonymity can be fully preserved during the authentication and key negotiation process because the messages transmitted with the proposed scheme are untraceable. Furthermore, the proposed scheme is proved to be semantic secure under the Real-or-Random Model. The performance analysis shows that the proposed scheme suits the e-health environment at the aspect of security and resource occupation

Cryptanalysis and Improvement on Robust Three-Factor Remote User Authentication Scheme with Key Agreement for Multimedia System

A three-factor authentication combines biometrics information with user password and smart card to provide security-enhanced user authentication. An proposed user authentication scheme improved Das’s scheme. But An’s scheme is not secure against denial of service attack in login phase, forgery attack. Li et al. pointed out them and proposed three-factor remote user authentication scheme with key agreement. However, Li et al’s scheme still has some security problem. In this paper, we present a cryptanalysis and improvement of Li et al.’s remote user authentication scheme