2014 National Computer Symposium Template

Cryptanalysis of Anonymous Authenticated and Key Agreement Scheme Based on Biometric for Multi-Server Environment

Yu-Hui Chen1,* Hong-Ji Wei2 Jiin-Chiou Cheng3 Wen-Chung Kuo4

1,3 Southern Taiwan University of Science and Technology

Computer Science and Information Engineering

2 University of Kang Ning

Library and Information Center

4 National Yunlin University of Science and Technology

Computer Science and Information Engineering

*E-mail:

Abstract

In 2014, Choi proposed a security enhanced anonymous multi-server authenticated key agreement scheme using smart card and biometrics and claimed that their scheme could overcome all of security issues in Chuang-Chen’s scheme, such as impersonation attack, smart card loss attack, denial of service attack and perfect forward secrecy. Although Choi’s scheme solves the impersonation and denial of service attack, we discover that their scheme is not only still vulnerable to smart card loss attack and lack of perfect forward secrecy, but also contains a flaw in design for authentication phase after our analysis in detail.

Keywords: multi-server architecture, authentication protocol, smart card, biometrics, anonymous

1.  Introduction

With the rapid development of the Internet, more and more services such as online shopping, online transactions, online stock, etc. are provided through the Internet. In order to prevent unauthorized users to access resources, many service providers utilize the password-base authentication scheme to verify the legality of user. For security considerations, many authors proposed the password authentication scheme which is combined with biometric to enhance overall security [1-14].

Biometric has the following four characteristics: (a) Universality: Universality means that every person should possess the trait. (b) Distinctiveness:Biometric features of any two people are different. (c) Permanence: Biometric features do not change over time. (d) Collectability: Measurable with simple technical instruments. (e) Uniqueness: Biometrics is unique. Biometric including face, fingerprint, iris, hand geometry, palm print, voice pattern…etc.

Recent years, some anonymous authentication scheme using the smart card and biometric for multi-server environment have been proposed [4, 8, 10, 13, 14] because user requirements for diversification of services. In 2014, Chuang and Chen [10] proposed the anonymous multi-server authenticated key agreement scheme based on trust computing using smart cards and biometrics. At the same year, Choi [13] analyzes and discovers that Chuang-Chen’s scheme includes several types of weaknesses. Simultaneously, Choi also proposed an enhanced anonymous authentication scheme for overcoming all of weaknesses in Chuang-Chen’s scheme. In this paper, we investigate the Choi’s scheme and discover that their proposed scheme is still failed to withstand smart card loss attack and provide perfect forward secrecy. Moreover, Choi’s scheme also contains a flaw in design for authentication phase.

The rest of this paper is organized as follows: Section 2 reviews Choi’s proposed scheme. Section 3 demonstrates all of weaknesses in Choi’s scheme. Finally, conclusions are given in Section 4.

2.  Review of Choi’s scheme

In this section, we review the Choi’s proposed scheme. Their proposed scheme consists of three phases: the registration phase, the login phase and the authentication phase. The notations used in Choi’ scheme are shown in Table 1.

Table 1 Notations of Choi’s scheme

x
RC
UIDi
SIDj
AUIDi
ASIDj
PWi
BIOi
h(.)
Ni
PSK
||
⊕ / A secret value of the registration center
The registration center
The identification of user i
The identification of server j
The anonymous identification of user i
The anonymous identification of server j
The password of user i
The biometrics information of user i
A secure one-way hash function
A random number
A secure pre-shared key among RC and authenticated servers
A string concatenation operation
A string XOR operation

2.1.  Registration phase

step 1.  Ui→Sj: {UIDi,h(PWi⨁BIOi)}

The user Ui selects UIDi,PWiandBIOi. Then, Uicomputes hPWi⨁BIOi and transmits UIDi and h(PWi⨁BIOi) to Sj through a secure channel.

step 2.  Sj→Ui:UIDi,h(.),Bi,Ci,Di,Ei,Fi

After receiving the message from Ui , Sj starts to compute following operations.

1.  Ai=h(UIDi||x)

2.  Bi=h2(UIDi|x=h(Ai)

3.  Ci=hPWi⨁BIOi⨁Bi

4.  Di=PSK⨁Ai

5.  Ei=hPSK⨁hPWi⨁BIOi

6.  Fi=[SID1,SID2,SID3,…SIDj]

After computing all of parameters, the server Sj transmits the smart card with UIDi, h.,Bi,Ci, Di,Ei and Fi to Ui via a secure channel.

2.2.  Login phase

step 1.  Ui→Smart Card: {UIDi,PWi,BIOi}

The user Ui inserts the smart card and inputs UIDi, PWi and BIOi .

step 2.  Upon receiving the message from Ui, the smart card first checks UIDi and Bi=hPWi⨁BIOi⨁Ci. If they are equal, the smart card generates a new random number N1 and computes AUIDi, M1 and M2 as follows.

1.  M1=hBi⨁N1⨁hPSK

2.  AUIDi= h(N1||UIDi||SIDj)

3.  M2= h(AUIDi||SIDj||Di||N1||Ti)

After computing operations above, the smart card of Ui sends AUIDi, M1, M2 and Di to Sj through a public channel.

2.3.  Authentication phase

step 1.  Sj→Smart Card: {ASIDj,M3,M4, T2}

After receiving the AUIDi, M1, M2 and Di from the smart card of Ui, Sj first checks timestamp T2-T1≦△T. If timestamp is valid, Sj computes following operations.

1.  Ai=Di⨁PSK

2.  N1=M1⨁h2Ai⨁hPSK

3.  M2'= h(AUIDi||SIDj||Di||N1||T1)

If M2' is equal to received M2, Sj recognizes that Ui is a legal user. Then, Sj generates a new random number N2 and continues to calculate M3, M4, ASIDj and SKij as follows.

1.  M3=N2⨁h2N1

2.  M4= h(AUIDi||ASIDj||Di||N1||T1)

3.  ASIDj=h(N2||UIDi||SIDj)

4.  SKij=h(N1||N2||AUIDi||ASIDj)

Then, Sj returns ASIDj, M3, M4 and T2 to the smart card of Ui.

step 2.  Smart Card→Sj:{M5,T3}

After receiving the ASIDj,M3,M4 and T2 from Sj, the smart card of Ui checks timestamp T3-T2≦△T. If timestamp is valid, the smart card of Ui calculates M4' =h(AUIDi||SIDj||Di||N2||T2) and checks whether it is equal to received M4. If they are equal, the smart card of Ui continues to calculate following operations.

1.  SKij=h(N1||N2||AUIDi||ASIDj)

2.  M5=h(SKij||h(N2)||T3)

After calculating above operations, the smart card of Ui transmits M5 and T3 to Sj via a public channel.

step 3.  When receiving the M5 and T3 from the smart card of Ui, Sj first checks T4-T3≦△T. Then, Sj computes M5'=h(SKij||h(N2)||T3) and compares it with received M5. If they are equal, Sj verifies Ui and the session key between Sj and Ui is SKij.

3.  Weaknesses of Choi’s scheme

Choi’s [5] proposed scheme still contains two security issues, which is failed to prevent the smart card loss attacks and provide perfect forward secrecy. Therefore, their scheme also contains a flaw in design for authentication phase. In this section, we make overall analysis and describe as follows.

3.1  Smart card loss attack

In the Choi’s scheme, Sj stores UIDi, h.,Bi,Ci, Di,Ei and Fi into the smart card of Ui while finishing the procedure of registration.

We assume that the attacker picks up Ui's smart card and gets UIDi, h., Bi, Ci, Di, Ei and Fi from it. Then, the attacker intercept the AUIDi, ASIDj, M1 and M3 from the Ui's smart card to Sj, he/she can compute following operations to obtain the session key SKij.

1.  hPWi⨁BIOi=Ci⨁Bi

2.  hPSK=Ei⨁hPWi⨁BIOi

3.  N1=M1⨁hBi⨁hPSK

4.  N2=M3⨁h2N1

5.  SKij=h(N1||N2||AUIDi||ASIDj)

From the result above, it proves that Choi’s proposed scheme is vulnerable to smart card loss attack.

3.2  Lack of perfect forward secrecy

In the Choi’s scheme, all of users share the same hPSK. We suppose that the attacker obtains the Bi which is stored in the smart card of Ui and intercepts the AUIDi, ASIDj, Mp1 and Mp3 in the previous public channel. Then, the attacker can calculate the SKp-ij by following steps.

1.  Np1=Mp1⨁hBi⨁hPSK

2.  Np2=Mp3⨁h2(Np1)

3.  SKp-ij=h(Np1||Np2||AUIDi||ASIDj)

As described above, it proves that Choi’s scheme is still lack of perfect forward secrecy.

3.3  Flaw in design for authentication phase

In the authentication phase, the smart card of Ui sends AUIDi, M1, M2 and Di to server Sj. While receiving the message, Sj first checks the legality of Ui and then calculates ASIDj=h(N2||UIDi||SIDj), M3 and M4. Because Choi claimed that Sj does not maintain the verification table, Sj is failed to calculate ASIDj with UIDi. As mentioned above, it demonstrates that Choi’s scheme includes a flaw in design for authentication phase.

4.  Conclusions

In this paper, we analyze Choi’s proposed scheme in detail and point out that their scheme is still vulnerable to smart card loss attack and lack of perfect forward secrecy. Furthermore, we also discover that Choi’s scheme contains a flaw in design for authentication phase.

References

[1]  B.T. Hsieh, H.T. Yeh, H.M. Sun and C.T. Lin, “Cryptanalysis of a fingerprint-based remote user authentication scheme using smart cards,” In Proceedings of 37th IEEE conference on security technology, pp. 349-350, 2003.

[2]  C.C. Chang and I.C. Lin, “Remarks on fingerprint-based remote user authentication scheme using smart cards,” ACM SIGOPS Operating Systems Review, Vol. 38, No. 4, pp. 91-96, 2004.

[3]  C.H. Lin and Y.Y. Lai, “A flexible biometrics remote user authentication scheme,” Computer Standards & Interfaces, Vol. 27, No. 1, pp. 19-23, 2004.

[4]  D. Yang and B. Yang, “A biometric password-based multi-server authentication scheme with smart card,” IEEE International Conference on Computer Design and Applications, Vol. 5, pp. 554-559, 2010.

[5]  E.J. Yoon and C.J. Yoo, “A robust and flexible biometrics remote user authentication scheme,” International Journal of Innovative Computing, Vol. 8, No. 5(A), pp. 3173-3188, 2012.

[6]  H.K. Yang and Y.H. An, “Security Weaknesses and Improvements of a Fingerprint-based Remote User Authentication Scheme Using Smart Cards,” International Journal of Advancements in Computing Technology(IJACT), Vol. 4, No. 1, pp. 15-23, 2012.

[7]  J.K. Lee, S.R. Ryu and K.Y. Yoo, “Fingerprint-based remote user authentication scheme using smart cards,” Electronics Letters, Vol. 38, No. 12, pp. 554-555, 2002.

[8]  J.L. Tsai, “Efficient multi-server authentication scheme based on one-way hash function without verification table,” computers & security, Vol. 21, pp. 115-121, 2008.

[9]  J. Xu, W.T. Zhu and D.G. Feng, “Improvement of a fingerprint-based remote user authentication scheme,” International Journal of Security and its Aplications(IJNSA), Vol. 2, No. 3, pp. 208, 2008.

[10]  M.C. Chuang and M.C. Chen, “An anonymous multi-server authenticated key agreement scheme based on trust computing using smart cards and biometrics,” Expert Systems with Applications, Vol. 41, No. 4, pp. 1411-1418, 2014.

[11]  M.K. Khan and J. Zhang, “An efficient and practical fingerprint-based remote user authentication scheme with smart cards,” Springer Lecture Notes in Computer Science, Vol. 3903, pp. 260-268, 2006.

[12]  M. Liu and W.G. Shieh, “On the Security of Yoon and Yoo’s Biometrics Remote User Authentication Scheme,” WSEAS Transactions on Information Science and Applications, Vol. 11, pp. 94-103, 2014

[13]  Y. Choi, “Security enhanced anonymous multi-server authenticated key agreement scheme using smart card and biometrics,” Cryptology ePrint Archive, 2014.

[14]  Y.P. Liao and S.S Wang, “A secure dynamic ID based remote user authentication scheme for multi-server environment,” Computer Standards & Interfaces, Vol. 31, pp. 24-29, 2009.

7