Key Laboratory of Mathematics, Informatics and Behavioral Semantics, Ministry of Education, Beihang University, Beijing, China.
School of Mathematics and Systems Science, Beihang University, Beijing 100191, China.
PLoS One. 2018 Mar 13;13(3):e0194093. doi: 10.1371/journal.pone.0194093. eCollection 2018.
According to advancements in the wireless technologies, study of biometrics-based multi-server authenticated key agreement schemes has acquired a lot of momentum. Recently, Wang et al. presented a three-factor authentication protocol with key agreement and claimed that their scheme was resistant to several prominent attacks. Unfortunately, this paper indicates that their protocol is still vulnerable to the user impersonation attack, privileged insider attack and server spoofing attack. Furthermore, their protocol cannot provide the perfect forward secrecy. As a remedy of these aforementioned problems, we propose a biometrics-based authentication and key agreement scheme for multi-server environments. Compared with various related schemes, our protocol achieves the stronger security and provides more functionality properties. Besides, the proposed protocol shows the satisfactory performances in respect of storage requirement, communication overhead and computational cost. Thus, our protocol is suitable for expert systems and other multi-server architectures. Consequently, the proposed protocol is more appropriate in the distributed networks.
根据无线技术的进步,基于生物特征的多服务器认证密钥协商方案的研究已经取得了很大的进展。最近,Wang 等人提出了一种具有密钥协商的三因素认证协议,并声称他们的方案能够抵抗几种突出的攻击。不幸的是,本文指出他们的协议仍然容易受到用户冒充攻击、特权内部攻击和服务器欺骗攻击。此外,他们的协议不能提供完美的前向保密性。为了解决这些问题,我们提出了一种用于多服务器环境的基于生物特征的认证和密钥协商方案。与各种相关方案相比,我们的协议具有更强的安全性,并提供了更多的功能特性。此外,所提出的协议在存储要求、通信开销和计算成本方面表现出了令人满意的性能。因此,我们的协议适用于专家系统和其他多服务器架构。因此,所提出的协议更适合分布式网络。
