Affiliations: [a] School of Technology, Pandit Deendayal Petroleum University, Gujarat, India
| [b] School of Engineering, Marwadi University, Gujarat, India
| [c] School of Computing, Sathyabama Institute of Science and Technology, Chennai
Correspondence:
[*]
Corresponding author. Rutvij Jhaveri, School of Technology, Pandit Deendayal Petroleum University, Gujarat, India. E-mail: [email protected].
Note: [1] Chintan Patel and Dhara Joshi are Student authors while Nishant Doshi is the main supervisor in this paper.
Abstract: With the agile development of the Internet era, starting from the message transmission to money transactions, everything is online now. Remote user authentication (RUA) is a mechanism in which a remote server verifies the user’s correctness over the shared or public channel. In this paper, we analyze an RUA scheme proposed by Chen for the multi-server environment and prove that their scheme is not secured. We also find numerous vulnerabilities such as password guessing attack, replay attack, Registration Center (RC) spoofing attack, session key verification attack, and perfect forward secrecy attack for Chen’s scheme. After performing the cryptanalysis of Chen’s scheme, we propose a biometric-based RUA scheme for the same multi-server environment. We prove that the proposed authentication scheme achieves higher security than Chen’s scheme with the use of informal security analysis as well as formal security analysis. The formal security analysis of the proposed scheme is done using a widely adopted random oracle method.
Keywords: Multi-server, smart card, biometrics, three factor authentication
