Nagaram Pradeep Kumar Goud, P. Ramesh Reddy


Within our plan, a session secret is only accessible towards the interacting parties (user and server), which is unknown either to the registration center varieties. Within this paper, we first evaluate He-Wang’s plan and reveal that their plan is susceptible to a known session specific temporary information attack and impersonation attack. Additionally, we reveal that their plan doesn't provide strong user’s anonymity. In addition, He-Wang’s plan cannot supply the user revocation facility once the wise card sheds or taken or user’s authentication parameter is revealed. While using Burrows-Abadi-Needham logic, we reveal that our plan provides secure authentication. Additionally, we simulate our plan for that formal security verification while using broadly recognized and used automated validation of Internet security software methods and programs tool, and reveal that our plan is safe against passive and active attacks. Our plan provides high security together with low communication cost, computational cost, and number of security measures. Aside from these, He-Wang’s plan has some design flaws, for example wrong password login and it is effects and wrong password update during password change phase. Then we propose a brand new secure multi-server authentication protocol using biometric-based wise card and ECC with increased security benefits. Consequently, our plan is extremely appropriate for battery-limited mobile products as in comparison with He-Wang’s plan.


Smart Card; BAN Logic; Security; Authentication; Revocation And Re-Registration


E. Brickell and J. Li, “Enhanced privacy ID: A direct anonymous attestation scheme with enhanced revocation capabilities,” IEEE Trans. Dependable Secure Compute., vol. 9, no. 3, pp. 345–360, May/Jun. 2012.

L.-H. Li, I.-C. Lin, and M.-S. Hwang, “A remote password authentication scheme for multiserver architecture using neural networks,” IEEE Trans. Neural Netw., vol. 12, no. 6, pp. 1498–1504, Nov. 2001.

S. Wu, Y. Zhu, and Q. Pu, “Robust smart-cards-based user authentication scheme with user anonymity,” Secur. Commun. Netw., vol. 5, no. 2, pp. 236–248, 2012.

D. He and D. Wang, “Robust biometrics-based authentication scheme for multiserver environment,” IEEE Syst. J., to be published.

R.-C. Wang, W.-S. Juang, and C.-L. Lei, “User authentication scheme with privacy-preservation for multi-server environment,” IEEE Commun. Lett., vol. 13, no. 2, pp. 157–159, Feb. 2009.

Full Text: PDF


  • There are currently no refbacks.

Copyright © 2012 - 2021, All rights reserved.| ijitr.com

Creative Commons License
International Journal of Innovative Technology and Research is licensed under a Creative Commons Attribution 3.0 Unported License.Based on a work at IJITR , Permissions beyond the scope of this license may be available at http://creativecommons.org/licenses/by/3.0/deed.en_GB.