论文标题
使用模糊承诺的安全且改进的多服务器身份验证协议
A Secure and Improved Multi Server Authentication Protocol Using Fuzzy Commitment
论文作者
论文摘要
最近,Barman等人。提出了使用模糊承诺的多服务器身份验证协议。作者声称,他们的协议在抵抗所有已知攻击时提供了匿名性。在本文中,我们分析了Barman等人的协议仍然容易受到基于被盗的智能攻击的匿名违规攻击和模仿。此外,它有可伸缩性问题。然后,我们提出了一项改进和增强的协议,以克服Barman等人方案的安全弱点。使用BAN逻辑并广泛接受的自动化AVISPA工具验证了建议的协议的安全性。禁令逻辑和自动化的Avispa以及非正式分析可确保该计划的鲁棒性针对所有已知攻击
Very recently, Barman et al. proposed a multi-server authentication protocol using fuzzy commitment. The authors claimed that their protocol provides anonymity while resisting all known attacks. In this paper, we analyze that Barman et al.'s protocol is still vulnerable to anonymity violation attack and impersonation based on the stolen smart attack; moreover, it has scalability issues. We then propose an improved and enhanced protocol to overcome the security weaknesses of Barman et al.'s scheme. The security of the proposed protocol is verified using BAN logic and widely accepted automated AVISPA tool. The BAN logic and automated AVISPA along with the informal analysis ensures the robustness of the scheme against all known attacks
