Anonymous biometrics-based authentication scheme with key distribution for mobile multi-server environment

Significant advances in wireless communication technologies have led to the emergence and proliferation of a wide range of mobile devices and mobile services. However, the use of various cloud servers has made the traditional single-server architecture, where we have one server and many users, inefficient in terms of its performance. To address this drawback, multi-server architectures have been proposed. Password or smart card-based authentication schemes suffer from poor security in the multi-server environment and as a result biometrics have become a preferred choice for secure and robust authentication because of its close link with the physical characteristics of an individual. Recently Kumari and Li et al. proposed a biometrics-based authentication scheme for multi-server environment. However, we found that their scheme fails to meet user anonymity requirement and is vulnerable to several attacks. Therefore, first of our work, we describe the various possible attacks on the previous scheme. Then, to enhance user anonymity, we propose a new biometrics-based authentication scheme with key distribution for the mobile multi-server environment. Our proposed scheme is based on smart card and elliptic curve cryptosystem. Informal and formal security analyses demonstrate that our scheme can satisfy the security and functional requirements in the mobile multi-server environment. Moreover, performance results (such as computation and communication cost) obtained with our proposed scheme demonstrate significant improvements in the level of security.