A robust user anonymity preserving biometric based multi-server authenticated key agreement scheme

Abstract

Due to the intense evolution of IoT (Internet of Things) technology, in which currency notes to bicycles will form a vital part of Internet to exchange their information among the surrounding environments. IoT will definitely consequences in an augmented level of users connecting to the remote servers (via insecure public internet). Connecting through less resource and portable devices requires a light weight, identity preserving and highly secured key agreement and authentication mechanism. In this framework, recently Mishra et al. proposed an anonymity preserving biometric based authentication scheme and claimed that their scheme resists all major cryptographic attacks. In this, manuscript we will demonstrate that, on thorough analysis, Mishra et al. scheme is liable to ‘Forward Secrecy’ attack and based on that, the attacker can realize all key attacks. As a part of our contribution, we will propose a light weight, strongly secure user authentication and key agreement scheme which is best outfits for IoT environment.