TY - JOUR A2 - Yu, Fei AU - Choi, Younsung AU - Nam, Junghyun AU - Lee, Donghoon AU - Kim, Jiye AU - Jung, Jaewook AU - Won, Dongho PY - 2014 DA - 2014/09/08 TI - Security Enhanced Anonymous Multiserver Authenticated Key Agreement Scheme Using Smart Cards and Biometrics SP - 281305 VL - 2014 AB - An anonymous user authentication scheme allows a user, who wants to access a remote application server, to achieve mutual authentication and session key establishment with the server in an anonymous manner. To enhance the security of such authentication schemes, recent researches combined user’s biometrics with a password. However, these authentication schemes are designed for single server environment. So when a user wants to access different application servers, the user has to register many times. To solve this problem, Chuang and Chen proposed an anonymous multiserver authenticated key agreement scheme using smart cards together with passwords and biometrics. Chuang and Chen claimed that their scheme not only supports multiple servers but also achieves various security requirements. However, we show that this scheme is vulnerable to a masquerade attack, a smart card attack, a user impersonation attack, and a DoS attack and does not achieve perfect forward secrecy. We also propose a security enhanced anonymous multiserver authenticated key agreement scheme which addresses all the weaknesses identified in Chuang and Chen’s scheme. SN - 2356-6140 UR - https://doi.org/10.1155/2014/281305 DO - 10.1155/2014/281305 JF - The Scientific World Journal PB - Hindawi Publishing Corporation KW - ER -