Abstract The paper analyzes a recently proposed secure authentication and key agreement scheme for roaming service in a ubiquitous network. In 2018, Lee et al. proposed a biometric-based anonymous authentication scheme for roaming in ubiquitous networks. But, we found that Lee et al. scheme is prone to the off-line dictionary attack when a user’s smart device is stolen, replay attack due to static variables and de-synchronization attack when an adversary blocks a message causing failure of authentication mechanism. Further, the scheme lacks no key control property and has incorrect XOR calculation. In the sequel, we presented an improved biometric based scheme to remove the weaknesses in Lee et al.’s scheme, which also does not require an update of identity in every session, hence preventing de-synchronization attack. Also, the security of the proposed schemes were analyzed in a widely accepted random oracle model. Further, computational and communication cost comparisons indicate that our improved scheme is more suitable for ubiquitous networks.

中文翻译：

---

泛在网络漫游业务认证方案的密码分析与改进

摘要 本文分析了最近提出的一种泛在网络漫游服务的安全认证和密钥协商方案。2018 年，Lee 等人。提出了一种基于生物特征的匿名身份验证方案，用于在泛在网络中漫游。但是，我们发现 Lee 等人。该方案容易出现用户智能设备被盗时的离线字典攻击、静态变量导致的重放攻击以及对手阻止消息时的去同步攻击导致身份验证机制失败。此外，该方案缺乏关键控制特性，并且XOR计算不正确。在续集中，我们提出了一种改进的基于生物识别的方案，以消除 Lee 等人方案中的弱点，该方案也不需要在每个会话中更新身份，从而防止去同步攻击。还，在广泛接受的随机预言机模型中分析了所提出方案的安全性。此外，计算和通信成本的比较表明我们改进的方案更适合泛在网络。