Comment on "Provably secure biometric-based client-server secure   communication over unreliable networks"

Mahdi Nikooghadam; Hamid Reza Shahriari

arXiv:2206.13172·cs.CR·June 28, 2022

Comment on "Provably secure biometric-based client-server secure communication over unreliable networks"

Mahdi Nikooghadam, Hamid Reza Shahriari

PDF

Open Access

TL;DR

This paper critically examines Saleem et al.'s 2021 biometric-based protocol, revealing that it fails to ensure perfect forward secrecy, thus questioning its security claims in client-server communications.

Contribution

The paper provides a security analysis demonstrating that Saleem et al.'s protocol does not achieve perfect forward secrecy, highlighting a significant security flaw.

Findings

01

Saleem et al.'s protocol lacks perfect forward secrecy

02

The protocol is vulnerable to certain security attacks

03

Security claims of the protocol are not fully supported

Abstract

In key agreement protocols, the user will send a request to the server and the server will respond to that message. After two-way authentication, a secure session key will be created between them. They use the session key to create a secure channel for communication. In 2021, Saleem et al. proposed a protocol for securing user and server communications, claiming that their proposed protocol meets a variety of security needs and is also resistant to known types of attacks. In this article, we will show that Saleem et al's scheme does not meet the security requirement of perfect forward secrecy.

Peer Reviews

No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.

Videos

No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.

Taxonomy

TopicsBiometric Identification and Security · Advanced Authentication Protocols Security