In 2014, Choi proposed a security enhanced anonymous multi-server authenticated key agreement scheme using smart card and biometrics and claimed that their scheme could overcome all of securityissues in Chuang-Chen’s scheme, such as impersonation attack, smart card loss attack, denial of service attack and perfect forward secrecy. Unfortunately, we discover that Choi’s proposed scheme is not only still vulnerable to smart card loss attack and lack of perfect forward secrecy, but also contains a flaw in design for authentication phase after our analysis in detail.
In order to solve these securityissues, we propose an enhanced secure anonymous authentication scheme with key agreement based on smart cards and biometrics for multi-server environments in this paper. According to our performance and security analysis, it can prove that our proposed scheme is more efficiency andsecurity in comparison to previous schemes.