Cryptanalysis and improvement of authentication scheme for roaming service in ubiquitous network

The paper analyzes a recently proposed secure authentication and key agreement scheme for roaming service in a ubiquitous network. In 2018, Lee et al. proposed a biometric-based anonymous authentication scheme for roaming in ubiquitous networks. But, we found that Lee et al. scheme is prone to the off-line dictionary attack when a user's smart device is stolen, replay attack due to static variables and de-synchronization attack when an adversary blocks a message causing failure of authentication mechanism. Further, the scheme lacks no key control property and has incorrect XOR calculation. In the sequel, we presented an improved biometric based scheme to remove the weaknesses in Lee et al.'s scheme, which also does not require an update of identity in every session, hence preventing de-synchronization attack. Also, the security of the proposed schemes were analyzed in a widely accepted random oracle model. Further, computational and communication cost comparisons indicate that our improved scheme is more suitable for ubiquitous networks.