Biblio

With the development of IT technology and the generalization of the Internet of Things, smart grid systems combining IoT for efficient power grid construction are being widely deployed. As a form of development for this, edge computing and blockchain technology are being combined with the smart grid. Wang et al. proposed a user authentication scheme to strengthen security in this environment. In this paper, we describe the scheme proposed by Wang et al. and security faults. The first is that it is vulnerable to a side-channel attack, an impersonation attack, and a key material change attack. In addition, their scheme does not guarantee the anonymity of a participant in the smart grid system.

In multi-server environments, remote user authentication is an extremely important issue because it provides authorization while users access their data and services. Moreover, the remote user authentication scheme for multi-server environment has resolved the problem of users needing to manage their different identities and passwords. For this reason, many user authentication schemes for multi-server environments have been proposed in recent years. In 2015, Lu et al. improved Mishra et al.'s scheme, and claimed that their scheme is a more secure and practical remote user authentication for multi-server environments. However, we found that Lu et al.'s scheme is actually insecure and incorrect. In this paper, we demonstrate that their scheme is vulnerable to outsider attack, user forgery attack. We then propose a new biometrics and smart card-based authentication scheme. Finally, we show that our proposed scheme is more secure and supports security properties.