Advanced remote user authentication protocol for multi-server architecture based on ECC

We have reached an era where desired web services are available over the networks by click of a button. In such a scenario, remote user authentication plays the most important role in identifying the legitimate users of a web service on the Internet. Researchers have proposed a number of password based authentication schemes which rely on single server for authentication. But, with tremendous advancements in technology, it is possible to engage multiple servers in authenticating their clients in order to achieve better security. In this paper, we propose an efficient password based authentication protocol for multi-server architecture. The protocol provides mutual authentication using smart card and is based on Elliptic Curve Cryptography, therefore offers best security at a low cost. In 2011, Sood et al. proposed a multi-server architecture protocol using smart cards. In this paper, we improve Sood et al. scheme by increasing its security and reducing the computation cost. The protocol is based on the concept of dynamic identity that uses a nonce based system and has no time synchronization problem.

[1]  Chin-Chen Chang,et al.  An efficient and secure multi-server password authentication scheme using smart cards , 2004, 2004 International Conference on Cyberworlds.

[2]  Eun-Jun Yoon,et al.  Improving the Dynamic ID-Based Remote Mutual Authentication Scheme , 2006, OTM Workshops.

[3]  Robert H. Sloan,et al.  Examining Smart-Card Security under the Threat of Power Analysis Attacks , 2002, IEEE Trans. Computers.

[4]  Cheng-Chi Lee,et al.  Security enhancement for a dynamic ID-based remote user authentication scheme , 2005, International Conference on Next Generation Web Services Practices (NWeSP'05).

[5]  Burton S. Kaliski,et al.  Server-assisted generation of a strong secret from a password , 2000, Proceedings IEEE 9th International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises (WET ICE 2000).

[6]  Wen-Shenq Juang,et al.  Efficient multi-server password authenticated key agreement using smart cards , 2004, IEEE Transactions on Consumer Electronics.

[7]  Hung-Yu Chien,et al.  A remote authentication scheme preserving user anonymity , 2005, 19th International Conference on Advanced Information Networking and Applications (AINA'05) Volume 1 (AINA papers).

[8]  Min-Shiang Hwang,et al.  A new remote user authentication scheme for multi-server architecture , 2003, Future Gener. Comput. Syst..

[9]  Markus Jakobsson,et al.  Threshold password-authenticated key exchange: (Extended abstract) , 2002, CRYPTO 2002.

[10]  Chin-Laung Lei,et al.  Robust authentication and key agreement scheme preserving the privacy of secret key , 2011, Comput. Commun..

[11]  Ashutosh Saxena,et al.  A dynamic ID-based remote user authentication scheme , 2004, IEEE Transactions on Consumer Electronics.

[12]  Ari Juels,et al.  A New Two-Server Approach for Authentication with Short Secrets , 2003, USENIX Security Symposium.

[13]  Wei-Kuan Shih,et al.  Improvement of the secure dynamic ID based remote user authentication scheme for multi-server environment , 2009, Comput. Stand. Interfaces.

[14]  Chin-Chen Chang,et al.  An ID-based remote mutual authentication with key agreement scheme for mobile devices on elliptic curve cryptosystem , 2009, Comput. Secur..

[15]  Sung Jin Kim,et al.  Differential Power Analysis for AES , 2004 .

[16]  Kuldip Singh,et al.  A secure dynamic identity based authentication protocol for multi-server architecture , 2011, J. Netw. Comput. Appl..

[17]  Wen-Shenq Juang,et al.  Robust and Efficient Password-Authenticated Key Agreement Using Smart Cards , 2008, IEEE Transactions on Industrial Electronics.

[18]  Vincent Rijmen,et al.  Cryptography on smart cards , 2001, Comput. Networks.

[19]  Shuenn-Shyang Wang,et al.  A secure dynamic ID based remote user authentication scheme for multi-server environment , 2009, Comput. Stand. Interfaces.

[20]  Sandeep K. Sood,et al.  Secure Dynamic Identity-Based Authentication Scheme Using Smart Cards , 2011, Inf. Secur. J. A Glob. Perspect..

[21]  David P. Jablon Password Authentication Using Multiple Servers , 2001, CT-RSA.

[22]  Jia-Lun Tsai,et al.  Efficient multi-server authentication scheme based on one-way hash function without verification table , 2008, Comput. Secur..

[23]  Yixian Yang,et al.  An Efficient Multi-server Password Authenticated Key Agreement Scheme Using Smart Cards , 2007, 2007 International Conference on Multimedia and Ubiquitous Engineering (MUE'07).

[24]  Md. Enamul Kabir,et al.  Microdata Protection Method Through Microaggregation: A Median-Based Approach , 2011, Inf. Secur. J. A Glob. Perspect..