Privacy Preserving Password-Based Multi-server Authenticated Key Agreement Protocol Using Smart Card

Clint–server based communication mechanism provides climbable environment for online services, where a user can obtain several services at any time and from anywhere via Internet. As Internet is an insecure communication medium, to achieve security and accountability in data transmission, authentication and key agreement protocols are being adopted. Majority of the existing protocols for mutual authentication are designed for single-server environment, which do not present scalable solution for multi-server environment as multiple registrations are required to perform by the user. Additionally, user must maintain multiple secret keys to access multiple application servers. On the contrary, multi-server authentication (MSA) mechanism presents a user-friendly solution to multiple-registration problem. Unfortunately, many MAS schemes consider trusted server environment, whereas some server may be semi-trusted. To address this issue, Kalra and Sood recently proposed MAS scheme, where all servers need not be entrusted. Kalra and Sood’s scheme is feasible for semi-trusted environment. By seeing its importance, we have thoroughly analyzed its security. Unfortunately, we have identified some security flaws in their scheme. Our aim is to overcome the flaws of Kalra and Sood’s scheme, and present privacy protected mutual authentication mechanism for multi-server communication. In this paper, we first pointed out the security failures of Kalra and Sood’s scheme and then proposed an improved MSA scheme to fix those vulnerabilities of existing MSA schemes. Our design is suitable for semi-trusted environment and protects anonymity. Moreover, the performance of the proposed protocol is comparable with the existing protocols.

[1]  Xiaoli Chu,et al.  Energy-Efficient Monitoring in Software Defined Wireless Sensor Networks Using Reinforcement Learning: A Prototype , 2015, Int. J. Distributed Sens. Networks.

[2]  Jian Ma,et al.  An efficient and security dynamic identity based authentication protocol for multi-server architecture using smart cards , 2012, J. Netw. Comput. Appl..

[3]  Sourav Mukhopadhyay,et al.  Cryptanalysis of Pairing-Free Identity-Based Authenticated Key Agreement Protocols , 2013, ICISS.

[4]  Gildas Avoine Radio Frequency Identification: Adversary Model and Attacks on Existing Protocols , 2005 .

[5]  Chin-Chen Chang,et al.  An efficient and secure multi-server password authentication scheme using smart cards , 2004, 2004 International Conference on Cyberworlds.

[6]  Ruhul Amin,et al.  Improving Security of Lightweight Authentication Technique for Heterogeneous Wireless Sensor Networks , 2017, Wirel. Pers. Commun..

[7]  Min-Shiang Hwang,et al.  A new remote user authentication scheme for multi-server architecture , 2003, Future Gener. Comput. Syst..

[8]  Sourav Mukhopadhyay,et al.  A Secure and Robust Smartcard-Based Authentication Scheme for Session Initiation Protocol Using Elliptic Curve Cryptography , 2016, Wireless Personal Communications.

[9]  Kuldip Singh,et al.  A secure dynamic identity based authentication protocol for multi-server architecture , 2011, J. Netw. Comput. Appl..

[10]  Robert H. Sloan,et al.  Examining Smart-Card Security under the Threat of Power Analysis Attacks , 2002, IEEE Trans. Computers.

[11]  Sheetal Kalra,et al.  Advanced remote user authentication protocol for multi-server architecture based on ECC , 2013, J. Inf. Secur. Appl..

[12]  Ahmad Alomari,et al.  Mutual Authentication and Updating the Authentication Key in MANETS , 2014, Wireless Personal Communications.

[13]  Peilin Hong,et al.  A lightweight dynamic pseudonym identity based authentication and key agreement protocol without verification tables for multi-server architecture , 2012, J. Comput. Syst. Sci..

[14]  Wen-Shenq Juang,et al.  Efficient multi-server password authenticated key agreement using smart cards , 2004, IEEE Transactions on Consumer Electronics.

[15]  Etsuo Kawada Authentication Services in Mobile Networks , 2002, Wirel. Pers. Commun..

[16]  Leslie Lamport,et al.  Password authentication with insecure communication , 1981, CACM.

[17]  Min-Shiang Hwang,et al.  A remote password authentication scheme for multiserver architecture using neural networks , 2001, IEEE Trans. Neural Networks.

[18]  Risto Mononen,et al.  Security and Authentication in the Mobile World , 2002, Wirel. Pers. Commun..

[19]  Bin Wang,et al.  A Smart Card Based Efficient and Secured Multi-Server Authentication Scheme , 2012, Wireless Personal Communications.

[20]  Siva Sai Yerubandi,et al.  Differential Power Analysis , 2002 .

[21]  Wei-Kuan Shih,et al.  Improvement of the secure dynamic ID based remote user authentication scheme for multi-server environment , 2009, Comput. Stand. Interfaces.

[22]  Lixiang Li,et al.  A Lightweight ID Based Authentication and Key Agreement Protocol for Multiserver Architecture , 2015, Int. J. Distributed Sens. Networks.

[23]  Debiao He,et al.  Security Flaws in a Smart Card Based Authentication Scheme for Multi-server Environment , 2012, Wireless Personal Communications.

[24]  Sourav Mukhopadhyay,et al.  Design of a lightweight two-factor authentication scheme with smart card revocation , 2015, J. Inf. Secur. Appl..

[25]  Cheng-Chi Lee,et al.  Robust anonymous authentication protocol for health-care applications using wireless medical sensor networks , 2013, Multimedia Systems.

[26]  Shashikala Tapaswi,et al.  Robust Smart Card Authentication Scheme for Multi-server Architecture , 2013, Wireless Personal Communications.

[27]  Wei-Bin Lee,et al.  An efficient and secure multi-server authentication scheme with key agreement , 2012, J. Syst. Softw..

[28]  Shuenn-Shyang Wang,et al.  A secure dynamic ID based remote user authentication scheme for multi-server environment , 2009, Comput. Stand. Interfaces.

[29]  Jia-Lun Tsai,et al.  Efficient multi-server authentication scheme based on one-way hash function without verification table , 2008, Comput. Secur..

[30]  Sourav Mukhopadhyay,et al.  A secure user anonymity-preserving biometric-based multi-server authenticated key agreement scheme using smart cards , 2014, Expert Syst. Appl..

[31]  Dengguo Feng,et al.  An improved smart card based password authentication scheme with provable security , 2009, Comput. Stand. Interfaces.