A secure and robust anonymous three-factor remote user authentication scheme for multi-server environment using ECC

Abstract With the rapid growth of the computer and the Internet technology, various types of services are provided through the Internet such as e-banking, e-rail, e-commerce, online game, etc. Today, they have become an important part of our lives and make life very convenient. However, most of these applications/services operate over an insecure channel therefore authentication is required before permitting the remote access of those services. In this paper, we propose a secure anonymous three-factor based remote user authentication scheme for multi-server environment using ECC . We show that the proposed scheme is accurate and provides mutual authentication and session key agreement securely on the basis of BAN logic. Its formal security analysis, using Random Oracle Model, shows that an attacker cannot retrieve the backbone parameters such as user identity, password, secret keys, and session key. Using informal security analysis, we prove that our scheme defends against various security pitfalls. Additionally, we compare our scheme with other surviving relevant schemes and the comparative results show that our scheme is efficient in terms of computation cost, communication cost, smart card storage cost and estimated time. Specially, the proposed scheme is not only secure against various security threats, but it also facilitates an accurate login phase, robust authentication phase and user friendly password change phase.

[1]  Sourav Mukhopadhyay,et al.  A secure user anonymity-preserving biometric-based multi-server authenticated key agreement scheme using smart cards , 2014, Expert Syst. Appl..

[2]  Muhammad Khurram Khan,et al.  An enhanced multi-server authentication protocol using password and smart-card: cryptanalysis and design , 2016, Secur. Commun. Networks.

[3]  Ruhul Amin,et al.  A Secure Three-Factor User Authentication and Key Agreement Protocol for TMIS With User Anonymity , 2015, Journal of Medical Systems.

[4]  Wenfen Liu,et al.  Cryptanalysis and Improvement of a Robust Smart Card Authentication Scheme for Multi-server Architecture , 2014, Wirel. Pers. Commun..

[5]  Wei Liang,et al.  An Enhancement of a Smart Card Authentication Scheme for Multi-server Architecture , 2015, Wirel. Pers. Commun..

[6]  Muhammad Khurram Khan,et al.  A Standard Mutual Authentication Protocol for Cloud Computing Based Health Care System , 2017, Journal of Medical Systems.

[7]  Guy Merlin Ngounou,et al.  Optimization of Noise in Non-integrated Instrumentation Amplifier for the Amplification of Very Low Electrophisiological Signals. Case of Electro Cardio Graphic Signals (ECG). , 2014, Journal of Medical Systems.

[8]  Muhammad Khurram Khan,et al.  A robust and anonymous patient monitoring system using wireless medical sensor networks , 2018, Future Gener. Comput. Syst..

[9]  Ashok Kumar Das,et al.  An Enhanced Biometric Authentication Scheme for Telecare Medicine Information Systems with Nonce Using Chaotic Hash Function , 2014, Journal of Medical Systems.

[10]  Muhammad Sher,et al.  An improved and robust biometrics-based three factor authentication scheme for multiserver environments , 2018, The Journal of Supercomputing.

[11]  Mohammad S. Obaidat,et al.  Security analysis and design of an efficient ECC-based two-factor password authentication scheme , 2016, Secur. Commun. Networks.

[12]  Ruhul Amin,et al.  Design and Analysis of Bilinear Pairing Based Mutual Authentication and Key Agreement Protocol Usable in Multi-server Environment , 2015, Wirel. Pers. Commun..

[13]  Hari Om,et al.  Cryptanalysis and Extended Three-Factor Remote User Authentication Scheme in Multi-Server Environment , 2017 .

[14]  Jenq-Shiou Leu,et al.  An anonymous mobile user authentication protocol using self-certified public keys based on multi-server architectures , 2014, The Journal of Supercomputing.

[15]  Xiong Li,et al.  Cryptanalysis and Enhancement of Anonymity Preserving Remote User Mutual Authentication and Session Key Agreement Scheme for E-Health Care Systems , 2015, Journal of Medical Systems.

[16]  Muhammad Sher,et al.  A secure and provable multi-server authenticated key agreement for TMIS based on Amin et al. scheme , 2017, Multimedia Tools and Applications.

[17]  Ruhul Amin Cryptanalysis and Efficient Dynamic ID Based Remote User Authentication Scheme in Multi-server Environment Using Smart Card , 2016, Int. J. Netw. Secur..

[18]  Xiong Li,et al.  Cryptanalysis and improvement of a biometrics-based remote user authentication scheme using smart cards , 2011, J. Netw. Comput. Appl..

[20]  Muhammad Khurram Khan,et al.  Design of an anonymity-preserving three-factor authenticated key exchange protocol for wireless sensor networks , 2016, Comput. Networks.

[21]  Hari Om,et al.  Cryptanalysis and Security Enhancement of Three-Factor Remote User Authentication Scheme for Multi-Server Environment , 2017, Int. J. Bus. Data Commun. Netw..

[22]  Ashok Kumar Das,et al.  A Secure User Anonymity-Preserving Three-Factor Remote User Authentication Scheme for the Telecare Medicine Information Systems , 2015, Journal of Medical Systems.

[23]  Martín Abadi,et al.  A logic of authentication , 1990, TOCS.

[24]  Lixiang Li,et al.  A biometrics and smart cards-based authentication scheme for multi-server environments , 2015, Secur. Commun. Networks.

[25]  Debiao He,et al.  An efficient remote user authentication and key agreement protocol for mobile client-server environment from pairings , 2012, Ad Hoc Networks.

[26]  Meng Chang Chen,et al.  An anonymous multi-server authenticated key agreement scheme based on trust computing using smart cards and biometrics , 2014, Expert Syst. Appl..

[27]  Dianli Guo,et al.  Analysis and Improvement of a Robust Smart Card Based-Authentication Scheme for Multi-Server Architecture , 2014, Wirel. Pers. Commun..

[28]  Hari Om,et al.  RSA Based Two-factor Remote User Authentication Scheme with User Anonymity , 2015 .

[29]  Muhammad Khurram Khan,et al.  An Efficient and Practical Smart Card Based Anonymity Preserving User Authentication Scheme for TMIS using Elliptic Curve Cryptography , 2015, Journal of Medical Systems.

[30]  Shashikala Tapaswi,et al.  Robust Smart Card Authentication Scheme for Multi-server Architecture , 2013, Wireless Personal Communications.

[31]  Paul C. Kocher,et al.  Differential Power Analysis , 1999, CRYPTO.

[32]  Ruhul Amin,et al.  An Improved RSA Based User Authentication and Session Key Agreement Protocol Usable in TMIS , 2015, Journal of Medical Systems.

[33]  Chih-Ming Hsiao,et al.  A novel multi-server remote user authentication scheme using self-certified public keys for mobile clients , 2013, Future Gener. Comput. Syst..

[34]  Robert H. Sloan,et al.  Examining Smart-Card Security under the Threat of Power Analysis Attacks , 2002, IEEE Trans. Computers.

[35]  Sourav Mukhopadhyay,et al.  Design of a secure smart card-based multi-server authentication scheme , 2016, J. Inf. Secur. Appl..

[36]  Arup Kumar Pal,et al.  A Secure and Robust Three-Factor Based Authentication Scheme Using RSA Cryptosystem , 2017, Int. J. Bus. Data Commun. Netw..

[37]  Shehzad Ashraf Chaudhry A secure biometric based multi-server authentication scheme for social multimedia networks , 2016, Multimedia Tools and Applications.