A Novel Multi-Server Authentication Scheme for e-commerce Applications Using Smart Card

Modern life is based on different e-commerce applications for on-line booking tickets, electronic transactions, shopping etc. Smart cards are playing an essential role in many e-commerce applications due to low cost, portability. Remote users can get the benefit of different services using a single smart card in multi-server communication environment. However, this type of system has a major security drawback as the user always shows the same identity to different services and the system becomes vulnerable to many attacks. To eliminate the security problem, we introduce a security token service for secure multi-server authentication scheme using a single electronic identity card in a communication network. For further security, we use Diffie–Hellman DSA key exchange for message protection. Diffie–Hellman is a popular key exchange technique which produces secret key for symmetric encryption for efficient and secure e-commerce transaction.

[1]  Theodore Y. Ts'o,et al.  Kerberos: an authentication service for computer networks , 1994, IEEE Communications Magazine.

[2]  Yixian Yang,et al.  An Efficient Multi-server Password Authenticated Key Agreement Scheme Using Smart Cards , 2007, 2007 International Conference on Multimedia and Ubiquitous Engineering (MUE'07).

[3]  Cheng-Chi Lee,et al.  A secure dynamic ID based remote user authentication scheme for multi-server environment using smart cards , 2011, Expert Syst. Appl..

[4]  Ronggong Song Advanced smart card based password authentication protocol , 2010, Comput. Stand. Interfaces.

[5]  Wei-Kuan Shih,et al.  Improvement of the secure dynamic ID based remote user authentication scheme for multi-server environment , 2009, Comput. Stand. Interfaces.

[6]  J. Hogg Web service security : scenarios, patterns, and implementation guidance for Web services enhancements (WSE) 3.0 , 2005 .

[7]  Behrouz A. Forouzan,et al.  Cryptography and network security , 1998 .

[8]  Deren Chen,et al.  Two Improved Multi-server Authentication Protocols Based on Hash Function and Smart Card , 2010, J. Networks.

[9]  Wei-Kuan Shih,et al.  Security enhancement on an improvement on two remote user authentication schemes using smart cards , 2011, Future Gener. Comput. Syst..

[10]  Chien-Lung Hsu,et al.  Efficient user identification scheme with key distribution preserving anonymity for distributed computer networks , 2004, Comput. Secur..

[11]  Jenq-Shiou Leu,et al.  Efficient and secure dynamic ID-based remote user authentication scheme for distributed systems using smart cards , 2014, IET Inf. Secur..

[12]  Chris J. Mitchell,et al.  Limitations of challenge-response entity authentication , 1989 .

[13]  Min-Shiang Hwang,et al.  A new remote user authentication scheme using smart cards , 2000, IEEE Trans. Consumer Electron..

[14]  Sandeep K. Sood An Improved and Secure Smart Card Based Dynamic Identity Authentication Protocol , 2012, Int. J. Netw. Secur..

[15]  Amit K. Awasthi,et al.  An enhanced remote user authentication scheme using smart cards , 2004, IEEE Transactions on Consumer Electronics.

[16]  Ashutosh Saxena,et al.  A dynamic ID-based remote user authentication scheme , 2004, IEEE Transactions on Consumer Electronics.

[17]  Jia-Lun Tsai,et al.  Efficient multi-server authentication scheme based on one-way hash function without verification table , 2008, Comput. Secur..

[18]  Kakali Chatterjee,et al.  A Secure and Efficient Authentication Protocol in Wireless Sensor Network , 2015, Wirel. Pers. Commun..

[19]  Leslie Lamport,et al.  Password authentication with insecure communication , 1981, CACM.

[20]  Xiaoping Wu,et al.  Cryptanalysis of a Remote User Authentication Scheme Using Smart Cards , 2009, 2009 5th International Conference on Wireless Communications, Networking and Mobile Computing.

[21]  Wei-Bin Lee,et al.  An efficient and secure multi-server authentication scheme with key agreement , 2012, J. Syst. Softw..

[22]  Shuenn-Shyang Wang,et al.  A secure dynamic ID based remote user authentication scheme for multi-server environment , 2009, Comput. Stand. Interfaces.

[23]  Yu Xiuyuan A Modified Remote User Authentication Scheme Using Smart Cards , 2008 .

[24]  Raphael C.-W. Phan Fixing the integrated Diffie-Hellman-DSA key exchange protocol , 2005, IEEE Communications Letters.

[25]  Chin-Chen Chang,et al.  Some Forgery Attacks on a Remote User Authentication Scheme Using Smart Cards , 2003, Informatica.

[26]  Cheng-Chi Lee,et al.  Cryptanalysis of a Secure Dynamic ID Based Remote User Authentication Scheme for Multi-Server Environment , 2009, 2009 Fourth International Conference on Innovative Computing, Information and Control (ICICIC).

[27]  Jia-Lun Tsai,et al.  New dynamic ID authentication scheme using smart cards , 2010, Int. J. Commun. Syst..