A robust and efficient dynamic identity-based multi-server authentication scheme using smart cards

In single-server architecture, one service is maintained by one server. If a user wants to employ multiple services from different servers, he/she needs to register with these servers and to memorize numerous pairs of identities and passwords corresponding to each server. In order to improve user convenience, many authentication schemes have been provided for multi-server environment with the property of single registration. In 2013, Li et al. provided an efficient multi-server authentication scheme, which they contended that it could resist several attacks. Nevertheless, we find that their scheme is sensitive to the forgery attack and has a design flaw. This paper presents a more secure dynamic identity-based multi-server authentication scheme in order to solve the problem in the scheme by Li et al. Analyses show that the proposed scheme can preclude several attacks and support the revocation of anonymity to handle the malicious behavior of a legal user. Furthermore, our proposed scheme has a lower computation and communication costs, which make it is more suitable for practical applications. Copyright © 2014 John Wiley & Sons, Ltd.

[1]  Wei-Chi Ku,et al.  Weaknesses and improvements of an efficient password based remote user authentication scheme using smart cards , 2004, IEEE Transactions on Consumer Electronics.

[2]  Cheng-Chi Lee,et al.  A secure dynamic ID based remote user authentication scheme for multi-server environment using smart cards , 2011, Expert Syst. Appl..

[3]  Ya-Fen Chang,et al.  Untraceable dynamic-identity-based remote user authentication scheme with verifiable password update , 2014, Int. J. Commun. Syst..

[4]  Shiuh-Pyng Shieh,et al.  Password authentication schemes with smart cards , 1999, Comput. Secur..

[5]  Wei Liang,et al.  Cryptanalysis of a dynamic identity‐based remote user authentication scheme with verifiable password update , 2015, Int. J. Commun. Syst..

[6]  Leslie Lamport,et al.  Password authentication with insecure communication , 1981, CACM.

[7]  Martín Abadi,et al.  A logic of authentication , 1990, TOCS.

[8]  Tzonelih Hwang,et al.  Non-interactive password authentications without password tables , 1990, IEEE TENCON'90: 1990 IEEE Region 10 Conference on Computer and Communication Systems. Conference Proceedings.

[9]  Jianmin Wang,et al.  Efficient remote mutual authentication and key agreement , 2006, Comput. Secur..

[10]  Mihir Bellare,et al.  Entity Authentication and Key Distribution , 1993, CRYPTO.

[11]  Wen-Shenq Juang,et al.  Efficient password authenticated key agreement using smart cards , 2004, Comput. Secur..

[12]  Claude E. Shannon,et al.  Communication theory of secrecy systems , 1949, Bell Syst. Tech. J..

[13]  Jian Ma,et al.  An efficient and security dynamic identity based authentication protocol for multi-server architecture using smart cards , 2012, J. Netw. Comput. Appl..

[14]  Wei-Kuan Shih,et al.  Improvement of the secure dynamic ID based remote user authentication scheme for multi-server environment , 2009, Comput. Stand. Interfaces.

[15]  Hung-Yu Chien,et al.  An Efficient and Practical Solution to Remote Authentication: Smart Card , 2002, Comput. Secur..

[16]  Wen-Shenq Juang,et al.  Efficient multi-server password authenticated key agreement using smart cards , 2004, IEEE Transactions on Consumer Electronics.

[17]  Yuh-Min Tseng,et al.  Towards generalized ID-based user authentication for mobile multi-server environment , 2012, Int. J. Commun. Syst..

[18]  Shuenn-Shyang Wang,et al.  A secure dynamic ID based remote user authentication scheme for multi-server environment , 2009, Comput. Stand. Interfaces.

[19]  Chin-Chen Chang,et al.  An efficient and secure multi-server password authentication scheme using smart cards , 2004, 2004 International Conference on Cyberworlds.

[20]  Min-Shiang Hwang,et al.  A new remote user authentication scheme for multi-server architecture , 2003, Future Gener. Comput. Syst..

[21]  Martín Abadi,et al.  Authentication: A Practical Study in Belief and Action , 1988, TARK.

[22]  Hung-Min Sun,et al.  An efficient remote use authentication scheme using smart cards , 2000, IEEE Trans. Consumer Electron..

[23]  Kuldip Singh,et al.  A secure dynamic identity based authentication protocol for multi-server architecture , 2011, J. Netw. Comput. Appl..

[24]  Jian Ma,et al.  A novel smart card and dynamic ID based remote user authentication scheme for multi-server environments , 2013, Math. Comput. Model..

[25]  Min-Shiang Hwang,et al.  A remote password authentication scheme for multiserver architecture using neural networks , 2001, IEEE Trans. Neural Networks.

[26]  Yingjiu Li,et al.  Cryptanalysis of Hsiang-Shih's authentication scheme for multi-server architecture , 2011, Int. J. Commun. Syst..

[27]  Cheng-Chi Lee,et al.  A simple remote user authentication scheme , 2002 .