An efficient three factor-based authentication scheme in multiserver environment using ECC

Correspondence Rifaqat Ali, Department of Computer Science and Engineering, Indian Institute of Technology (ISM), Dhanbad, Jharkhand-826004, India. Email: rifaqatali27@gmail.com Summary Recently, Li et al have developed a smartcard-based remote user authentication scheme in multiserver environment. They have claimed that their scheme is secured against some possible cryptographic attacks. However, we have analyzed that the scheme of Li et al cannot preserve all the proclaimed security goals, which are given as follows: (1) It is not withstanding password-guessing, user impersonation, insider, and smartcard theft attacks, and (2) it fails to facilitate user anonymity property. To remedy these above-mentioned security flaws, we have proposed an efficient three factor–based authentication scheme in a multiserver environment using elliptic curve cryptography. The Burrows-Abadi-Needham logic is used to confirm the security validation of our scheme, which ensures that it provides mutual-authentication and session-key agreement securely. Then, the random oracle model is also considered to analyze the proposed scheme, and it shows that the backbone parameters, ie, identity, password, biometrics, and the session key, are secure from an adversary. Further, the informal security analysis confirms that the suggested scheme can withstand against some possible mentioned attacks. Later, the Automated Validation of Internet Security Protocols and Applications tool is incorporated to ensure its security against passive and active attacks. Finally, the performance comparison of the scheme is furnished to confirm its enhanced security with other relevant schemes.

[1]  Wei Liang,et al.  An Enhancement of a Smart Card Authentication Scheme for Multi-server Architecture , 2015, Wirel. Pers. Commun..

[2]  Paul C. Kocher,et al.  Differential Power Analysis , 1999, CRYPTO.

[3]  Hari Om,et al.  A secure and robust anonymous three-factor remote user authentication scheme for multi-server environment using ECC , 2017, Comput. Commun..

[4]  Wei-Kuan Shih,et al.  Improvement of the secure dynamic ID based remote user authentication scheme for multi-server environment , 2009, Comput. Stand. Interfaces.

[5]  Hari Om,et al.  Cryptanalysis and Extended Three-Factor Remote User Authentication Scheme in Multi-Server Environment , 2017 .

[6]  Jenq-Shiou Leu,et al.  An anonymous mobile user authentication protocol using self-certified public keys based on multi-server architectures , 2014, The Journal of Supercomputing.

[7]  Xiong Li,et al.  A provably secure biometrics-based authenticated key agreement scheme for multi-server environments , 2017, Multimedia Tools and Applications.

[8]  Jian Ma,et al.  An efficient and security dynamic identity based authentication protocol for multi-server architecture using smart cards , 2012, J. Netw. Comput. Appl..

[9]  Peilin Hong,et al.  A lightweight dynamic pseudonym identity based authentication and key agreement protocol without verification tables for multi-server architecture , 2012, J. Comput. Syst. Sci..

[10]  Ruhul Amin,et al.  An Improved RSA Based User Authentication and Session Key Agreement Protocol Usable in TMIS , 2015, Journal of Medical Systems.

[11]  Arup Kumar Pal,et al.  A Secure and Robust Three-Factor Based Authentication Scheme Using RSA Cryptosystem , 2017, Int. J. Bus. Data Commun. Netw..

[12]  Jian Ma,et al.  A novel smart card and dynamic ID based remote user authentication scheme for multi-server environments , 2013, Math. Comput. Model..

[13]  Ping Wang,et al.  Preserving privacy for free: Efficient and provably secure two-factor authentication scheme with user anonymity , 2015, Inf. Sci..

[14]  Hari Om,et al.  Cryptanalysis and Security Enhancement of Three-Factor Remote User Authentication Scheme for Multi-Server Environment , 2017, Int. J. Bus. Data Commun. Netw..

[15]  Hao Lin,et al.  An Improved Anonymous Multi-Server Authenticated Key Agreement Scheme Using Smart Cards and Biometrics , 2015, Wirel. Pers. Commun..

[16]  B. B. Zaidan,et al.  An Enhanced Security Solution for Electronic Medical Records Based on AES Hybrid Technique with SOAP/XML and SHA-1 , 2013, Journal of Medical Systems.

[17]  Chin-Laung Lei,et al.  Robust authentication and key agreement scheme preserving the privacy of secret key , 2011, Comput. Commun..

[18]  Danny Dolev,et al.  On the security of public key protocols , 1981, 22nd Annual Symposium on Foundations of Computer Science (sfcs 1981).

[19]  A. K. Pal,et al.  Three-Factor-Based Confidentiality-Preserving Remote User Authentication Scheme in Multi-server Environment , 2017 .

[20]  Ping Wang,et al.  The Request for Better Measurement: A Comparative Evaluation of Two-Factor Authentication Schemes , 2016, AsiaCCS.

[21]  Ding Wang,et al.  Robust Smart Card based Password Authentication Scheme against Smart Card Security Breach ⋆ , 2012 .

[22]  Vanga Odelu,et al.  A secure and efficient ECC-based user anonymity preserving single sign-on scheme for distributed computer networks , 2015, Secur. Commun. Networks.

[23]  Xiong Li,et al.  A robust biometrics based three-factor authentication scheme for Global Mobility Networks in smart city , 2017, Future Gener. Comput. Syst..

[24]  Siew Woh Choo,et al.  Characterisation of Drosophila Ubx CPTI000601 and hth CPTI000378 Protein Trap Lines , 2014, TheScientificWorldJournal.

[25]  Debiao He,et al.  Robust Biometrics-Based Authentication Scheme for Multiserver Environment , 2015, IEEE Systems Journal.

[26]  Mauro Conti,et al.  A secure user authentication and key-agreement scheme using wireless sensor networks for agriculture monitoring , 2017, Future Gener. Comput. Syst..

[27]  Kuldip Singh,et al.  A secure dynamic identity based authentication protocol for multi-server architecture , 2011, J. Netw. Comput. Appl..

[28]  Sourav Mukhopadhyay,et al.  A secure user anonymity-preserving biometric-based multi-server authenticated key agreement scheme using smart cards , 2014, Expert Syst. Appl..

[29]  Jongho Moon,et al.  Security enhanced multi-factor biometric authentication scheme using bio-hash function , 2017, PloS one.

[30]  Ping Wang,et al.  Anonymous Two-Factor Authentication in Distributed Systems: Certain Goals Are Beyond Attainment , 2015, IEEE Transactions on Dependable and Secure Computing.

[31]  Ruhul Amin,et al.  A Secure Three-Factor User Authentication and Key Agreement Protocol for TMIS With User Anonymity , 2015, Journal of Medical Systems.

[32]  Ping Wang,et al.  Offline Dictionary Attack on Password Authentication Schemes Using Smart Cards , 2013, ISC.

[33]  Yixian Yang,et al.  Robust Biometrics Based Authentication and Key Agreement Scheme for Multi-Server Environments Using Smart Cards , 2015, PloS one.

[34]  Wenfen Liu,et al.  Cryptanalysis and Improvement of a Robust Smart Card Authentication Scheme for Multi-server Architecture , 2014, Wirel. Pers. Commun..

[35]  Shuenn-Shyang Wang,et al.  A secure dynamic ID based remote user authentication scheme for multi-server environment , 2009, Comput. Stand. Interfaces.

[36]  Athanasios V. Vasilakos,et al.  Secure Biometric-Based Authentication Scheme Using Chebyshev Chaotic Map for Multi-Server Environment , 2018, IEEE Transactions on Dependable and Secure Computing.

[37]  Ping Wang,et al.  Understanding security failures of two-factor authentication schemes for real-time applications in hierarchical wireless sensor networks , 2014, Ad Hoc Networks.

[38]  Yurii B. Shvetsov,et al.  Common Genetic Variation In Cellular Transport Genes and Epithelial Ovarian Cancer (EOC) Risk , 2015, PloS one.

[39]  Tieyan Li,et al.  Analyzing a Family of Key Protection Schemes against Modification Attacks , 2011, IEEE Transactions on Dependable and Secure Computing.

[40]  Kuo-Hui Yeh,et al.  A Provably Secure Multi-server Based Authentication Scheme , 2014, Wirel. Pers. Commun..

[41]  Yuefei Zhu,et al.  Robust smart-cards-based user authentication scheme with user anonymity , 2012, Secur. Commun. Networks.

[42]  Robert H. Sloan,et al.  Examining Smart-Card Security under the Threat of Power Analysis Attacks , 2002, IEEE Trans. Computers.

[43]  Ashok Kumar Das,et al.  An Improved and Effective Secure Password-Based Authentication and Key Agreement Scheme Using Smart Cards for the Telecare Medicine Information System , 2013, Journal of Medical Systems.

[44]  Hari Om,et al.  A Secure Two-Factor Remote User Authentication and Session Key Agreement Scheme , 2016, Int. J. Bus. Data Commun. Netw..

[45]  Chunguang Ma,et al.  Security flaws in two improved remote user authentication schemes using smart cards , 2014, Int. J. Commun. Syst..

[46]  M. Sommer,et al.  Early menarche: A systematic review of its effect on sexual and reproductive health in low- and middle-income countries , 2017, PloS one.

[47]  Muhammad Khurram Khan,et al.  Design of an anonymity-preserving three-factor authenticated key exchange protocol for wireless sensor networks , 2016, Comput. Networks.

[48]  Younsung Choi Security Enhanced Anonymous Multiserver Authenticated Key Agreement Scheme Using Smart Cards and Biometrics , 2014, IACR Cryptol. ePrint Arch..

[49]  Dheerendra Mishra,et al.  Design and Analysis of a Provably Secure Multi-server Authentication Scheme , 2016, Wirel. Pers. Commun..

[50]  Sourav Mukhopadhyay,et al.  A secure and efficient ECC-based user anonymity-preserving session initiation authentication protocol using smart card , 2014, Peer-to-Peer Networking and Applications.

[51]  Xiong Li,et al.  Anonymous mutual authentication and key agreement scheme for wearable sensors in wireless body area networks , 2017, Comput. Networks.

[52]  Martín Abadi,et al.  A logic of authentication , 1990, TOCS.

[53]  Fan Wu,et al.  An Enhanced and Provably Secure Chaotic Map-Based Authenticated Key Agreement in Multi-Server Architecture , 2017, Arabian Journal for Science and Engineering.

[54]  Robert H. Deng,et al.  A Generic Framework for Three-Factor Authentication: Preserving Security and Privacy in Distributed Systems , 2011, IEEE Transactions on Parallel and Distributed Systems.

[55]  Jianfeng Ma,et al.  An Efficient Ticket Based Authentication Protocol with Unlinkability for Wireless Access Networks , 2014, Wirel. Pers. Commun..

[56]  Shashikala Tapaswi,et al.  Robust Smart Card Authentication Scheme for Multi-server Architecture , 2013, Wireless Personal Communications.

[57]  Meng Chang Chen,et al.  An anonymous multi-server authenticated key agreement scheme based on trust computing using smart cards and biometrics , 2014, Expert Syst. Appl..

[58]  Dianli Guo,et al.  Analysis and Improvement of a Robust Smart Card Based-Authentication Scheme for Multi-Server Architecture , 2014, Wirel. Pers. Commun..

[59]  Hari Om,et al.  An Efficient Two-Factor Remote User Authentication and Session Key Agreement Scheme Using Rabin Cryptosystem , 2017, Arabian Journal for Science and Engineering.

[60]  Jung-San Lee,et al.  Selective scalable secret image sharing with verification , 2015, Multimedia Tools and Applications.

[61]  Chunguang Ma,et al.  Cryptanalysis of Two Dynamic ID-Based Remote User Authentication Schemes for Multi-server Architecture , 2012, NSS.

[62]  Ping Wang,et al.  Two Birds with One Stone: Two-Factor Authentication with Security Beyond Conventional Bound , 2018, IEEE Transactions on Dependable and Secure Computing.

[63]  Andrew Beng Jin Teoh,et al.  Biohashing: two factor authentication featuring fingerprint data and tokenised random number , 2004, Pattern Recognit..

[64]  Stark C. Draper,et al.  Secure Biometrics: Concepts, Authentication Architectures, and Challenges , 2013, IEEE Signal Processing Magazine.

[65]  Weiwei Han Weaknesses of a dynamic identity based authentication protocol for multi-server architecture , 2012, ArXiv.

[66]  Hari Om,et al.  Cryptanalysis and improvement of a biometric‐based remote user authentication protocol usable in a multiserver environment , 2017, Trans. Emerg. Telecommun. Technol..