ELAKA: Energy-Efficient and Lightweight Multi-Server Authentication and Key Agreement Protocol Based on Dynamic Biometrics

Authentication and key agreement (AKA) provides flexible and convenient sercices. Most traditional AKA protocols are designed to apply in single-server environment, where a user has to register at different servers to access different types of network services and the user have to remember or manage a large number of usernames and passwords. Later, multi-server AKA protocols resolve the repeated registration problem of single-server AKA protocols, where a user can access different servers to get different services using a single registration and the same username and password. Recently, in 2015, Lu et al proposed a light-weight ID based authentication and key agreement protocol for multi-server architecture, referred to as LAKA protocol. They claimed their protocol can overcome all shortcomings which existed in Xue et al’s protocol. Unfortunately, our further research shows that LAKA protocol still suffers from server spoofing attack, stolen smart card attack etc. To overcome the weakness of LAKA protocol, an energy-efficient and lightweight authentication and key agreement protocol for multi-server architecture is proposed (abbreviated to ELAKA). The ELAKA protocol not only provides the security features declared by LAKA protocol, but also has some other advantages. First, the ELAKA protocol can realize authentication and key agreement just by three handshakes with extremely low communication cost and computation cost between users and servers, which can achieve a delicate balance of security and performance. Second, ELAKA protocol can enable the user enjoy the remote services with privacy protection. Finally the ELAKA protocol is proved secure against known possible attacks by using BAN logic. As a result, these features make ELAKA protocol is very suitable for computation-limited mobile devices (such as smartphone, PAD, tablets) in comparison to other related existing protocols.

[1]  Cheng-Chi Lee,et al.  Cryptanalysis of an anonymous multi-server authenticated key agreement scheme using smart cards and biometrics , 2015, 2015 International Conference on Information Networking (ICOIN).

[2]  Subhasish Banerjee,et al.  An Improved Biometric-based Multi-server Authentication Scheme Using Smart Card , 2015 .

[3]  Xiong Li,et al.  Robust Biometrics Based Three-Factor Remote User Authentication Scheme with Key Agreement , 2013, 2013 International Symposium on Biometrics and Security Technologies.

[4]  Muhammad Sher,et al.  An improved and robust biometrics-based three factor authentication scheme for multiserver environments , 2018, The Journal of Supercomputing.

[5]  Shehzad Ashraf Chaudhry A secure biometric based multi-server authentication scheme for social multimedia networks , 2016, Multimedia Tools and Applications.

[6]  Saru Kumari,et al.  An efficient user authentication and key agreement scheme for heterogeneous wireless sensor network tailored for the Internet of Things environment , 2016, Ad Hoc Networks.

[7]  Muhammad Khurram Khan,et al.  An enhanced privacy preserving remote user authentication scheme with provable security , 2015, Secur. Commun. Networks.

[8]  Qing Zhang,et al.  A Novel Serial Multimodal Biometrics Framework Based on Semisupervised Learning Techniques , 2014, IEEE Transactions on Information Forensics and Security.

[9]  Debiao He,et al.  Robust Biometrics-Based Authentication Scheme for Multiserver Environment , 2015, IEEE Systems Journal.

[10]  Cormac Herley,et al.  A large-scale study of web password habits , 2007, WWW '07.

[11]  Lixiang Li,et al.  A Lightweight ID Based Authentication and Key Agreement Protocol for Multiserver Architecture , 2015, Int. J. Distributed Sens. Networks.

[12]  Debiao He,et al.  New biometrics-based authentication scheme for multi-server environment in critical systems , 2015, J. Ambient Intell. Humaniz. Comput..

[13]  Wei Liang,et al.  An Enhancement of a Smart Card Authentication Scheme for Multi-server Architecture , 2015, Wirel. Pers. Commun..

[14]  Hao Lin,et al.  An Improved Lightweight Pseudonym Identity Based Authentication Scheme on Multi-server Environment , 2016 .

[15]  Chunguang Ma,et al.  Robust Smart Card based Password Authentication Scheme against Smart Card Loss Problem , 2012, IACR Cryptol. ePrint Arch..

[16]  Sourav Mukhopadhyay,et al.  A secure user anonymity-preserving biometric-based multi-server authenticated key agreement scheme using smart cards , 2014, Expert Syst. Appl..

[17]  Naveen K. Chilamkurti,et al.  A secure temporal-credential-based mutual authentication and key agreement scheme with pseudo identity for wireless sensor networks , 2015, Inf. Sci..

[18]  Di Xiao,et al.  An efficient and noise resistive selective image encryption scheme for gray images based on chaotic maps and DNA complementary rules , 2014, Multimedia Tools and Applications.

[19]  Peilin Hong,et al.  A lightweight dynamic pseudonym identity based authentication and key agreement protocol without verification tables for multi-server architecture , 2012, J. Comput. Syst. Sci..

[20]  Meng Chang Chen,et al.  An anonymous multi-server authenticated key agreement scheme based on trust computing using smart cards and biometrics , 2014, Expert Syst. Appl..

[21]  Bhiksha Raj,et al.  Privacy-preserving speech processing: cryptographic and string-matching frameworks show promise , 2013, IEEE Signal Processing Magazine.

[22]  Younsung Choi Security Enhanced Anonymous Multiserver Authenticated Key Agreement Scheme Using Smart Cards and Biometrics , 2014, IACR Cryptol. ePrint Arch..

[23]  Shashikala Tapaswi,et al.  Robust Smart Card Authentication Scheme for Multi-server Architecture , 2013, Wireless Personal Communications.

[24]  Na Dong,et al.  Robust password and smart card based authentication scheme with smart card revocation , 2014, Journal of Shanghai Jiaotong University (Science).

[25]  Claus Vielhauer,et al.  Improving Reliability of Biometric Hash Generation through the Selection of Dynamic Handwriting Features , 2012, Trans. Data Hiding Multim. Secur..

[26]  George S. Taylor,et al.  Improving smart card security using self-timed circuits , 2002, Proceedings Eighth International Symposium on Asynchronous Circuits and Systems.

[27]  Vanga Odelu,et al.  A Secure Biometrics-Based Multi-Server Authentication Protocol Using Smart Cards , 2015, IEEE Transactions on Information Forensics and Security.

[28]  Shuenn-Shyang Wang,et al.  A secure dynamic ID based remote user authentication scheme for multi-server environment , 2009, Comput. Stand. Interfaces.

[29]  Hao Lin,et al.  An Improved Anonymous Multi-Server Authenticated Key Agreement Scheme Using Smart Cards and Biometrics , 2015, Wirel. Pers. Commun..

[30]  Yongge Wang,et al.  Password Protected Smart Card and Memory Stick Authentication Against Off-line Dictionary Attacks , 2012, IACR Cryptol. ePrint Arch..

[31]  Muhammad Sher,et al.  An improved and provably secure privacy preserving authentication protocol for SIP , 2017, Peer-to-Peer Netw. Appl..

[32]  Vipul Gupta,et al.  Energy analysis of public-key cryptography for wireless sensor networks , 2005, Third IEEE International Conference on Pervasive Computing and Communications.

[33]  Wen-Chung Kuo,et al.  An Enhanced Secure Anonymous Authentication Scheme Based on Smart Cards and Biometrics for Multi-server Environments , 2015, 2015 10th Asia Joint Conference on Information Security.

[34]  Tugrul Yanik,et al.  A Survey of SIP Authentication and Key Agreement Schemes , 2014, IEEE Communications Surveys & Tutorials.