An efficient and secure multi-server authentication scheme with key agreement

Remote user authentication is used to validate the legitimacy of a remote log-in user. Due to the rapid growth of computer networks, many network environments have been becoming multi-server based. Recently, much research has been focused on proposing remote password authentication schemes based on smart cards for securing multi-server environments. Each of these schemes used either a nonce or a timestamp technique to prevent the replay attack. However, using the nonce technique to withstand the replay attack is potentially susceptible to the man-in-the-middle attack. Alternatively, when employing the timestamp method to secure remote password authentication, it will require the cost of implementing clock synchronization. In order to solve the above two issues, this paper proposes a self-verified timestamp technique to help the smart-card-based authentication scheme not only effectively achieve password-authenticated key agreement but also avoid the difficulty of implementing clock synchronization in multi-server environments. A secure authenticated key agreement should accomplish both mutual authentication and session key establishment. Therefore, in this paper we further give the formal proof on the execution of the proposed authenticated key agreement scheme.

[1]  Min-Shiang Hwang,et al.  A remote password authentication scheme for multiserver architecture using neural networks , 2001, IEEE Trans. Neural Networks.

[2]  Charles P. Pfleeger,et al.  Security in computing , 1988 .

[3]  Wen-Shenq Juang,et al.  Robust and Efficient Password-Authenticated Key Agreement Using Smart Cards , 2008, IEEE Transactions on Industrial Electronics.

[4]  Wang Shiuh-Jeng,et al.  Refereed paper: Smart card based secure password authentication scheme , 1996 .

[5]  Wei-Bin Lee,et al.  An enhanced user authentication scheme for multi-server Internet services , 2005, Appl. Math. Comput..

[6]  Jia-Lun Tsai,et al.  Efficient multi-server authentication scheme based on one-way hash function without verification table , 2008, Comput. Secur..

[7]  Shiuh-Pyng Shieh,et al.  Password authentication schemes with smart cards , 1999, Comput. Secur..

[8]  Shyi-Tsong Wu,et al.  A user friendly remote authentication scheme with smart cards , 2003, Comput. Secur..

[9]  Martín Abadi,et al.  A logic of authentication , 1990, TOCS.

[10]  Wei-Bin Lee,et al.  A smart card-based remote scheme for password authentication in multi-server Internet services , 2004, Comput. Stand. Interfaces.

[11]  Hung-Min Sun,et al.  An efficient remote use authentication scheme using smart cards , 2000, IEEE Trans. Consumer Electron..

[12]  Jizhou Sun,et al.  Improvements of Juang 's Password-Authenticated Key Agreement Scheme Using Smart Cards , 2009, IEEE Transactions on Industrial Electronics.

[13]  Chin-Laung Lei,et al.  User authentication scheme with privacy-preservation for multi-server environment , 2009, IEEE Communications Letters.

[14]  Hung-Min Sun,et al.  An Efficient Remote User Authentication Scheme Using Smart Cards , 2000 .

[15]  Chun Chen,et al.  A strong user authentication scheme with smart cards for wireless communications , 2011, Comput. Commun..

[16]  Chin-Chen Chang,et al.  Remote password authentication with smart cards , 1991 .

[17]  Chin-Chen Chang,et al.  Using smart cards to authenticate remote passwords , 1993 .

[18]  Jong Hyuk Park,et al.  Robust one-time password authentication scheme using smart card for home network environment , 2011, Comput. Commun..

[19]  Min-Shiang Hwang,et al.  A new remote user authentication scheme using smart cards , 2000, IEEE Trans. Consumer Electron..

[20]  W.-S. Juang,et al.  Anonymous channel and authentication in wireless communications , 1999, Comput. Commun..

[21]  Frances M. T. Brazier,et al.  Distributed Open Systems , 1994 .

[22]  Robert H. Deng,et al.  A novel privacy preserving authentication and access control scheme for pervasive computing environments , 2006, IEEE Transactions on Vehicular Technology.

[23]  Chin-Chen Chang,et al.  Enhanced authentication scheme with anonymity for roaming service in global mobility networks , 2009, Comput. Commun..

[24]  Min-Shiang Hwang,et al.  A new remote user authentication scheme for multi-server architecture , 2003, Future Gener. Comput. Syst..

[25]  Wen-Shenq Juang,et al.  Efficient multi-server password authenticated key agreement using smart cards , 2004, IEEE Transactions on Consumer Electronics.

[26]  Cheng-Chi Lee,et al.  Security Enhancement on a New Authentication Scheme With Anonymity for Wireless Environments , 2006, IEEE Transactions on Industrial Electronics.

[27]  Hung-Yu Chien,et al.  An Efficient and Practical Solution to Remote Authentication: Smart Card , 2002, Comput. Secur..

[28]  Belden Menkus,et al.  Understanding the use of passwords , 1988, Comput. Secur..

[29]  Kaijun Tan,et al.  Remote password authentication scheme based on cross-product , 1999, Comput. Commun..

[30]  Chih-Lyang Hwang,et al.  A Distributed Active-Vision Network-Space Approach for the Navigation of a Car-Like Wheeled Robot , 2009, IEEE Transactions on Industrial Electronics.

[31]  Jianhua Li,et al.  Anonymity Enhancement on Robust and Efficient Password-Authenticated Key Agreement Using Smart Cards , 2010, IEEE Transactions on Industrial Electronics.

[32]  Alfred C. Weaver,et al.  Distributing Internet services to the network's edge , 2003, IEEE Trans. Ind. Electron..

[33]  George B. Purdy,et al.  A high security log-in procedure , 1974, Commun. ACM.

[34]  Suk Lee,et al.  Worst Case Communication Delay of Real-Time Industrial Switched Ethernet With Multiple Levels , 2006, IEEE Transactions on Industrial Electronics.

[35]  Wen-Shenq Juang,et al.  Efficient password authenticated key agreement using smart cards , 2004, Comput. Secur..