An improved lightweight multiserver authentication scheme

Summary Multiserver authentication complies with the up-to-date requirements of Internet services and latest applications. The multiserver architecture enables the expedient authentication of subscribers on an insecure channel for the delivery of services. The users rely on a single registration of a trusted third party for the procurement of services from various servers. Recently, Chen and Lee, Moon et al, and Wang et al presented multiserver key agreement schemes that are found to be vulnerable to many attacks according to our analysis. The Chen and Lee scheme was found susceptible to impersonation attack, trace attack, stolen smart card attack exposing session key, key-compromise impersonation attack, and inefficient password modification. The Moon et al is susceptible to stolen card attack leading to further attacks, ie, identity guessing, key-compromise impersonation attack, user impersonation attack, and session keys disclosure, while Wang et al is also found to be prone to trace attack, session-specific temporary information attack, key-compromise information attack, and privileged insider attack leading to session key disclosure and user impersonation attacks. We propose an improved protocol countering the indicated weaknesses of these schemes in an equivalent cost. Our scheme demonstrates automated and security analysis on the basis of Burrows-Abadi-Needham logic and also presents the performance evaluation for related schemes.

[1]  Debiao He,et al.  Robust Biometrics-Based Authentication Scheme for Multiserver Environment , 2015, IEEE Systems Journal.

[2]  Morteza Nikooghadam,et al.  Three-Factor Anonymous Authentication and Key Agreement Scheme for Telecare Medicine Information Systems , 2014, Journal of Medical Systems.

[3]  Sourav Mukhopadhyay,et al.  A secure user anonymity-preserving biometric-based multi-server authenticated key agreement scheme using smart cards , 2014, Expert Syst. Appl..

[4]  Morteza Nikooghadam,et al.  A Secure Biometrics Based Authentication with Key Agreement Scheme in Telemedicine Networks for E-Health Services , 2015, Wirel. Pers. Commun..

[5]  Ben Smyth,et al.  ProVerif 1.85: Automatic Cryptographic Protocol Verifier, User Manual and Tutorial , 2011 .

[6]  Loris Nanni,et al.  An improved BioHashing for human authentication , 2007, Pattern Recognit..

[7]  MaJianfeng,et al.  Improvement of robust smart-card-based password authentication scheme , 2015 .

[8]  Xiao Zhang,et al.  Cryptanalysis and Improvement of a Biometric-Based Multi-Server Authentication and Key Agreement Scheme , 2016, PloS one.

[9]  Jongho Moon,et al.  An Improvement of Robust Biometrics-Based Authentication and Key Agreement Scheme for Multi-Server Environments Using Smart Cards , 2015, PloS one.

[10]  Shehzad Ashraf Chaudhry A secure biometric based multi-server authentication scheme for social multimedia networks , 2016, Multimedia Tools and Applications.

[11]  ChaudhryShehzad Ashraf,et al.  An enhanced privacy preserving remote user authentication scheme with provable security , 2015 .

[12]  Jia-Lun Tsai,et al.  Efficient multi-server authentication scheme based on one-way hash function without verification table , 2008, Comput. Secur..

[13]  Muhammad Khurram Khan,et al.  An enhanced privacy preserving remote user authentication scheme with provable security , 2015, Secur. Commun. Networks.

[14]  Cheng-Chi Lee,et al.  A two-factor authentication scheme with anonymity for multi-server environments , 2015, Secur. Commun. Networks.

[15]  Andrew Beng Jin Teoh,et al.  Biohashing: two factor authentication featuring fingerprint data and tokenised random number , 2004, Pattern Recognit..

[16]  Muhammad Sher,et al.  An improved Multi-server Authentication Scheme for Distributed Mobile Cloud Computing Services , 2016, KSII Trans. Internet Inf. Syst..

[17]  Wen-Shenq Juang,et al.  Efficient multi-server password authenticated key agreement using smart cards , 2004, IEEE Transactions on Consumer Electronics.

[18]  Cheng-Chi Lee,et al.  A secure dynamic ID based remote user authentication scheme for multi-server environment using smart cards , 2011, Expert Syst. Appl..

[19]  Chin-Chen Chang,et al.  A Smart Card-based Authentication Scheme Using User Identify Cryptography , 2013, Int. J. Netw. Secur..

[20]  Tugrul Yanik,et al.  A Survey of SIP Authentication and Key Agreement Schemes , 2014, IEEE Communications Surveys & Tutorials.

[21]  Jian Ma,et al.  A novel smart card and dynamic ID based remote user authentication scheme for multi-server environments , 2013, Math. Comput. Model..

[22]  Min-Shiang Hwang,et al.  A remote password authentication scheme for multiserver architecture using neural networks , 2001, IEEE Trans. Neural Networks.

[23]  Chin-Chen Chang,et al.  Remote password authentication with smart cards , 1991 .

[24]  Min-Shiang Hwang,et al.  A new remote user authentication scheme for multi-server architecture , 2003, Future Gener. Comput. Syst..

[25]  Wei-Bin Lee,et al.  An enhanced user authentication scheme for multi-server Internet services , 2005, Appl. Math. Comput..

[26]  Yixian Yang,et al.  Robust Biometrics Based Authentication and Key Agreement Scheme for Multi-Server Environments Using Smart Cards , 2015, PloS one.

[27]  Sherali Zeadally,et al.  Efficient and Anonymous Mobile User Authentication Protocol Using Self-Certified Public Key Cryptography for Multi-Server Architectures , 2016, IEEE Transactions on Information Forensics and Security.

[28]  Jianfeng Ma,et al.  Robust extended chaotic maps-based three-factor authentication scheme preserving biometric template privacy , 2016 .

[29]  Muhammad Sher,et al.  A secure and provable multi-server authenticated key agreement for TMIS based on Amin et al. scheme , 2017, Multimedia Tools and Applications.

[30]  Morteza Nikooghadam,et al.  Security analysis and improvement of two authentication and key agreement schemes for session initiation protocol , 2015, The Journal of Supercomputing.

[31]  Muhammad Sher,et al.  An efficient and anonymous multi-server authenticated key agreement based on chaotic map without engaging Registration Centre , 2016, The Journal of Supercomputing.

[32]  Peng Jiang,et al.  An anonymous and efficient remote biometrics user authentication scheme in a multi server environment , 2014, Frontiers of Computer Science.

[33]  Xiong Li,et al.  A novel and provably secure biometrics-based three-factor remote authentication scheme for mobile client-server networks , 2015, Comput. Electr. Eng..

[34]  Xiong Li,et al.  An enhanced smart card based remote user password authentication scheme , 2013, J. Netw. Comput. Appl..

[35]  Cheng-Chi Lee,et al.  Towards secure and efficient user authentication scheme using smart card for multi-server environments , 2013, The Journal of Supercomputing.

[36]  Jianfeng Ma,et al.  An efficient two-factor user authentication scheme with unlinkability for wireless sensor networks , 2015, Peer-to-Peer Netw. Appl..

[37]  Shuenn-Shyang Wang,et al.  A secure dynamic ID based remote user authentication scheme for multi-server environment , 2009, Comput. Stand. Interfaces.

[38]  Muhammad Sher,et al.  An improved and secure chaotic map based authenticated key agreement in multi-server architecture , 2016, Multimedia Tools and Applications.

[39]  Cheng-Chi Lee,et al.  An extended chaotic-maps-based protocol with key agreement for multiserver environments , 2013, Nonlinear Dynamics.

[40]  Muhammad Khurram Khan,et al.  User authentication schemes for wireless sensor networks: A review , 2015, Ad Hoc Networks.

[41]  Xiong Li,et al.  A user friendly mutual authentication and key agreement scheme for wireless sensor networks using chaotic maps , 2016, Future Gener. Comput. Syst..

[42]  Muhammad Khurram Khan,et al.  Cryptanalysis and improvement of ‘a robust smart‐card‐based remote user password authentication scheme’ , 2014, Int. J. Commun. Syst..

[43]  Wei-Kuan Shih,et al.  Improvement of the secure dynamic ID based remote user authentication scheme for multi-server environment , 2009, Comput. Stand. Interfaces.

[44]  Morteza Nikooghadam,et al.  A lightweight authentication and key agreement protocol preserving user anonymity , 2017, Multimedia Tools and Applications.

[45]  Jianfeng Ma,et al.  Improvement of robust smart‐card‐based password authentication scheme , 2015, Int. J. Commun. Syst..

[46]  Xiong Li,et al.  Single round-trip SIP authentication scheme with provable security for Voice over Internet Protocol using smart card , 2016, Multimedia Tools and Applications.

[47]  Xiong Li,et al.  An improved smart card based authentication scheme for session initiation protocol , 2017, Peer-to-Peer Netw. Appl..

[48]  Xiong Li,et al.  An improved remote user authentication scheme with key agreement , 2014, Comput. Electr. Eng..

[49]  Martín Abadi,et al.  A logic of authentication , 1990, TOCS.

[50]  Muhammad Sher,et al.  An improved and robust biometrics-based three factor authentication scheme for multiserver environments , 2018, The Journal of Supercomputing.

[51]  Muhammad Sher,et al.  An efficient and anonymous Chaotic Map based authenticated key agreement for multi-server architecture , 2016, KSII Trans. Internet Inf. Syst..

[52]  Cheng-Chi Lee,et al.  An Extended Multi-Server-Based User Authentication and Key Agreement Scheme with User Anonymity , 2013, KSII Trans. Internet Inf. Syst..

[53]  Paul C. Kocher,et al.  Differential Power Analysis , 1999, CRYPTO.

[54]  Cheng-Chi Lee,et al.  A Secure Dynamic Identity Based Authentication Protocol with Smart Cards for Multi-Server Architecture , 2015, J. Inf. Sci. Eng..

[55]  Jianfeng Ma,et al.  On the Security of a Privacy-Aware Authentication Scheme for Distributed Mobile Cloud Computing Services , 2018, IEEE Systems Journal.

[56]  Jian Ma,et al.  An efficient and security dynamic identity based authentication protocol for multi-server architecture using smart cards , 2012, J. Netw. Comput. Appl..

[57]  Saru Kumari,et al.  Cryptanalysis and improvement of a robust smart card secured authentication scheme on SIP using elliptic curve cryptography , 2015, Multimedia Tools and Applications.

[58]  Xiong Li,et al.  A Novel Chaotic Maps-Based User Authentication and Key Agreement Protocol for Multi-server Environments with Provable Security , 2016, Wireless Personal Communications.

[59]  Leslie Lamport,et al.  Password authentication with insecure communication , 1981, CACM.