A Three-Factor Remote Authentication Scheme for Multi-server Environment

In this paper, we investigate Chen et al. biometrics-based remote user authentication scheme and find that it cannot validate the correctness of the password, complete the storage and verification of the password, and vulnerable to anonymity attacks, smart card stolen attacks and forgery attacks. To remedy these flaws, we propose an improved three-factor remote authentication scheme based on smart cards. It can implement mutual authentication and generate session keys to effectively improve security in multi-server environments. The proposed scheme can resist smart card attack, anonymity attack, forgery attack and other attacks. In addition, the proposed scheme costs \(5T_{h}\) more compare to Chen et al. work and less computation complexity compared with other schemes.

[1]  Chin-Chen Chang,et al.  An efficient and secure multi-server password authentication scheme using smart cards , 2004, 2004 International Conference on Cyberworlds.

[2]  Jian Ma,et al.  An efficient and security dynamic identity based authentication protocol for multi-server architecture using smart cards , 2012, J. Netw. Comput. Appl..

[3]  Chin-Laung Lei,et al.  User authentication scheme with privacy-preservation for multi-server environment , 2009, IEEE Communications Letters.

[4]  Wei-Kuan Shih,et al.  Improvement of the secure dynamic ID based remote user authentication scheme for multi-server environment , 2009, Comput. Stand. Interfaces.

[5]  Wei-Bin Lee,et al.  An efficient and secure multi-server authentication scheme with key agreement , 2012, J. Syst. Softw..

[6]  Shuenn-Shyang Wang,et al.  A secure dynamic ID based remote user authentication scheme for multi-server environment , 2009, Comput. Stand. Interfaces.

[7]  Subhasish Banerjee,et al.  An Improved Biometric-based Multi-server Authentication Scheme Using Smart Card , 2015 .

[8]  Sourav Mukhopadhyay,et al.  A Multi-server Environment with Secure and Efficient Remote User Authentication Scheme Based on Dynamic ID Using Smart Cards , 2017, Wirel. Pers. Commun..

[9]  Wen-Shenq Juang,et al.  Efficient multi-server password authenticated key agreement using smart cards , 2004, IEEE Transactions on Consumer Electronics.

[10]  Min-Shiang Hwang,et al.  A remote password authentication scheme for multiserver architecture using neural networks , 2001, IEEE Trans. Neural Networks.

[11]  Marina Ruggieri,et al.  Special Issue on “Future Tele-Infrastructure for Multi-sensory Devices (FIND)” , 2017, Wirel. Pers. Commun..

[12]  Yun Wei,et al.  Attack on An ID-based Authenticated Group Key Exchange Protocol with Identifying Malicious Participants , 2016, Int. J. Netw. Secur..

[13]  Jia-Lun Tsai,et al.  Efficient multi-server authentication scheme based on one-way hash function without verification table , 2008, Comput. Secur..

[14]  Cheng-Chi Lee,et al.  Towards secure and efficient user authentication scheme using smart card for multi-server environments , 2013, The Journal of Supercomputing.

[15]  Wei-Bin Lee,et al.  A smart card-based remote scheme for password authentication in multi-server Internet services , 2004, Comput. Stand. Interfaces.

[16]  Jianfeng Ma,et al.  A privacy preserving three-factor authentication protocol for e-Health clouds , 2016, The Journal of Supercomputing.