Design and Analysis of Bilinear Pairing Based Mutual Authentication and Key Agreement Protocol Usable in Multi-server Environment

Abstract With the increasing popularity and demand for various applications, the internet user accesses remote server by performing remote user authentication protocol using smart card over the insecure channel. In order to resist insider attack, most of the users remember a set of identity and password for accessing different application servers. Therefore, remembering set of identity and password is an extra overhead to the user. To avoid the mentioned shortcoming, many remote user authentication and key agreement protocols for multi-server architecture have been proposed in the literature. Recently, Hsieh–Leu proposed an improve protocol of Liao et al. scheme and claimed that the improve protocol is applicable for practical implementation. However, through careful analysis, we found that Hsieh–Leu scheme is still vulnerable to user anonymity, password guessing attack, server masquerading attack and the password change phase is inefficient. Therefore, the main aim of this paper was to design a bilinear pairing based three factors remote user authentication scheme using smart card for providing security weaknesses free protocol. In order to validate security proof of the proposed protocol, this paper uses BAN logic which ensures that the same protocol achieves mutual authentication and session key agreement property securely. Furthermore, this paper also informally illustrates that the proposed protocol is well protected against all the relevant security attacks. The performance analysis and comparison with other schemes are also made, and it has been found that the proposed protocol achieves complete security requirements with comparatively lesser complexities.

[1]  Loris Nanni,et al.  An improved BioHashing for human authentication , 2007, Pattern Recognit..

[2]  P. Urien,et al.  Introducing smartcards to remote authenticate passwords using public key encryption , 2004, 2004 IEEE/Sarnoff Symposium on Advances in Wired and Wireless Communications.

[3]  Wen-Shenq Juang,et al.  Efficient multi-server password authenticated key agreement using smart cards , 2004, IEEE Transactions on Consumer Electronics.

[4]  Colin Boyd,et al.  Protocols for Authentication and Key Establishment , 2003, Information Security and Cryptography.

[5]  Robert H. Sloan,et al.  Examining Smart-Card Security under the Threat of Power Analysis Attacks , 2002, IEEE Trans. Computers.

[6]  Bin Wang,et al.  A Smart Card Based Efficient and Secured Multi-Server Authentication Scheme , 2012, Wireless Personal Communications.

[7]  Lijiang Zhang,et al.  A Dynamic ID-Based User Authentication and Key Agreement Scheme for Multi-Server Environment Using Bilinear Pairings , 2008, 2008 Workshop on Power Electronics and Intelligent Transportation System.

[8]  Andrew Beng Jin Teoh,et al.  Biohashing: two factor authentication featuring fingerprint data and tokenised random number , 2004, Pattern Recognit..

[9]  Min-Hua Shao,et al.  A Novel Approach to Dynamic ID-Based Remote User Authentication Scheme for Multi-server Environment , 2010, 2010 Fourth International Conference on Network and System Security.

[10]  Wei Liang,et al.  An Enhancement of a Smart Card Authentication Scheme for Multi-server Architecture , 2015, Wirel. Pers. Commun..

[11]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[12]  Marko Hölbl,et al.  A novel user authentication and key agreement scheme for heterogeneous ad hoc wireless sensor networks, based on the Internet of Things notion , 2014, Ad Hoc Networks.

[13]  Christof Paar,et al.  On the Power of Power Analysis in the Real World: A Complete Break of the KeeLoqCode Hopping Scheme , 2008, CRYPTO.

[14]  Chin-Chen Chang,et al.  Remote password authentication with smart cards , 1991 .

[15]  Chien-Lung Hsu,et al.  Designing an Intelligent Health Monitoring System and Exploring User Acceptance for the Elderly , 2013, Journal of Medical Systems.

[16]  Alfred Menezes,et al.  Reducing elliptic curve logarithms to logarithms in a finite field , 1991, STOC '91.

[17]  Wei-Kuan Shih,et al.  Improvement of the secure dynamic ID based remote user authentication scheme for multi-server environment , 2009, Comput. Stand. Interfaces.

[18]  Amit K. Awasthi,et al.  An enhanced remote user authentication scheme using smart cards , 2004, IEEE Transactions on Consumer Electronics.

[19]  Shashikala Tapaswi,et al.  Robust Smart Card Authentication Scheme for Multi-server Architecture , 2013, Wireless Personal Communications.

[20]  SK Hafizul Islam,et al.  A Provably Secure ID-Based Mutual Authentication and Key Agreement Scheme for Mobile Multi-Server Environment Without ESL Attack , 2014, Wireless Personal Communications.

[21]  Jenq-Shiou Leu,et al.  An anonymous mobile user authentication protocol using self-certified public keys based on multi-server architectures , 2014, The Journal of Supercomputing.

[22]  Jian Ma,et al.  An efficient and security dynamic identity based authentication protocol for multi-server architecture using smart cards , 2012, J. Netw. Comput. Appl..

[23]  Jianhua Li,et al.  Anonymity Enhancement on Robust and Efficient Password-Authenticated Key Agreement Using Smart Cards , 2010, IEEE Transactions on Industrial Electronics.

[24]  Cheng-Chi Lee,et al.  A secure dynamic ID based remote user authentication scheme for multi-server environment using smart cards , 2011, Expert Syst. Appl..

[25]  Min-Shiang Hwang,et al.  A new remote user authentication scheme for multi-server architecture , 2003, Future Gener. Comput. Syst..

[26]  Kuldip Singh,et al.  A secure dynamic identity based authentication protocol for multi-server architecture , 2011, J. Netw. Comput. Appl..

[27]  Ruhul Amin,et al.  Remote Access Control Mechanism Using Rabin Public Key Cryptosystem , 2015 .

[28]  Ruhul Amin,et al.  A Novel User Authentication and Key Agreement Protocol for Accessing Multi-Medical Server Usable in TMIS , 2015, Journal of Medical Systems.

[29]  Yuh-Min Tseng,et al.  A Pairing-Based User Authentication Scheme for Wireless Clients with Smart Cards , 2008, Informatica.

[30]  Paul C. Kocher,et al.  Differential Power Analysis , 1999, CRYPTO.

[31]  Chih-Ming Hsiao,et al.  A novel multi-server remote user authentication scheme using self-certified public keys for mobile clients , 2013, Future Gener. Comput. Syst..

[32]  Dengguo Feng,et al.  An improved smart card based password authentication scheme with provable security , 2009, Comput. Stand. Interfaces.

[33]  Martín Abadi,et al.  A logic of authentication , 1990, TOCS.

[34]  Colin Boyd,et al.  Protocols for Key Establishment and Authentication , 2003 .

[35]  Jia-Lun Tsai,et al.  New dynamic ID authentication scheme using smart cards , 2010, Int. J. Commun. Syst..

[36]  Tanmoy Maitra,et al.  An Improved Efficient Remote User Authentication Scheme in Multi-server Environment using Smart Card , 2013 .

[37]  Ruhul Amin Cryptanalysis and an Efficient Secure ID-based Remote User Authentication using Smart Card , 2013 .

[38]  Hung-Yu Chien,et al.  An Efficient and Practical Solution to Remote Authentication: Smart Card , 2002, Comput. Secur..

[39]  Woei-Jiunn Tsaur,et al.  A Flexible User Authentication Scheme for Multi-server Internet Services , 2001, ICN.

[40]  Shuenn-Shyang Wang,et al.  A secure dynamic ID based remote user authentication scheme for multi-server environment , 2009, Comput. Stand. Interfaces.

[41]  Dong Hoon Lee,et al.  Diffie-Hellman Problems and Bilinear Maps , 2002, IACR Cryptol. ePrint Arch..

[42]  Fengtong Wen,et al.  A Robust Uniqueness-and-Anonymity-Preserving Remote User Authentication Scheme for Connected Health Care , 2013, Journal of Medical Systems.

[43]  Jian Ma,et al.  A novel smart card and dynamic ID based remote user authentication scheme for multi-server environments , 2013, Math. Comput. Model..

[44]  Ya-Fen Chang,et al.  A Uniqueness-and-Anonymity-Preserving Remote User Authentication Scheme for Connected Health Care , 2013, Journal of Medical Systems.

[45]  G. Frey,et al.  A remark concerning m -divisibility and the discrete logarithm in the divisor class group of curves , 1994 .

[46]  Cheng-Chi Lee,et al.  An Improved Secure Dynamic ID Based Remote User Authentication Scheme for Multi-Server Environment , 2012 .

[47]  Wenfen Liu,et al.  Cryptanalysis and Improvement of a Robust Smart Card Authentication Scheme for Multi-server Architecture , 2014, Wirel. Pers. Commun..