A Lightweight ID Based Authentication and Key Agreement Protocol for Multiserver Architecture

There is an increasing demand of an anonymous authentication to secure communications between numerous different network members while preserving privacy for the members. In this study, we address this issue by using an ID based authenticated and key agreement protocol to improve the recent protocol proposed by Xue et al. They claimed that their protocol could resist masquerade and insider attacks. Unfortunately, we find that Xue et al.'s protocol is not only really insecure against masquerade and insider attacks but also vulnerable to off-line password guessing attack. Therefore, a slight modification to their protocol is proposed to improve their shortcomings. Moreover, our protocol does not use timestamps, so it is not required to synchronize the time. As a result, according to our performance and security analyses, we can prove that our proposed protocol can enhance efficiency and improve security in comparison to previous protocols.

[1]  Muhammad Khurram Khan,et al.  An Improved User Authentication Protocol for Healthcare Services via Wireless Medical Sensor Networks , 2014, Int. J. Distributed Sens. Networks.

[2]  Ashok Kumar Das,et al.  A secure and effective user authentication and privacy preserving protocol with smart cards for wireless communications , 2013 .

[3]  Leslie Lamport,et al.  Password authentication with insecure communication , 1981, CACM.

[4]  Robert H. Deng,et al.  New efficient user identification and key distribution scheme providing enhanced security , 2004, Comput. Secur..

[5]  Dawei Zhao,et al.  A Secure and Effective Anonymous Authentication Scheme for Roaming Service in Global Mobility Networks , 2013, Wireless Personal Communications.

[6]  Jia-Yong Liu,et al.  A new mutual authentication scheme based on nonce and smart cards , 2008, Comput. Commun..

[7]  Kuldip Singh,et al.  A secure dynamic identity based authentication protocol for multi-server architecture , 2011, J. Netw. Comput. Appl..

[8]  Min-Shiang Hwang,et al.  A new remote user authentication scheme using smart cards , 2000, IEEE Trans. Consumer Electron..

[9]  Jian Ma,et al.  An efficient and security dynamic identity based authentication protocol for multi-server architecture using smart cards , 2012, J. Netw. Comput. Appl..

[10]  Luciano Lavagno,et al.  Online Authentication and Key Establishment Scheme for Heterogeneous Sensor Networks , 2014, Int. J. Distributed Sens. Networks.

[11]  Ronggong Song Advanced smart card based password authentication protocol , 2010, Comput. Stand. Interfaces.

[12]  Wei-Kuan Shih,et al.  Improvement of the secure dynamic ID based remote user authentication scheme for multi-server environment , 2009, Comput. Stand. Interfaces.

[13]  Chun Chen,et al.  A strong user authentication scheme with smart cards for wireless communications , 2011, Comput. Commun..

[14]  Peilin Hong,et al.  A lightweight dynamic pseudonym identity based authentication and key agreement protocol without verification tables for multi-server architecture , 2012, J. Comput. Syst. Sci..

[15]  Setti Yerukamma,et al.  Efficient Authentication for Mobile and Pervasive Computing , 2017 .

[16]  Wen-Shenq Juang,et al.  Efficient multi-server password authenticated key agreement using smart cards , 2004, IEEE Transactions on Consumer Electronics.

[17]  Paul C. Kocher,et al.  Differential Power Analysis , 1999, CRYPTO.

[18]  Jia-Lun Tsai,et al.  Novel Anonymous Authentication Scheme Using Smart Cards , 2013, IEEE Transactions on Industrial Informatics.

[19]  Chun-Ta Li,et al.  An efficient biometrics-based remote user authentication scheme using smart cards , 2010, J. Netw. Comput. Appl..

[20]  Min-Shiang Hwang,et al.  DoS-resistant ID-based password authentication scheme using smart cards , 2010, J. Syst. Softw..

[21]  Dengguo Feng,et al.  An improved smart card based password authentication scheme with provable security , 2009, Comput. Stand. Interfaces.

[22]  Liu Shouyin,et al.  An Improved Biometric-Based User Authentication Scheme for C/S System , 2014 .

[23]  Robert H. Sloan,et al.  Examining Smart-Card Security under the Threat of Power Analysis Attacks , 2002, IEEE Trans. Computers.

[24]  Jianhua Li,et al.  Anonymity Enhancement on Robust and Efficient Password-Authenticated Key Agreement Using Smart Cards , 2010, IEEE Transactions on Industrial Electronics.

[25]  Martín Abadi,et al.  A logic of authentication , 1990, TOCS.

[26]  Kee-Young Yoo,et al.  Efficient nonce-based remote user authentication scheme using smart cards , 2005, Appl. Math. Comput..

[27]  Amit K. Awasthi,et al.  An enhanced remote user authentication scheme using smart cards , 2004, IEEE Transactions on Consumer Electronics.

[28]  Chun-I Fan,et al.  Robust remote authentication scheme with smart cards , 2005, Comput. Secur..