A Secure Three-Factor Multiserver Authentication Protocol against the Honest-But-Curious Servers

Three-factor multiserver authentication protocols become a prevalence in recent years. Among these protocols, almost all of them do not involve the registration center into the authentication process. To improve the protocol’s efficiency, a common secret key is shared among all severs, which leads to a serious weakness; i.e., we find that these protocols cannot resist the passive attack from the honest-but-curious servers. This paper takes Wang et al.’s protocol as an example, to exhibit how an honest-but-curious server attacks their protocol. To remedy this weakness, a novel three-factor multiserver authentication protocol is presented. By introducing the registration center into the authentication process, the new protocol can resist the passive attack from the honest-but-curious servers. Security analyses including formal and informal analyses are given, demonstrating the correctness and validity of the new protocol. Compared with related protocols, the new protocol possesses more secure properties and more practical functionalities than others at a relatively low computation cost and communication cost.

[1]  Meng Chang Chen,et al.  An anonymous multi-server authenticated key agreement scheme based on trust computing using smart cards and biometrics , 2014, Expert Syst. Appl..

[2]  Chin-Chen Chang,et al.  An efficient and secure multi-server password authentication scheme using smart cards , 2004, 2004 International Conference on Cyberworlds.

[3]  Xiang Cao,et al.  Breaking a remote user authentication scheme for multi-server architecture , 2006, IEEE Communications Letters.

[4]  Fan Wu,et al.  A Robust ECC-Based Provable Secure Authentication Protocol With Privacy Preserving for Industrial Internet of Things , 2018, IEEE Transactions on Industrial Informatics.

[5]  Min-Shiang Hwang,et al.  A new remote user authentication scheme for multi-server architecture , 2003, Future Gener. Comput. Syst..

[6]  Xiong Li,et al.  Anonymous mutual authentication and key agreement scheme for wearable sensors in wireless body area networks , 2017, Comput. Networks.

[7]  Martín Abadi,et al.  A logic of authentication , 1990, TOCS.

[8]  Chun-Ta Li,et al.  An efficient biometrics-based remote user authentication scheme using smart cards , 2010, J. Netw. Comput. Appl..

[9]  Yixian Yang,et al.  Robust Biometrics Based Authentication and Key Agreement Scheme for Multi-Server Environments Using Smart Cards , 2015, PloS one.

[10]  Ashok Kumar Das,et al.  A dynamic password-based user authentication scheme for hierarchical wireless sensor networks , 2012, J. Netw. Comput. Appl..

[11]  Shuenn-Shyang Wang,et al.  A secure dynamic ID based remote user authentication scheme for multi-server environment , 2009, Comput. Stand. Interfaces.

[12]  Leslie Lamport,et al.  Password authentication with insecure communication , 1981, CACM.

[13]  Ping Wang,et al.  On the anonymity of two-factor authentication schemes for wireless sensor networks: Attacks, principle and solutions , 2014, Comput. Networks.

[14]  Wei-Kuan Shih,et al.  Improvement of the secure dynamic ID based remote user authentication scheme for multi-server environment , 2009, Comput. Stand. Interfaces.

[15]  Fan Wu,et al.  A Robust and Energy Efficient Authentication Protocol for Industrial Internet of Things , 2018, IEEE Internet of Things Journal.

[16]  Debiao He,et al.  Anonymous two-factor authentication for consumer roaming service in global mobility networks , 2013, IEEE Transactions on Consumer Electronics.

[17]  Min-Shiang Hwang,et al.  A remote password authentication scheme for multiserver architecture using neural networks , 2001, IEEE Trans. Neural Networks.

[18]  Debiao He,et al.  Security Flaws in a Smart Card Based Authentication Scheme for Multi-server Environment , 2012, Wireless Personal Communications.

[19]  Kim-Kwang Raymond Choo,et al.  An untraceable and anonymous password authentication protocol for heterogeneous wireless sensor networks , 2017, J. Netw. Comput. Appl..

[20]  Sourav Mukhopadhyay,et al.  A secure user anonymity-preserving biometric-based multi-server authenticated key agreement scheme using smart cards , 2014, Expert Syst. Appl..

[21]  Joseph K. Liu,et al.  Efficient handover authentication with user anonymity and untraceability for Mobile Cloud Computing , 2016, Future Gener. Comput. Syst..

[22]  Jian Shen,et al.  A lightweight multi-layer authentication protocol for wireless body area networks , 2018, Future Gener. Comput. Syst..

[23]  Shehzad Ashraf Chaudhry A secure biometric based multi-server authentication scheme for social multimedia networks , 2016, Multimedia Tools and Applications.

[24]  Vanga Odelu,et al.  A Secure Biometrics-Based Multi-Server Authentication Protocol Using Smart Cards , 2015, IEEE Transactions on Information Forensics and Security.

[25]  Cheng-Chi Lee,et al.  A secure dynamic ID based remote user authentication scheme for multi-server environment using smart cards , 2011, Expert Syst. Appl..

[26]  Guoai Xu,et al.  A Robust Mutual Authentication Scheme Based on Elliptic Curve Cryptography for Telecare Medical Information Systems , 2018, IEEE Access.

[27]  Dongho Won,et al.  Cryptanalysis and Improvement of a Biometrics-Based Multi-server Authentication with Key Agreement Scheme , 2012, ICCSA.

[28]  Kee-Young Yoo,et al.  An Enhanced Biometric Based Authentication with Key-Agreement Protocol for Multi-Server Architecture Based on Elliptic Curve Cryptography , 2016, PloS one.

[29]  Xiaojun Zhang,et al.  A Secure RFID Mutual Authentication Protocol for Healthcare Environments Using Elliptic Curve Cryptography , 2015, Journal of Medical Systems.

[30]  Eun-Jun Yoon,et al.  Design of Mutually Authenticated Key Agreement Protocol Resistant to Impersonation Attacks for Multi-Server Environment , 2017, IEEE Access.

[31]  Li Yang,et al.  Cryptanalysis and improvement of a biometrics-based authentication and key agreement scheme for multi-server environments , 2018, PloS one.

[32]  Shashikala Tapaswi,et al.  Robust Smart Card Authentication Scheme for Multi-server Architecture , 2013, Wireless Personal Communications.

[33]  Peng Jiang,et al.  An anonymous and efficient remote biometrics user authentication scheme in a multi server environment , 2014, Frontiers of Computer Science.

[34]  Ping Wang,et al.  Anonymous Two-Factor Authentication in Distributed Systems: Certain Goals Are Beyond Attainment , 2015, IEEE Transactions on Dependable and Secure Computing.

[35]  Debiao He,et al.  Robust Biometrics-Based Authentication Scheme for Multiserver Environment , 2015, IEEE Systems Journal.

[36]  Wen-Shenq Juang,et al.  Efficient multi-server password authenticated key agreement using smart cards , 2004, IEEE Transactions on Consumer Electronics.

[37]  Ping Wang,et al.  The Request for Better Measurement: A Comparative Evaluation of Two-Factor Authentication Schemes , 2016, AsiaCCS.

[38]  Xiao Zhang,et al.  Cryptanalysis and Improvement of a Biometric-Based Multi-Server Authentication and Key Agreement Scheme , 2016, PloS one.

[39]  Jia-Lun Tsai,et al.  Efficient multi-server authentication scheme based on one-way hash function without verification table , 2008, Comput. Secur..

[40]  Eun-Jun Yoon,et al.  Robust biometrics-based multi-server authentication with key agreement scheme for smart cards on elliptic curve cryptosystem , 2010, The Journal of Supercomputing.

[41]  Cheng-Chi Lee,et al.  Cryptanalysis of a Secure Dynamic ID Based Remote User Authentication Scheme for Multi-Server Environment , 2009, 2009 Fourth International Conference on Innovative Computing, Information and Control (ICICIC).

[42]  Xiong Li,et al.  Cryptanalysis and improvement of a biometrics-based remote user authentication scheme using smart cards , 2011, J. Netw. Comput. Appl..

[43]  Guoai Xu,et al.  An enhanced password authentication scheme for session initiation protocol with perfect forward secrecy , 2018, PloS one.