Cryptanalysis and Improvement User Authentication Scheme for Multi-server Environment

Because of increasing mobile devices and networks, people who wanted mobile service can access network at anywhere and anytime. User authentication using smartcard is a one of the widely-spread using technique in which server checks the legitimacy of a user between public channel. Currently, the number of user and server is increasing rapidly, user authentication scheme for multi-server environments have been proposed. User authentication scheme for multi-server environments is built more secure and efficient. As schemes are proposed continuously. In 2016, Amin et al. improved both Sood and Li et al.’s schemes and asserted that their scheme is a more secure and efficient for multi-server environment user authentication scheme. However, we discovered that Amin et al.’s scheme still insecure and not suitable to apply real-life application. In this paper, we demonstrate that their scheme is not able to resist several security threats. Finally, we show that our proposed scheme is more secure and provides for more security features.

[1]  Lixiang Li,et al.  A Lightweight ID Based Authentication and Key Agreement Protocol for Multiserver Architecture , 2015, Int. J. Distributed Sens. Networks.

[2]  Jongho Moon,et al.  An Improvement of Robust Biometrics-Based Authentication and Key Agreement Scheme for Multi-Server Environments Using Smart Cards , 2015, PloS one.

[3]  David P. Jablon Password Authentication Using Multiple Servers , 2001, CT-RSA.

[4]  Yixian Yang,et al.  An Efficient Multi-server Password Authenticated Key Agreement Scheme Using Smart Cards , 2007, 2007 International Conference on Multimedia and Ubiquitous Engineering (MUE'07).

[5]  Siew Woh Choo,et al.  Characterisation of Drosophila Ubx CPTI000601 and hth CPTI000378 Protein Trap Lines , 2014, TheScientificWorldJournal.

[6]  Jian Ma,et al.  A novel smart card and dynamic ID based remote user authentication scheme for multi-server environments , 2013, Math. Comput. Model..

[7]  Jongho Moon,et al.  Improvement of Biometrics and Smart Cards-based Authentication Scheme for Multi-Server Environments , 2016, IMCOM.

[8]  Sandeep K. Sood Dynamic Identity Based Authentication Protocol for Two-Server Architecture , 2012, J. Information Security.

[9]  Shuenn-Shyang Wang,et al.  A secure dynamic ID based remote user authentication scheme for multi-server environment , 2009, Comput. Stand. Interfaces.

[10]  Burton S. Kaliski,et al.  Server-assisted generation of a strong secret from a password , 2000, Proceedings IEEE 9th International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises (WET ICE 2000).

[11]  Chi-Yao Weng,et al.  Two-Factor User Authentication in Multi-Server Networks , 2012 .

[12]  Min-Shiang Hwang,et al.  A new remote user authentication scheme for multi-server architecture , 2003, Future Gener. Comput. Syst..

[13]  Younsung Choi Security Enhanced Anonymous Multiserver Authenticated Key Agreement Scheme Using Smart Cards and Biometrics , 2014, IACR Cryptol. ePrint Arch..

[14]  Jia-Lun Tsai,et al.  Efficient multi-server authentication scheme based on one-way hash function without verification table , 2008, Comput. Secur..

[15]  Paul C. Kocher,et al.  Differential Power Analysis , 1999, CRYPTO.

[16]  Dongho Won,et al.  An Efficient User Authentication Scheme with Smart Cards for Wireless Communications , 2013 .

[17]  Robert H. Sloan,et al.  Examining Smart-Card Security under the Threat of Power Analysis Attacks , 2002, IEEE Trans. Computers.

[18]  Ruhul Amin Cryptanalysis and Efficient Dynamic ID Based Remote User Authentication Scheme in Multi-server Environment Using Smart Card , 2016, Int. J. Netw. Secur..

[19]  Peilin Hong,et al.  A lightweight dynamic pseudonym identity based authentication and key agreement protocol without verification tables for multi-server architecture , 2012, J. Comput. Syst. Sci..

[20]  Wen-Shenq Juang,et al.  Efficient multi-server password authenticated key agreement using smart cards , 2004, IEEE Transactions on Consumer Electronics.

[21]  Dongho Won,et al.  A Privacy-Protecting Authentication Scheme for Roaming Services with Smart Cards , 2012, IEICE Trans. Commun..

[22]  Dongwoo Kang,et al.  Cryptanalysis and Improvement of Efficient Password-Based User Authentication Scheme using Hash Function , 2016, IMCOM.