Three-Factor-Based Confidentiality-Preserving Remote User Authentication Scheme in Multi-server Environment

Recently, Guo–Wen projected an improved authentication protocol in multi-server environment, proclaiming it to preserve user anonymity. However, the authors revisit Guo–Wen’s protocol and discover various malicious threats, i.e., (1) password guessing threat, (2) identity guessing threat, (3) new smartcard issue threat, (4) user impersonation threat, (5) known session-key temporary information threat and (6) privilege insider threat. In order to surmount theses above-mentioned threats, we propose an enhanced and robust three-factor-based confidentiality-preserving authentication protocol in multi-server environment. The BAN (Burrows, Abadi, Needham) logic is used for validating our scheme which ensures the mutual authentication and session-key negotiation are securely generated. Thereafter, applied random oracle model demonstrates the backbone parameters (like identity, password, biometric and session key) of our protocol are highly secured. Further, the discussion of informal security analysis reveals that the scheme withstands several types of malicious attacks. Besides, we simulate our scheme with the help of AVISPA (Automated Validation of Internet Security Protocol and Applications) tool which demonstrates that it resists to various active and passive attacks. In addition, the performance evaluation exhibits the efficiency in regard to communication and computation costs and estimated time of our scheme is comparatively less with other related existing works.

[1]  Lixiang Li,et al.  A biometrics and smart cards-based authentication scheme for multi-server environments , 2015, Secur. Commun. Networks.

[2]  Yong Zhao,et al.  ECC-Based Password-Authenticated Key Exchange in the Three-Party Setting , 2013 .

[3]  Muhammad Sher,et al.  An improved and secure chaotic map based authenticated key agreement in multi-server architecture , 2016, Multimedia Tools and Applications.

[4]  Hari Om,et al.  Cryptanalysis and improvement of a biometric‐based remote user authentication protocol usable in a multiserver environment , 2017, Trans. Emerg. Telecommun. Technol..

[5]  Debiao He,et al.  New biometrics-based authentication scheme for multi-server environment in critical systems , 2015, J. Ambient Intell. Humaniz. Comput..

[6]  Shehzad Ashraf Chaudhry A secure biometric based multi-server authentication scheme for social multimedia networks , 2016, Multimedia Tools and Applications.

[7]  Cheng-Chi Lee,et al.  An extended chaotic-maps-based protocol with key agreement for multiserver environments , 2013, Nonlinear Dynamics.

[8]  Xiong Li,et al.  Robust three-factor remote user authentication scheme with key agreement for multimedia systems , 2016, Secur. Commun. Networks.

[9]  Muhammad Sher,et al.  A secure and provable multi-server authenticated key agreement for TMIS based on Amin et al. scheme , 2017, Multimedia Tools and Applications.

[10]  Zuowen Tan,et al.  A privacy-preserving multi-server authenticated key-agreement scheme based on Chebyshev chaotic maps , 2016, Secur. Commun. Networks.

[11]  Sourav Mukhopadhyay,et al.  A secure password-based authentication and key agreement scheme using smart cards , 2015, J. Inf. Secur. Appl..

[12]  Ruhul Amin,et al.  Cryptanalysis and Design of a Three-Party Authenticated Key Exchange Protocol Using Smart Card , 2015 .

[13]  Hari Om,et al.  Cryptanalysis and Extended Three-Factor Remote User Authentication Scheme in Multi-Server Environment , 2017 .

[14]  Yixian Yang,et al.  Robust Biometrics Based Authentication and Key Agreement Scheme for Multi-Server Environments Using Smart Cards , 2015, PloS one.

[15]  Xiong Li,et al.  Applying biometrics to design three-factor remote user authentication scheme with key agreement , 2014, Secur. Commun. Networks.

[16]  Vanga Odelu,et al.  A Secure Biometrics-Based Multi-Server Authentication Protocol Using Smart Cards , 2015, IEEE Transactions on Information Forensics and Security.

[17]  Guomin Yang,et al.  Analysis and Improvement on a Biometric-Based Remote User Authentication Scheme Using Smart Cards , 2014, Wireless Personal Communications.

[18]  Xiong Li,et al.  A Novel Chaotic Maps-Based User Authentication and Key Agreement Protocol for Multi-server Environments with Provable Security , 2016, Wireless Personal Communications.

[19]  Muhammad Khurram Khan,et al.  Cryptanalysis and Improvement of Authentication and Key Agreement Protocols for Telecare Medicine Information Systems , 2014, Journal of Medical Systems.

[20]  Vanga Odelu,et al.  A secure and efficient ECC-based user anonymity preserving single sign-on scheme for distributed computer networks , 2015, Secur. Commun. Networks.

[21]  Lih-Chyau Wuu,et al.  Robust smart‐card‐based remote user password authentication scheme , 2014, Int. J. Commun. Syst..

[22]  Wei Liang,et al.  An Enhancement of a Smart Card Authentication Scheme for Multi-server Architecture , 2015, Wirel. Pers. Commun..

[23]  Debiao He,et al.  Robust Biometrics-Based Authentication Scheme for Multiserver Environment , 2015, IEEE Systems Journal.

[24]  Hari Om,et al.  A secure and robust anonymous three-factor remote user authentication scheme for multi-server environment using ECC , 2017, Comput. Commun..

[25]  Jian Shen,et al.  An enhanced biometrics-based user authentication scheme for multi-server environments in critical systems , 2016, J. Ambient Intell. Humaniz. Comput..

[26]  Dheerendra Mishra,et al.  Design and Analysis of a Provably Secure Multi-server Authentication Scheme , 2016, Wirel. Pers. Commun..

[27]  Sourav Mukhopadhyay,et al.  A secure and efficient ECC-based user anonymity-preserving session initiation authentication protocol using smart card , 2014, Peer-to-Peer Networking and Applications.

[28]  Xiao Zhang,et al.  Cryptanalysis and Improvement of a Biometric-Based Multi-Server Authentication and Key Agreement Scheme , 2016, PloS one.

[29]  Sourav Mukhopadhyay,et al.  Design of a secure smart card-based multi-server authentication scheme , 2016, J. Inf. Secur. Appl..

[30]  Xiong Li,et al.  A novel and provably secure biometrics-based three-factor remote authentication scheme for mobile client-server networks , 2015, Comput. Electr. Eng..

[31]  Sourav Mukhopadhyay,et al.  A secure user anonymity-preserving biometric-based multi-server authenticated key agreement scheme using smart cards , 2014, Expert Syst. Appl..

[32]  Wenfen Liu,et al.  Cryptanalysis and Improvement of a Robust Smart Card Authentication Scheme for Multi-server Architecture , 2014, Wirel. Pers. Commun..

[33]  Muhammad Khurram Khan,et al.  Design of an anonymity-preserving three-factor authenticated key exchange protocol for wireless sensor networks , 2016, Comput. Networks.

[34]  Vanga Odelu,et al.  An efficient ECC-based privacy-preserving client authentication protocol with key agreement using smart card , 2015, J. Inf. Secur. Appl..

[35]  Jianfeng Ma,et al.  An Efficient Ticket Based Authentication Protocol with Unlinkability for Wireless Access Networks , 2014, Wirel. Pers. Commun..

[36]  Siva Sai Yerubandi,et al.  Differential Power Analysis , 2002 .

[37]  Meng Chang Chen,et al.  An anonymous multi-server authenticated key agreement scheme based on trust computing using smart cards and biometrics , 2014, Expert Syst. Appl..

[38]  Dianli Guo,et al.  Analysis and Improvement of a Robust Smart Card Based-Authentication Scheme for Multi-Server Architecture , 2014, Wirel. Pers. Commun..

[39]  Xiong Li,et al.  An improved remote user authentication scheme with key agreement , 2014, Comput. Electr. Eng..

[40]  Kuo-Hui Yeh,et al.  A Provably Secure Multi-server Based Authentication Scheme , 2014, Wirel. Pers. Commun..

[41]  Robert H. Sloan,et al.  Examining Smart-Card Security under the Threat of Power Analysis Attacks , 2002, IEEE Trans. Computers.

[42]  Xuelei Li,et al.  An improved dynamic ID-based remote user authentication with key agreement scheme , 2012, Comput. Electr. Eng..

[43]  Xiong Li,et al.  Design of an efficient and provably secure anonymity preserving three-factor user authentication and key agreement scheme for TMIS , 2016, Secur. Commun. Networks.

[44]  Martín Abadi,et al.  A logic of authentication , 1989, Proceedings of the Royal Society of London. A. Mathematical and Physical Sciences.