SUAA: A Secure User Authentication Scheme with Anonymity for the Single & Multi-server Environments

Abstract The rapid increase in user base and technological penetration has enabled the use of a wide range of devices and applications. The services are rendered to these devices from single-server or highly distributed server environments, irrespective of their location. As the information exchanged between servers and clients is private, numerous forms of attacks can be launched to compromise it. To ensure the security, privacy, and availability of the services, different authentication schemes have been proposed for both single-server and multi-server environments. The primary performance objective of such schemes is to prevent most (if not all) attacks, with minimal computational costs at the server and user ends. To address this challenge, this paper presents a secure user authentication scheme with anonymity (SUAA) for single-server and multi-server environments. It works on 3-factor authentication, involving passwords, smart cards, and biometric data. We use symmetric and asymmetric encryption for single-server and multi-server architectures respectively, to reduce the computational costs. Through a comprehensive security analysis, we show that the proposed scheme is reliable through mutual authentication, and is resilient to attacks addressed by state of the art solutions. Time cost analysis also shows less time required to complete the authentication process.

[1]  Sourav Mukhopadhyay,et al.  A Self-Verifiable Password Based Authentication Scheme for Multi-Server Architecture Using Smart Card , 2017, Wirel. Pers. Commun..

[2]  Sourav Mukhopadhyay,et al.  A secure user anonymity-preserving biometric-based multi-server authenticated key agreement scheme using smart cards , 2014, Expert Syst. Appl..

[3]  Yuanzhang Li,et al.  A Covert Channel Over VoLTE via Adjusting Silence Periods , 2018, IEEE Access.

[4]  Morteza Nikooghadam,et al.  A lightweight authentication and key agreement protocol preserving user anonymity , 2017, Multimedia Tools and Applications.

[5]  Jin Li,et al.  Identity-Based Encryption with Outsourced Revocation in Cloud Computing , 2015, IEEE Transactions on Computers.

[6]  Chun-Ta Li,et al.  An efficient biometrics-based remote user authentication scheme using smart cards , 2010, J. Netw. Comput. Appl..

[7]  Yixian Yang,et al.  Robust Biometrics Based Authentication and Key Agreement Scheme for Multi-Server Environments Using Smart Cards , 2015, PloS one.

[8]  Vanga Odelu,et al.  A Secure Biometrics-Based Multi-Server Authentication Protocol Using Smart Cards , 2015, IEEE Transactions on Information Forensics and Security.

[9]  Hari Om,et al.  Cryptanalysis and Improvement of an Anonymous Multi-server Authenticated Key Agreement Scheme , 2017, Wirel. Pers. Commun..

[10]  Ajoy Kumar Khan,et al.  Power analysis attack: A vulnerability to smart card security , 2015, 2015 International Conference on Signal Processing and Communication Engineering Systems.

[11]  Lee-Ming Cheng,et al.  Cryptanalysis of a remote user authentication scheme using smart cards , 2000, IEEE Trans. Consumer Electron..

[12]  Eun-Jun Yoon,et al.  Improving the Dynamic ID-Based Remote Mutual Authentication Scheme , 2006, OTM Workshops.

[13]  Sung-Ming Yen,et al.  Shared Authentication Token Secure Against Replay and Weak Key Attacks , 1997, Inf. Process. Lett..

[14]  Jian Shen,et al.  Cloud-aided lightweight certificateless authentication protocol with anonymity for wireless body area networks , 2018, J. Netw. Comput. Appl..

[15]  Xuelei Li,et al.  An improved dynamic ID-based remote user authentication with key agreement scheme , 2012, Comput. Electr. Eng..

[16]  Paul F. Syverson,et al.  The Logic of Authentication Protocols , 2000, FOSAD.

[17]  Meng Chang Chen,et al.  An anonymous multi-server authenticated key agreement scheme based on trust computing using smart cards and biometrics , 2014, Expert Syst. Appl..

[18]  Tugrul Yanik,et al.  A Survey of SIP Authentication and Key Agreement Schemes , 2014, IEEE Communications Surveys & Tutorials.

[19]  Wei Liang,et al.  An Enhancement of a Smart Card Authentication Scheme for Multi-server Architecture , 2015, Wirel. Pers. Commun..

[20]  Tao Peng,et al.  Collaborative trajectory privacy preserving scheme in location-based services , 2017, Inf. Sci..

[21]  Martín Abadi,et al.  A logic of authentication , 1990, TOCS.

[22]  Jian Shen,et al.  Finger vein secure biometric template generation based on deep learning , 2018, Soft Comput..

[23]  Kuldip Singh,et al.  A secure dynamic identity based authentication protocol for multi-server architecture , 2011, J. Netw. Comput. Appl..

[24]  Jian Ma,et al.  An efficient and security dynamic identity based authentication protocol for multi-server architecture using smart cards , 2012, J. Netw. Comput. Appl..

[25]  Eun-Jun Yoon,et al.  Robust biometrics-based multi-server authentication with key agreement scheme for smart cards on elliptic curve cryptosystem , 2010, The Journal of Supercomputing.

[26]  Cheng-Chi Lee,et al.  Security enhancement for a dynamic ID-based remote user authentication scheme , 2005, International Conference on Next Generation Web Services Practices (NWeSP'05).

[27]  Trupil Limbasiya,et al.  A survey on attacks in remote user authentication scheme , 2014 .

[28]  Jin Li,et al.  Insight of the protection for data security under selective opening attacks , 2017, Inf. Sci..

[29]  Jin Li,et al.  Hierarchical and Shared Access Control , 2016, IEEE Transactions on Information Forensics and Security.

[30]  Yan-yan Wang,et al.  A more efficient and secure dynamic ID-based remote user authentication scheme , 2009, Comput. Commun..

[31]  Eun-Jun Yoon,et al.  Design of Mutually Authenticated Key Agreement Protocol Resistant to Impersonation Attacks for Multi-Server Environment , 2017, IEEE Access.

[32]  Ashutosh Saxena,et al.  A dynamic ID-based remote user authentication scheme , 2004, IEEE Transactions on Consumer Electronics.

[33]  Jin Li,et al.  Privacy-preserving Naive Bayes classifiers secure against the substitution-then-comparison attack , 2018, Inf. Sci..

[34]  Fucai Zhou,et al.  Dynamic Fully Homomorphic encryption-based Merkle Tree for lightweight streaming authenticated data structures , 2018, J. Netw. Comput. Appl..

[35]  Jian Shen,et al.  Anonymous and Traceable Group Data Sharing in Cloud Computing , 2018, IEEE Transactions on Information Forensics and Security.

[36]  Shashikala Tapaswi,et al.  Robust Smart Card Authentication Scheme for Multi-server Architecture , 2013, Wireless Personal Communications.

[37]  Wen-Chung Kuo,et al.  An Enhanced Secure Anonymous Authentication Scheme Based on Smart Cards and Biometrics for Multi-server Environments , 2015, 2015 10th Asia Joint Conference on Information Security.

[38]  Ting Wu,et al.  Generating stable biometric keys for flexible cloud computing authentication using finger vein , 2016, Inf. Sci..

[39]  Cheng-Chi Lee,et al.  Cryptanalysis of an anonymous multi-server authenticated key agreement scheme using smart cards and biometrics , 2015, 2015 International Conference on Information Networking (ICOIN).

[40]  Jian Shen,et al.  Secure data uploading scheme for a smart home system , 2018, Inf. Sci..

[41]  Leslie Lamport,et al.  Password authentication with insecure communication , 1981, CACM.

[42]  Chin-Chen Chang,et al.  Remote password authentication with smart cards , 1991 .

[43]  Joydip Dhar,et al.  Hash Based Multi-server Key Exchange Protocol Using Smart Card , 2016, Wirel. Pers. Commun..

[44]  Xiao Zhang,et al.  Cryptanalysis and Improvement of a Biometric-Based Multi-Server Authentication and Key Agreement Scheme , 2016, PloS one.

[45]  Ya-Fen Chang,et al.  Untraceable dynamic-identity-based remote user authentication scheme with verifiable password update , 2014, Int. J. Commun. Syst..

[46]  Dongho Won,et al.  Cryptanalysis and Improvement of a Biometrics-Based Multi-server Authentication with Key Agreement Scheme , 2012, ICCSA.