Skip to main content
SpringerLink
Log in

An Enhanced Authentication Protocol for Multi-server Environment Using Password and Smart Card

  • Published:
Wireless Personal Communications Aims and scope Submit manuscript

Abstract

In the past two decades, numerous two-factor authentication protocols have been proposed for the multi-server environment using a smart card and password. Sahoo et al. recently proposed an authentication protocol for the multi-server environments. Our cryptanalysis shows that the Sahoo et al. scheme is susceptible to several attacks such as offline password guessing, spoofing, replay and smart-card-lost. Also their scheme does not provide two-factor security truly. We propose a new secure, mutually authenticated key-sharing protocol for the multi-server environment to overcome the security flaws in their scheme. We formally prove the secure authentication of the proposed scheme using Burrows–Abadi–Needham logic and simulate various attacks through the automated validation of internet security protocols and applications tool. Additionally, we provide an informal security analysis to show the security and functionality features of the proposed scheme. Moreover, the security and performance comparison results shows that the proposed scheme offers better security and performance.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1

References

  1. Lamport, L. (1981). Password authentication with insecure communication. Communications of the ACM, 24, 770–772.

    Article  Google Scholar 

  2. Chang, C. C., & Wu, T. C. (1991). Remote password authentication with smart cards. In Proceedings of the computers and digital techniques (pp. 165–168).

  3. Wang, D., & Wang, P. (2016). Two birds with one stone: Two-factor authentication with security beyond conventional bound. IEEE Transactions on Dependable and Secure Computing. https://doi.org/10.1109/TDSC.2016.2605087.

    Article  Google Scholar 

  4. Jan, J. K., & Chen, Y. Y. (1998). 'Paramita wisdom’ password authentication scheme without verification tables. Journal of Systems and Software, 42, 45–57.

    Article  Google Scholar 

  5. Hwang, M. S., & Li, L. H. (2000). New remote user authentication scheme using smart cards. IEEE Transactions on Consumer Electronics, 46, 28–30.

    Article  Google Scholar 

  6. Awashti, A. K., & Lal, S. (2004). An enhanced remote user authentication scheme using smart cards. IEEE Transactions on Consumer Electronics, 50(2), 583–586.

    Article  Google Scholar 

  7. Li, L. H., Lin, L. C., & Hwang, M. S. (2001). A remote password authentication scheme for multi-server architecture using neural networks. IEEE Transactions on Neural Networks, 2, 1498–1504.

    Google Scholar 

  8. Lin, I. C., Hwang, M. S., & Li, L. H. (2003). A new remote user authentication scheme for multi-server architecture. Future Generation Computer Systems, 19, 13–22.

    Article  Google Scholar 

  9. Juang, W. S. (2004). Efficient multi-server password-authenticated key agreement using smart cards. IEEE Transactions on Consumer Electronics, 50, 251–255.

    Article  Google Scholar 

  10. Chao, J. (2012). An Improved remote password authentication scheme with a smart card. Journal of Electronics, 29, 550–555.

    Google Scholar 

  11. Yoon, E. J., Ryu, E. K., & Yoo, K. Y. (2004). Efficient remote user authentication scheme based on generalized ElGamal signature scheme. IEEE Transactions on Consumer Electronics, 50, 568–570.

    Article  Google Scholar 

  12. Das, M., Saxena, A., & Gulati, V. (2014). A dynamic ID-based remote user authentication scheme. IEEE Transactions on Consumer Electronics, 50, 629–631.

    Article  Google Scholar 

  13. Liao, Y. P., & Wang, S. S. (2009). A secure dynamic ID-based remote user authentication scheme for a multi-server environment. Computer Standards & Interfaces, 31, 24–29.

    Article  Google Scholar 

  14. Hsiang, H. C., & Shih, W. K. (2009). Improvement of the secure dynamic ID-based remote user authentication scheme for a multi-server environment. Computer Standards & Interfaces, 31, 1118–1123.

    Article  Google Scholar 

  15. Lee, C. C., Lin, T. H., & Chang, R. X. (2011). A secure dynamic ID based remote user authentication scheme for multi-serverenvironment using smart cards. Expert Systems with Applications, 38, 13863–13870.

    Google Scholar 

  16. Sood, S. K., Sarje, A. K., & Singh, K. (2011). A secure dynamic identity based authentication protocol for multi-server architecture. Journal of Network and Computer Applications, 34, 609–618.

    Article  Google Scholar 

  17. Li, X. J., et al. (2013). A novel smart card and dynamic ID based remote user authentication scheme for multi-server environment. Mathematical and Computer Modelling, 58, 85–95.

    Article  Google Scholar 

  18. Saraswathi, S., Renukadevi, S., & Yogesh, P. (2015). Secure and efficient smart-card-based remote user authentication scheme for multi-server environment. IEEE Canadian Journal of Electrical and Computer Engineering, 38, 20–30.

    Article  Google Scholar 

  19. Islam, S. K. (2016). Design and analysis of an improved smartcard based remote user password authentication scheme. International Journal of Communication Systems, 29, 708–1719.

    Google Scholar 

  20. Srinivas, J., Sourav, M., & Ashok Kumar, D. (2017). A multi-server environment with secure and efficient remote user authentication scheme based on dynamic ID using smart cards. Wireless Personal Communications, 95, 2735–2767.

    Article  Google Scholar 

  21. Sahoo, S. S., Mohanty, S., & Majhi, B. (2018). An improved and secure two-factor dynamic ID based authenticated key agreement scheme for multi-server environment. Wireless Personal Communications, 101, 1307–1333.

    Article  Google Scholar 

  22. Fan, C., Chan, Y., & Zhang, Z. (2005). Robust remote authentication scheme with smart cards. Computers & Security, 24(8), 619–628.

    Article  Google Scholar 

  23. Yang, G. M., Wong, D. S., Wang, H. X., & Deng, X. T. (2008). Twofactor mutual authentication based on smart cards and passwords. Journal of Computer and System Sciences, 74(7), 1160–1172.

    Article  MathSciNet  Google Scholar 

  24. Xu, J., Zhu, W., & Feng, D. (2009). An improved smart card based password authentication scheme with provable security. Computer Standards & Interfaces, 31(4), 723–728.

    Article  Google Scholar 

  25. Shirvanian, M., Jarecki, S., Saxena, N., & Nathan, N. (2014). Two-factor authentication resilient to server compromise using mix-bandwidth devices. In Proceedings of the NDSS 2014 (pp. 1–16). The Internet Society.

  26. Wu, S. H., Zhu, Y. F., & Pu, Q. (2012). Robust smart-cards-based user authentication scheme with user anonymity. Security and Communication Networks, 5(2), 236–248.

    Article  Google Scholar 

  27. Wang, D., Ma, C. G., & Wu, P. (2012). Secure password-based remote user authentication scheme with non-tamper resistant smart cards. In Proceedings of the DBSec 2012, ser. LNCS (pp. 114–121). Springer.

  28. Tsai, J.-L., Lo, N.-W., & Wu, T.-C. (2013). Novel anonymous authentication scheme using smart cards. IEEE Transactions on Industrial Informatics, 9(4), 2004–2013.

    Article  Google Scholar 

  29. Li, X., Niu, J., Khan, M. K., & Liao, J. (2013). An enhanced smart card based remote user password authentication scheme. Journal of Network and Computer Applications, 36(5), 1365–1371.

    Article  Google Scholar 

  30. Madhusudhan, R., & Mittal, R. (2012). Dynamic id-based remote user password authentication schemes using smart cards: A review. Journal of Network and Computer Applications, 35(4), 1235–1248.

    Article  Google Scholar 

  31. Kumari, S., & Khan, M. K. (2014). Cryptanalysis and improvement of ‘a robust smart-card-based remote user password authentication scheme’. International Journal of Communication Systems, 27(12), 3939–3955.

    Article  Google Scholar 

  32. Byun, J. W. (2015). Privacy preserving smartcard-based authentication system with provable security. Security and Communication Networks, 8(17), 3028–3044.

    Article  Google Scholar 

  33. Jiang, Q., Ma, J., Li, G., & Li, X. (2015). Improvement of robust smart-cardbased password authentication scheme. International Journal of Communication Systems, 28(2), 383–393.

    Article  Google Scholar 

  34. Truong, T.-T., Tran, M.-T., Duong, A.-D., & Echizen, I. (2015). Chaotic Chebyshev polynomials based remote user authentication scheme in client–server environment. Proceedings of the SEC, 2015, 479–494.

    Google Scholar 

  35. Guosheng, X., Shuming, Q., Haseeb, A., Guoai, X., Yanhui, G., Miao, Z., et al. (2018). A multi-server two-factor authentication scheme with un-traceability using elliptic curve cryptography. Sensors, 2018(18), 1–19.

    Google Scholar 

  36. Chenyu, W., Guoai, X., & Wenting, L. (2018). A secure and anonymous two-factor authentication protocol in multi-server environment. Security and Communication Networks, 2018, 1–15.

    Google Scholar 

  37. Hao, L., Fengtong, W., & Chunxia, D. (2015). An improved anonymous multi-server authenticated key agreement scheme using smart cards and biometrics. Wireless Personal Communications, 2015(84), 2351–2362.

    Google Scholar 

  38. Subhas, B., Ashok Kumar, D., Debasis, S., Samiran, C., Joel, J. P. C. R., & Youngho, P. (2018). Provably secure multi-server authentication protocol using fuzzy commitment. IEEE Access, 6, 38578–38594.

    Article  Google Scholar 

  39. Burrows, M., Abadi, R., & Needham, A. (1990). Logic of authentication. ACM Transactions on Computer Systems, 8, 18–36.

    Article  Google Scholar 

  40. Security Protocol Animator for AVISPA. Retrieved September, 2017, from http://www.irisa.fr/celtique/genet/span/.

  41. AVISPA. Automated validation of internet security protocols and applications. Retrieved 2006, from http://www.avispa-project.org/.

  42. Kocher, P., Jaffe, J., & Jun, B. (1999). Differential power analysis. In Proceedings of 19th annual international cryptology conference CRYPTO’99 (pp. 388–397).

  43. Messergers, T. S., Dabbish, E. A., & Sloan, R. H. (2002). Examining smart card security under the threat of power analysis attacks. IEEE Transactions on Computers, 51, 541–552.

    Article  MathSciNet  Google Scholar 

  44. Bonneau, J. (2012). The science of guessing: Analyzing an anonymized corpus of 70 million passwords. In Proceedings of the IEEE S&P (pp. 538–552).

  45. Ma, J., Yang, W., Luo, M., & Li, N. (2014). A study of probabilistic password models. In Proceedings of the IEEE S&P 2014 (pp. 538–552). IEEE.

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science and Engineering, Amrita School of Engineering, Amrita Vishwa Vidyapeetham, Chennai, India

    T. Sudhakar

  2. Department of Instrumentation Engineering, Anna University, Chennai, India

    V. Natarajan

  3. Department of Information Technology, Veltech Hightech Dr. Rangarajan Dr. Sakunthala Engineering College, Chennai, India

    M. Gopinath

  4. Department of Computer Technology, Anna University, Chennai, India

    J. Saranyadevi

Authors
  1. T. Sudhakar
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. V. Natarajan
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. M. Gopinath
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. J. Saranyadevi
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to T. Sudhakar.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Sudhakar, T., Natarajan, V., Gopinath, M. et al. An Enhanced Authentication Protocol for Multi-server Environment Using Password and Smart Card. Wireless Pers Commun 115, 2779–2803 (2020). https://doi.org/10.1007/s11277-020-07462-4

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11277-020-07462-4

Keywords

Search

Navigation