Abstract
Recently, Guo–Wen projected an improved authentication protocol in multi-server environment, proclaiming it to preserve user anonymity. However, the authors revisit Guo–Wen’s protocol and discover various malicious threats, i.e., (1) password guessing threat, (2) identity guessing threat, (3) new smartcard issue threat, (4) user impersonation threat, (5) known session-key temporary information threat and (6) privilege insider threat. In order to surmount theses above-mentioned threats, we propose an enhanced and robust three-factor-based confidentiality-preserving authentication protocol in multi-server environment. The BAN (Burrows, Abadi, Needham) logic is used for validating our scheme which ensures the mutual authentication and session-key negotiation are securely generated. Thereafter, applied random oracle model demonstrates the backbone parameters (like identity, password, biometric and session key) of our protocol are highly secured. Further, the discussion of informal security analysis reveals that the scheme withstands several types of malicious attacks. Besides, we simulate our scheme with the help of AVISPA (Automated Validation of Internet Security Protocol and Applications) tool which demonstrates that it resists to various active and passive attacks. In addition, the performance evaluation exhibits the efficiency in regard to communication and computation costs and estimated time of our scheme is comparatively less with other related existing works.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Amin, R.; Biswas, G.: Cryptanalysis and design of a three-party authenticated key exchange protocol using smart card. Arab. J. Sci. Eng. 40(11), 3135–3149 (2015)
Liu, T.; Pu, Q.; Zhao, Y.; Wu, S.: Ecc-based password-authenticated key exchange in the three-party setting. Arab. J. Sci. Eng. 38(8) (2013)
Chen, B.-L.; Kuo, W.-C.; Wuu, L.-C.: Robust smart-card-based remote user password authentication scheme. Int. J. Commun. Syst. 27(2), 377–389 (2014)
Wazid, M.; Das, A.K.; Kumari, S.; Li, X.; Wu, F.: Design of an efficient and provably secure anonymity preserving three-factor user authentication and key agreement scheme for tmis. Secur. Commun. Netw. (2016). doi:10.1002/sec.1452
Wen, F.; Li, X.: An improved dynamic id-based remote user authentication with key agreement scheme. Comput. Electr. Eng. 38(2), 381–387 (2012)
Kumari, S.; Khan, M.K.; Li, X.: An improved remote user authentication scheme with key agreement. Comput. Electr. Eng. 40(6), 1997–2012 (2014)
Wu, F.; Xu, L.; Kumari, S.; Li, X.: A novel and provably secure biometrics-based three-factor remote authentication scheme for mobile client-server networks. Comput. Electr. Eng. 45, 274–285 (2015)
Li, X.; Niu, J.; Wang, Z.; Chen, C.: Applying biometrics to design three-factor remote user authentication scheme with key agreement. Secur. Commun. Netw. 7(10), 1488–1497 (2014)
Li, X.; Niu, J.; Khan, M. K.; Liao, J.; Zhao, X.: Robust three-factor remote user authentication scheme with key agreement for multimedia systems. Secur. Commun. Netw. (2014). doi:10.1002/sec.961
Chandrakar, P.; Om, H.: Cryptanalysis and extended three-factor remote user authentication scheme in multi-server environment. Arab. J. Sci. Eng. 42, 765 (2017). doi:10.1007/s13369-016-2341-x
Chuang, M.-C.; Chen, M.C.: An anonymous multi-server authenticated key agreement scheme based on trust computing using smart cards and biometrics. Exp. Syst. Appl. 41(4), 1411–1418 (2014)
Guo, D.; Wen, F.: Analysis and improvement of a robust smart card based-authentication scheme for multi-server architecture. Wirel. Pers. Commun. 78(1), 475–490 (2014)
Wang, C.; Zhang, X.; Zheng, Z.: Cryptanalysis and improvement of a biometric-based multi-server authentication and key agreement scheme. PLoS One 11(2), e0149173 (2016)
Chaturvedi, A.; Das, A.K.; Mishra, D.; Mukhopadhyay, S.: Design of a secure smart card-based multi-server authentication scheme. J. Inf. Secur. Appl. 30, 64–80 (2016)
Irshad, A.; Sher, M.; Chaudhry, S.A.; Xie, Q.; Kumari, S.; Wu, F.: An improved and secure chaotic map based authenticated key agreement in multi-server architecture. Multimed. Tools Appl. (2017). doi:10.1007/s11042-016-4236-y
Li, X.; Niu, J.; Kumari, S.; Islam, S.H.; Wu, F.; Khan, M.K.; Das, A.K.: A novel chaotic maps-based user authentication and key agreement protocol for multi-server environments with provable security. Wirel. Pers. Commun. 89(2), 569–597 (2016)
Tan, Z.: A privacy-preserving multi-server authenticated key-agreement scheme based on Chebyshev chaotic maps. Secur. Commun. Netw. (2016). doi:10.1002/sec.1424
Yeh, K.-H.: A provably secure multi-server based authentication scheme. Wirel. Pers. Commun. 79(3), 1621–1634 (2014)
Wei, J.; Liu, W.; Hu, X.: Cryptanalysis and improvement of a robust smart card authentication scheme for multi-server architecture. Wirel. Pers. Commun. 77(3), 2255–2269 (2014)
Lee, C.-C.; Lou, D.-C.; Li, C.-T.; Hsu, C.-W.: An extended chaotic-maps-based protocol with key agreement for multiserver environments. Nonlinear Dyn. 76(1), 853–866 (2014)
Shen, H.; Gao, C.; He, D.; Wu, L.: New biometrics-based authentication scheme for multi-server environment in critical systems. J. Ambient Intell. Humaniz. Comput. 6(6), 825–834 (2015)
Mishra, D.; Das, A.K.; Mukhopadhyay, S.: A secure user anonymity-preserving biometric-based multi-server authenticated key agreement scheme using smart cards. Exp. Syst. Appl. 41(18), 8129–8143 (2014)
Lu, Y.; Li, L.; Peng, H.; Yang, Y.: A biometrics and smart cards-based authentication scheme for multi-server environments. Secur. Commun. Netw. 8(17), 3219–3228 (2015)
Lu, Y.; Li, L.; Yang, X.; Yang, Y.: Robust biometrics based authentication and key agreement scheme for multi-server environments using smart cards. PLoS One 10(5), e0126323 (2015)
Chaudhry, S.A.: A secure biometric based multi-server authentication scheme for social multimedia networks. Multimed. Tools Appl. 75, 12705 (2016). doi:10.1007/s11042-015-3194-0
He, D.; Wang, D.: Robust biometrics-based authentication scheme for multiserver environment. IEEE Syst. J. 9(3), 816–823 (2015)
Odelu, V.; Das, A.K.; Goswami, A.: A secure biometrics-based multi-server authentication protocol using smart cards. IEEE Trans. Inf. Forensics Secur. 10(9), 1953–1966 (2015)
Li, X.; Wang, K.; Shen, J.; Kumari, S.; Wu, F.; Hu, Y.: An enhanced biometrics-based user authentication scheme for multi-server environments in critical systems. J. Ambient Intell. Humaniz. Comput. 1–17 (2015)
Mishra, D.: Design and analysis of a provably secure multi-server authentication scheme. Wirel. Pers. Commun. 86(3), 1095–1119 (2016)
Wen, F.; Susilo, W.; Yang, G.: Analysis and improvement on a biometric-based remote user authentication scheme using smart cards. Wirel. Pers. Commun. 80(4), 1747–1760 (2015)
Li, X.; Niu, J.; Kumari, S.; Liao, J.; Liang, W.: An enhancement of a smart card authentication scheme for multi-server architecture. Wirel. Pers. Commun. 80(1), 175–192 (2015)
Irshad, A.; Sher, M.; Nawaz, O.; Chaudhry, S. A.; Khan, I.; Kumari, S.: A secure and provable multi-server authenticated key agreement for tmis based on Amin et al. scheme. Multimed. Tools Appl. (2016). doi:10.1007/s11042-016-3921-1
Burrows, M.; Abadi, M.; Needham, R. M.: A logic of authentication. In: Proceedings of the Royal Society of London A: Mathematical, Physical and Engineering Sciences, vol. 426, pp. 233–271. The Royal Society (1989)
Amin, R.; Islam, S.H.; Biswas, G.; Khan, M.K.; Leng, L.; Kumar, N.: Design of an anonymity-preserving three-factor authenticated key exchange protocol for wireless sensor networks. Comput. Netw. 101, 42–62 (2016)
Mishra, D.; Das, A.K.; Mukhopadhyay, S.: A secure and efficient ecc-based user anonymity-preserving session initiation authentication protocol using smart card. Peer Peer Netw. Appl. 9(1), 171–192 (2016)
Mishra, D.; Das, A.K.; Chaturvedi, A.; Mukhopadhyay, S.: A secure password-based authentication and key agreement scheme using smart cards. J. Inf. Secur. Appl. 23, 28–43 (2015)
Odelu, V.; Das, A.K.; Goswami, A.: An efficient ECC-based privacy-preserving client authentication protocol with key agreement using smart card. J. Inf. Secur. Appl. 21, 1–19 (2015)
Odelu, V.; Das, A.K.; Goswami, A.: A secure and efficient ecc-based user anonymity preserving single sign-on scheme for distributed computer networks. Secur. Commun. Netw. 8(9), 1732–1751 (2015)
Kocher, P.; Jaffe, J.; Jun, B.: Differential power analysis. In: Annual International Cryptology Conference, pp. 388–397. Springer (1999)
Messerges, T.S.; Dabbish, E.A.; Sloan, R.H.: Examining smart-card security under the threat of power analysis attacks. IEEE Trans. Comput. 51(5), 541–552 (2002)
Avispa: Avispa web tool. http://www.avispa-project.org/web-interface/expert.php/ (2015)
Chandrakar, P.; Om, H.: Cryptanalysis and improvement of a biometric-based remote user authentication protocol usable in a multiserver environment. Trans. Emerg. Telecommun. Technol. (2017). doi:10.1002/ett.3200
Islam, S.H.; Khan, M.K.: Cryptanalysis and improvement of authentication and key agreement protocols for telecare medicine information systems. J. Med. Syst. 38(10), 135 (2014)
Chandrakar, P.; Om, H.: A secure and robust anonymous three-factor remote user authentication scheme for multi-server environment using ECC. Comput. Commun. 110, 26–34 (2017)
Jiang, Q.; Ma, J.; Li, G.; Yang, L.: An efficient ticket based authentication protocol with unlinkability for wireless access networks. Wirel. Pers. Commun. 77(2), 1489–1506 (2014)
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Ali, R., Pal, A.K. Three-Factor-Based Confidentiality-Preserving Remote User Authentication Scheme in Multi-server Environment. Arab J Sci Eng 42, 3655–3672 (2017). https://doi.org/10.1007/s13369-017-2665-1
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s13369-017-2665-1