Advertisement

The Journal of Supercomputing

, Volume 66, Issue 2, pp 1008–1032 | Cite as

Towards secure and efficient user authentication scheme using smart card for multi-server environments

  • Te-Yu Chen
  • Cheng-Chi LeeEmail author
  • Min-Shiang Hwang
  • Jinn-Ke Jan
Article

Abstract

Two user authentication schemes for multi-server environments have been proposed by Tsai and Wang et al., respectively. However, there are some flaws existing in both schemes. Therefore, a new scheme for improving these drawbacks is proposed in this paper. The proposed scheme has the following benefits: (1) it complies with all the requirements for multi-server environments; (2) it can withstand all the well-known attacks at the present time; (3) it is equipped with a more secure key agreement procedure; and (4) it is quite efficient in terms of the cost of computation and transmission. In addition, the analysis and comparisons show that the proposed scheme outperforms the other related schemes in various aspects.

Keywords

Authentication Multi-server architecture Key agreement Forward secrecy Smart card 

Notes

Acknowledgements

This research was partially supported by the National Science Council, Taiwan, R.O.C., under contract no.: NSC101-2221-E-030-018 and NSC101-2221-E-164-017.

References

  1. 1.
    Burrows M, Abadi M, Needham R (1990) A logic of authentication. ACM Trans Comput Syst 8(1):18–36 CrossRefGoogle Scholar
  2. 2.
    Chang CC, Kuo JY (2005) An efficient multi-server password authenticated key agreement scheme using smart cards with access control. In: 19th IEEE int conf advanced information networking and applications (AINA2005), Taipei, Taiwan, March 2005, vol 2, pp 257–260 Google Scholar
  3. 3.
    Chien HY, Jan JK, Tseng YM (2002) An efficient and practical solution to remote authentication: smart card. Comput Secur 21(4):372–375 CrossRefGoogle Scholar
  4. 4.
    He D (2012) An efficient remote user authentication and key exchange protocol for mobile client-server environment from pairings. Ad Hoc Netw 10(6):1009–1016 CrossRefGoogle Scholar
  5. 5.
    He D, Chen J, Hu J (2012) An ID-based client authentication with key agreement protocol for mobile client-server environment on ECC with provable security. Inf Fusion 13(3):223–230 CrossRefGoogle Scholar
  6. 6.
    He D, Chen J, Hu J (2012) Improvement on a smart card based password authentication scheme. J Internet Technol 13(3):405–410 Google Scholar
  7. 7.
    He D, Chen J, Zhang R (2012) A more secure authentication scheme for telecare medicine information systems. J Med Syst 36(3):1989–1995 CrossRefGoogle Scholar
  8. 8.
    Hsiang HC, Shih WK (2009) Improvement of the secure dynamic ID based remote user authentication scheme for multi-server environment. Comput Stand Interfaces 31(6):1118–1123 CrossRefGoogle Scholar
  9. 9.
    Hwang MS, Li LH (2000) A new remote user authentication scheme using smart cards. IEEE Trans Consum Electron 46(1):28–30 CrossRefGoogle Scholar
  10. 10.
    Hwang RJ, Shiau SH (2007) Provably efficient authenticated key agreement protocol for multi-servers. Comput J 50(5):602–615 CrossRefGoogle Scholar
  11. 11.
    Hwang MS, Lee CC, Tang YL (2002) A simple remote user authentication scheme. Math Comput Model 36(1):103–107 MathSciNetCrossRefzbMATHGoogle Scholar
  12. 12.
    Juang WS (2004) Efficient multi-server password authenticated key agreement using smart cards. IEEE Trans Consum Electron 50(1):251–255 CrossRefGoogle Scholar
  13. 13.
    Kim S, Lim S, Won D (2002) Cryptanalysis of flexible remote password authentication scheme of ICN01. Electron Lett 38(24):1519–1520 CrossRefGoogle Scholar
  14. 14.
    Kim HS, Lee SW, Yoo KY (2003) ID-based password authentication scheme using smart cards and fingerprints. Oper Syst Rev 37(4):32–41 MathSciNetCrossRefGoogle Scholar
  15. 15.
    Ku WC (2005) Weaknesses and drawbacks of a password authentication scheme using neural networks for multiserver architecture. IEEE Trans Neural Netw 16(4):1002–1005 MathSciNetCrossRefGoogle Scholar
  16. 16.
    Ku WC, Chang ST, Chiang MH (2005) Weaknesses of a remote user authentication scheme using smart cards for multi-server architecture. IEICE Trans Commun E88-B(8):3451–3454 CrossRefGoogle Scholar
  17. 17.
    Ku WC, Chuang HM, Chiang MH (2005) Cryptanalysis of a multi-server password authenticated key agreement scheme using smart cards. IEICE Trans Fundam Electron Commun Comput Sci E88-A(11):3235–3238 CrossRefGoogle Scholar
  18. 18.
    Lamport L (1981) Password authentication with insecure communication. Commun ACM 24:77–772 Google Scholar
  19. 19.
    Lee CC (2009) On security of an efficient nonce-based authentication scheme for SIP. Int J Netw Secur 9(3):201–203 Google Scholar
  20. 20.
    Lee WB, Chang CC (2000) User identification and key distribution maintaining anonymity for distributed computer network. Comput Syst Sci Eng 15(4):211–214 MathSciNetGoogle Scholar
  21. 21.
    Lee CC, Hwang MS, Yang WP (2002) A flexible remote user authentication scheme using smart cards. Oper Syst Rev 36(3):46–52 CrossRefGoogle Scholar
  22. 22.
    Lee JK, Ryu SR, Yoo KY (2002) Fingerprint-based remote user authentication scheme using smart cards. Electron Lett 38(12):554–555 CrossRefGoogle Scholar
  23. 23.
    Lee CC, Chung PS, Hwang MS (2013) A survey on attribute-based encryption schemes of access control in cloud environments. Int J Netw Secur 15(4):231–240 Google Scholar
  24. 24.
    Li LH, Lin IC, Hwang MS (2001) A remote password authentication scheme for multi-server architecture using neural networks. IEEE Trans Neural Netw 12(6):1498–1504 CrossRefGoogle Scholar
  25. 25.
    Liao YP, Wang SS (2009) A secure dynamic ID based remote user authentication scheme for multi-server environment. Comput Stand Interfaces 31(1):24–29 CrossRefGoogle Scholar
  26. 26.
    Lin IC (2008) A neural network system for authenticating remote users in multi-server architecture. Int J Commun Syst 21:435–445 CrossRefGoogle Scholar
  27. 27.
    Lin CH, Lai YY (2004) A flexible biometrics remote user authentication scheme. Comput Stand Interfaces 27(1):19–23 CrossRefGoogle Scholar
  28. 28.
    Lin IC, Hwang MS, Li LH (2003) A new remote user authentication scheme for multi-server architecture. Future Gener Comput Syst 19:13–22 CrossRefzbMATHGoogle Scholar
  29. 29.
    Liu Y, Gao W, Yao H, Yu X (2007) Elliptic curve cryptography based wireless authentication protocol. Int J Netw Secur 5(3):327–337 Google Scholar
  30. 30.
    Sun HM (2000) An efficient remote user authentication scheme using smart cards. IEEE Trans Consum Electron 46(4):958–961 CrossRefGoogle Scholar
  31. 31.
    Tsai JL (2008) Efficient multi-server authentication scheme based on one-way hash function without verification table. Comput Secur 27:115–121 CrossRefGoogle Scholar
  32. 32.
    Tsai CS, Lee CC, Hwang MS (2006) Password authentication schemes: current status and key issues. Int J Netw Secur 3(2):101–115 Google Scholar
  33. 33.
    Tsaur WJ (2001) A flexible user authentication scheme for multi-server Internet services. In: Networking-ICN. LNCS, vol 2093. Springer, Berlin, pp 174–183 Google Scholar
  34. 34.
    Tsaur WJ, Wu CC, Lee WB (2004) A smart card-based remote scheme for password authentication in multi-server Internet services. Comput Stand Interfaces 27:39–51 CrossRefGoogle Scholar
  35. 35.
    Tsaur WJ, Wu CC, Lee WB (2005) An enhanced user authentication scheme for multi-server Internet services. Appl Math Comput 170:258–266 MathSciNetCrossRefzbMATHGoogle Scholar
  36. 36.
    Tseng YM, Wu TY, Wu JD (2008) A pairing-based user authentication scheme for wireless clients with smart cards. Informatica 19(2):285–302 Google Scholar
  37. 37.
    Wang S, Cao Z, Bao H (2008) Efficient certificateless authentication and key agreement (CL-AK) for grid computing. Int J Netw Secur 7(3):342–347 Google Scholar
  38. 38.
    Wang RC, Juang WS, Lei CL (2009) User authentication scheme with privacy-preservation for multi-server environment. IEEE Commun Lett 13(2):157–159 CrossRefzbMATHGoogle Scholar
  39. 39.
    Yang SP, Li X (2007) Defect in protocol analysis with BAN logic on man-in-the-middle attacks. Appl Res Comput 24(3):149–151 Google Scholar

Copyright information

© Springer Science+Business Media New York 2013

Authors and Affiliations

  • Te-Yu Chen
    • 1
  • Cheng-Chi Lee
    • 2
    • 3
    Email author
  • Min-Shiang Hwang
    • 4
  • Jinn-Ke Jan
    • 5
  1. 1.National Tainan Institute of NursingTainan CityTaiwan, ROC
  2. 2.Department of Library and Information ScienceFu Jen Catholic UniversityNew Taipei CityTaiwan, ROC
  3. 3.Department of Photonics & Communication EngineeringAsia UniversityTaichungTaiwan, ROC
  4. 4.Department of Computer Science and Information EngineeringAsia UniversityTaichungTaiwan, ROC
  5. 5.Department of Computer Science and EngineeringNational Chung Hsing UniversityTaichungTaiwan, ROC

Personalised recommendations