Towards secure and efficient user authentication scheme using smart card for multi-server environments
- 509 Downloads
Two user authentication schemes for multi-server environments have been proposed by Tsai and Wang et al., respectively. However, there are some flaws existing in both schemes. Therefore, a new scheme for improving these drawbacks is proposed in this paper. The proposed scheme has the following benefits: (1) it complies with all the requirements for multi-server environments; (2) it can withstand all the well-known attacks at the present time; (3) it is equipped with a more secure key agreement procedure; and (4) it is quite efficient in terms of the cost of computation and transmission. In addition, the analysis and comparisons show that the proposed scheme outperforms the other related schemes in various aspects.
KeywordsAuthentication Multi-server architecture Key agreement Forward secrecy Smart card
This research was partially supported by the National Science Council, Taiwan, R.O.C., under contract no.: NSC101-2221-E-030-018 and NSC101-2221-E-164-017.
- 2.Chang CC, Kuo JY (2005) An efficient multi-server password authenticated key agreement scheme using smart cards with access control. In: 19th IEEE int conf advanced information networking and applications (AINA2005), Taipei, Taiwan, March 2005, vol 2, pp 257–260 Google Scholar
- 6.He D, Chen J, Hu J (2012) Improvement on a smart card based password authentication scheme. J Internet Technol 13(3):405–410 Google Scholar
- 18.Lamport L (1981) Password authentication with insecure communication. Commun ACM 24:77–772 Google Scholar
- 19.Lee CC (2009) On security of an efficient nonce-based authentication scheme for SIP. Int J Netw Secur 9(3):201–203 Google Scholar
- 23.Lee CC, Chung PS, Hwang MS (2013) A survey on attribute-based encryption schemes of access control in cloud environments. Int J Netw Secur 15(4):231–240 Google Scholar
- 29.Liu Y, Gao W, Yao H, Yu X (2007) Elliptic curve cryptography based wireless authentication protocol. Int J Netw Secur 5(3):327–337 Google Scholar
- 32.Tsai CS, Lee CC, Hwang MS (2006) Password authentication schemes: current status and key issues. Int J Netw Secur 3(2):101–115 Google Scholar
- 33.Tsaur WJ (2001) A flexible user authentication scheme for multi-server Internet services. In: Networking-ICN. LNCS, vol 2093. Springer, Berlin, pp 174–183 Google Scholar
- 36.Tseng YM, Wu TY, Wu JD (2008) A pairing-based user authentication scheme for wireless clients with smart cards. Informatica 19(2):285–302 Google Scholar
- 37.Wang S, Cao Z, Bao H (2008) Efficient certificateless authentication and key agreement (CL-AK) for grid computing. Int J Netw Secur 7(3):342–347 Google Scholar
- 39.Yang SP, Li X (2007) Defect in protocol analysis with BAN logic on man-in-the-middle attacks. Appl Res Comput 24(3):149–151 Google Scholar