Advertisement

A new three-factor authentication and key agreement protocol for multi-server environment

  • T. SudhakarEmail author
  • V. Natarajan
Article
  • 24 Downloads

Abstract

Several password and smart-card based two-factor security remote user authentication protocols for multi-server environment have been proposed for the last two decades. Due to tamper-resistant nature of smart cards, the security parameters are stored in it and it is also a secure place to perform authentication process. However, if the smart card is lost or stolen, it is possible to extract the information stored in smart card using power analysis attack. Hence, the two factor security protocols are at risk to various attacks such as password guessing attack, impersonation attack, replay attack and so on. Therefore, to enhance the level of security, researchers have focused on three-factor (Password, Smart Card, and Biometric) security authentication scheme for multi-server environment. In existing biometric based authentication protocols, keys are generated using fuzzy extractor in which keys cannot be renewed. This property of fuzzy extractor is undesirable for revocation of smart card and re-registration process when the smart card is lost or stolen. In addition, existing biometric based schemes involve public key cryptosystem for authentication process which leads to increased computation cost and communication cost. In this paper, we propose a new multi-server authentication protocol using smart card, hash function and fuzzy embedder based biometric. We use Burrows–Abadi–Needham logic to prove the correctness of the new scheme. The security features and efficiency of the proposed scheme is compared with recent schemes and comparison results show that this scheme provides strong security with a significant efficiency.

Keywords

Authentication BAN logic Biometric Multi-server environment Smart card Three-factor security 

References

  1. 1.
    Lamport, L. (1981). Password authentication with insecure communication. Communications of the ACM, 24, 770–772.Google Scholar
  2. 2.
    Chang, C. C., & Wu, T. C. (1991). Remote password authentication with smart cards. IEE Proceedings-e, 138(3), 165–168.Google Scholar
  3. 3.
    Wu, T. C. (1995). Remote login authentication scheme based on the geometric approach. Computer Communications, 18(12), 959–963.Google Scholar
  4. 4.
    Wu, T. C., & Sung, H. S. (1996). Authentication passwords over an insecure channel. Computers & Security, 15(5), 431–439.Google Scholar
  5. 5.
    Wang, S.-J., & Chang, J.-F. (1996). Smart card based secure password authentication scheme. Computers & Security, 15(3), 231–237.Google Scholar
  6. 6.
    Yang, W.-H., & Shieh, S.-P. (1999). Password authentication scheme with smart card. Computers & Security, 18(8), 727–733.Google Scholar
  7. 7.
    Jan, J. K., & Chen, Y. Y. (1998). Paramita wisdom password authentication scheme without verification tables. The Journal of Systems and Software, 42(1), 45–57.MathSciNetGoogle Scholar
  8. 8.
    Hwang, M. S., & Li, L. H. (2000). A new remote user authentication scheme using smart cards. IEEE Transactions on Consumer Electronics, 46(1), 28–30.Google Scholar
  9. 9.
    Li, L. H., Lin, L. C., & Hwang, M. S. (2001). A remote password authentication scheme for multi-server architecture using neural networks. IEEE Transactions on Neural Networks, 12(6), 1498–1504.Google Scholar
  10. 10.
    Lin, I. C., Hwang, M. S., & Li, L. H. (2003). A new remote user authentication scheme for multi-server architecture. Future Generation Computer Systems, 19(1), 13–22.zbMATHGoogle Scholar
  11. 11.
    Juang, W. S. (2004). Efficient multi-server password-authenticated key agreement using smart cards. IEEE Transactions on Consumer Electronics, 50(1), 251–255.MathSciNetGoogle Scholar
  12. 12.
    Liao, I.-E., Lee, C.-C., & Hwang, M.-S. (2006). A password authentication scheme over insecure networks. Journal of Computer and System Sciences, 72, 727–740.MathSciNetzbMATHGoogle Scholar
  13. 13.
    Chao, J. (2012). An Improved remote password authentication scheme with smartcard. Journal of Electronics, 29(6), 550–555.Google Scholar
  14. 14.
    Liao, Y.-P., & Wang, S.-S. (2009). A secure dynamic ID-based remote user authentication scheme for a multi-server environment. Computer Standards and Interfaces, 31(1), 24–29.Google Scholar
  15. 15.
    Sood, S. K., Sarje, A. K., & Singh, K. (2011). A secure dynamic identity based authentication protocol for multi-server architecture. Journal of Network and Computer Applications, 34(2), 609–618.Google Scholar
  16. 16.
    Hsiang, H. C., & Shih, W. K. (2009). Improvement of the secure dynamic ID-based remote user authentication scheme for a multi-server environment. Computer Standards and Interfaces, 31(6), 1118–1123.Google Scholar
  17. 17.
    Lee, C. C., Lin, T. H., & Chang, R. X. (2011). A secure dynamic ID based remote user authentication scheme for multi-server environment using smart cards. Expert System with Applications, 38(11), 13863–13870.Google Scholar
  18. 18.
    Li, X. J., et al. (2013). A novel smart card and dynamic ID based remote user authentication scheme for multi-serverenvironment. Mathematical and Computer Modelling, 58(1–2), 85–95.Google Scholar
  19. 19.
    Pippal, R. S., Jaidhar, C. D., & Tapaswi, S. (2013). Robust smart card authentication scheme for multi-server architecture. Wireless Personal Communications, 72(1), 729–745.Google Scholar
  20. 20.
    Saraswathi, S., Renuka Devi, S., & Yogesh, P. (2015). Secure and efficient smart-card-based remote user authentication scheme for multi-server environment. Canadian Journal of Electrical and Computer Engineering, 38(1), 20–30.Google Scholar
  21. 21.
    Kocher, P., Jaffe, J., & Jun, B. (1999). Differential power analysis. In 19th annual international cryptology conference CRYPTO’99. pp. 388–397.Google Scholar
  22. 22.
    Messergers, T. S., Dabbish, E. A., & Sloan, R. H. (2002). Examining smart card security under the threat of power analysis attacks. IEEE Transactions on Computers, 51(5), 541–552.MathSciNetzbMATHGoogle Scholar
  23. 23.
    Lee, J. K., Ryu, S. R., & Yoo, K. Y. (2002). Fingerprint-based remote user authentication scheme using smart cards. Electronics Letters, 38(12), 554–555.Google Scholar
  24. 24.
    Lin, C.-H., & Lai, Y.-Y. (2004). A flexible biometrics remote user authentication scheme. Computer Standards Interfaces, 27, 19–23.Google Scholar
  25. 25.
    Khan, M. K., & Zhang, J. (2007). Improving the security of a flexible biometrics remote user authentication scheme. Computer Standards Interfaces, 29, 82–85.Google Scholar
  26. 26.
    Khan, M. K., Zhang, J., & Wang, X. (2008). Chaotic hash-based fingerprint biometric remote user authentication scheme on mobile devices. Chaos, Solitons and Fractals, 35, 519–524.Google Scholar
  27. 27.
    Li, C.-T., & Hwang, M.-S. (2010). An online biometrics-based secret sharing scheme for multiparty cryptosystem using smart cards. In ICIC international conference 2010. ISSN:1349-4198.Google Scholar
  28. 28.
    Li, C.-T., & Hwang, M.-S. (2010). An efficient biometrics-based remoteuser authentication scheme using smart cards. Journal of Network and Computer Applications, 33, 1–5.Google Scholar
  29. 29.
    Li, X., Niu, J.-W., Ma, J., Wang, W.-D., & Liu, C.-L. (2011). Cryptanalysis and improvement of a biometric-based remote user authentication scheme using smart cards. Journal of network and computer applications, 34(1), 73–79.Google Scholar
  30. 30.
    Chuang, M.-C., & Chen, M. C. (2014). An anonymous multi-server authenticated key agreement scheme based on trust computing using smart cards and biometrics. Expert Systems with Applications, 41(4), 1411–1418.Google Scholar
  31. 31.
    Das, A. K., Mishra, D., & Mukhopadhyay, S. (2014). A secure user anonymity preserving biometric-based multi-server authenticated key agreement scheme using smart cards. Expert Systems with Applications, 41, 8129–8143.Google Scholar
  32. 32.
    Baruah, K. C., Banerjee, S., Dutta, M. P., & Bhunia, C. T. (2015). An improved biometric-based multi-server authentication scheme using smart card. international journal of security and its applications, 9(1), 397–408.Google Scholar
  33. 33.
    Lin, Y., Wang, K., Zhang, B., Liu, Y., & Li, X. (2016). An enhanced biometric-based three factors user authentication scheme for multi-server environments. International Journal of Security and Its Applications, 10(1), 315–328.Google Scholar
  34. 34.
    He, D., & Wang, D. (2015). Robust biometrics-based authentication scheme for multi-server environment. IEEE Systems Journal, 9(3), 816–823.Google Scholar
  35. 35.
    Yoon, E.-J., & Yoo, K.-Y. (2013). Robust biometrics-based multi-server authentication with key agreement scheme for smart cards on elliptic curve cryptosystem. Journal of Supercomputing, 63(1), 235–255.Google Scholar
  36. 36.
    Odelu, V., Das, A. K., & Goswami, A. (2015). A secure biometrics-based multi-server authentication protocol using smart cards. IEEE Transactions on Information Forensics and Security, 10(9), 1953–1966.Google Scholar
  37. 37.
    Subhas, B., Das, A. K., Samanta, D., Samiran, C., Joel, J. P. C., & Youngho, P. (2018). Provably secure multi-server authentication protocol using fuzzy commitment. IEEE Access, 6, 38578–38594.Google Scholar
  38. 38.
    Buhan, I., Doumen, J., Hartel, P., Tang, Q., & Veldhuis, R. (2010). Embedding renewable cryptographic keys into noisy data. International Journal of Information Security, 9(3), 193–208.Google Scholar
  39. 39.
    Burrows, M., Abadi, M., & Needham, R. (1990). A logic of authentication. ACM Transactions on Computer Systems, 8(1), 18–36.zbMATHGoogle Scholar
  40. 40.
    Lu, Y., Li, L., Yang, X., & Yang, Y. (2015). Robust biometrics based authentication and key agreement scheme for multi-server environments using smart cards. PLoS ONE, 10(5), 1–13.Google Scholar
  41. 41.
    Lin, H., Wen, F., & Du, C. (2015). An improved anonymous multi-server authenticated key agreement scheme using smart cards and biometrics. Wireless Personal Communications, 84(4), 2351–2362.Google Scholar
  42. 42.
    Reddy, A. G., Yoon, E.-J., Das, A. K., Odelu, V., & Yoo, K.-Y. (2017). Design of mutually authenticated key agreement protocol resistant to impersonation attacks for multi-server environment. IEEE Access, 5, 3622–3639.Google Scholar
  43. 43.
    Security Protocol Animator for AVISPA. http://www.irisa.fr/celtique/genet/span/. Accessed April 2016.
  44. 44.
    AVISPA. Automated validation of internet security protocols and applications. http://www.avispa-project.org/. Accessed April 2016.
  45. 45.
    Kilinc, H. H., & Yanik, T. (2014). A survey of SIP authentication and key agreement schemes. IEEE Communications Surveys and Tutorials, 16(2), 1005–1023.Google Scholar

Copyright information

© Springer Science+Business Media, LLC, part of Springer Nature 2019

Authors and Affiliations

  1. 1.Department of Computer Technology, MIT CampusAnna UniversityChennaiIndia
  2. 2.Department of Instrumentation Engineering, MIT CampusAnna UniversityChennaiIndia

Personalised recommendations