Skip to main content
SpringerLink
Log in

A design of provably secure multi-factor ECC-based authentication protocol in multi-server cloud architecture

  • Published:
Cluster Computing Aims and scope Submit manuscript

Abstract

The emerging cloud infrastructure has escalated number of servers offering flexible and diverse remote services through public channels. However, user authentication in conventional single-server architecture necessitates multiple smart cards maintenance and passwords memorization to access different cloud servers. To address this limitation, researchers devised authentication protocols for multi-server architecture that offers scalable platform wherein users can access multiple servers with single registration. The multi-factor authentication protocols leverage biometric keys to bind users’ physical characteristics with their identity, offering higher security than two-factor authentication protocols. However, the existing protocols for multi-server architecture are prone to replay, user impersonation, denial of service, server spoofing attacks and lack security functionalities such as user anonymity and untraceability, backward and forward secrecy, and session key security. Moreover, the incorporation of registration center (RC) to authenticate each pair of user-server in multi-server architecture can lead to computational bottleneck and single-point failure issues on RC. To overcome these security loopholes, we design a novel provably secure multi-factor elliptic curve cryptography (ECC) based authentication protocol for multi-server architecture with offline RC for cloud environment. The formal security analysis under widely accepted real-or-random (ROR) model and informal security analysis of proposed protocol demonstrate provision of security functionalities and resilience against potential security attacks. Furthermore, we adopt Scyther security verification tool to verify our protocol’s correctness and security properties. The performance evaluation demonstrates that our protocol offers robust security functionalities with reasonable communication and computation overheads than state-of-the-art protocols.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9

Similar content being viewed by others

References

  1. Masud, M., Gaba, G.S., Choudhary, K., Alroobaea, R., Hossain, M.S.: A robust and lightweight secure access scheme for cloud based e-healthcare services. Peer-to-peer Netw. Appl. 14(5), 3043–3057 (2021). https://doi.org/10.1007/s12083-021-01162-x

    Article  Google Scholar 

  2. Sudarsa, D., Sivakumar, A.: An effective and secured authentication and sharing of data with dynamic groups in cloud. Data Knowl. Eng. 145, 102125 (2023). https://doi.org/10.1016/j.datak.2022.102125

    Article  Google Scholar 

  3. Anakath, A., Rajakumar, S., Ambika, S.: Privacy preserving multi factor authentication using trust management. Clust. Comput. 22(Suppl 5), 10817–10823 (2019). https://doi.org/10.1007/s10586-017-1181-0

    Article  Google Scholar 

  4. Tabrizchi, H., Rafsanjani, M.K.: A survey on security challenges in cloud computing: issues, threats, and solutions. J. Supercomput. 76(12), 9493–9532 (2020). https://doi.org/10.1007/s11227-020-03213-1

    Article  Google Scholar 

  5. Jangjou, M., Sohrabi, M.K.: A comprehensive survey on security challenges in different network layers in cloud computing. Arch. Comput. Methods Eng. (2022). https://doi.org/10.1007/s11831-022-09708-9

    Article  Google Scholar 

  6. Wang, D., Wang, P., Wang, C.: Efficient multi-factor user authentication protocol with forward secrecy for real-time data access in wsns. ACM Trans. Cyber-Phys. Syst. 4(3), 1–26 (2020). https://doi.org/10.1145/3325130

    Article  Google Scholar 

  7. Xu, M., Wang, D., Wang, Q., Jia, Q.: Understanding security failures of anonymous authentication schemes for cloud environments. J. Syst. Architect. (2021). https://doi.org/10.1016/j.sysarc.2021.102206

    Article  Google Scholar 

  8. Ali, R., Pal, A.K., Kumari, S., Karuppiah, M., Conti, M.: A secure user authentication and key-agreement scheme using wireless sensor networks for agriculture monitoring. Futur. Gener. Comput. Syst. 84, 200–215 (2018). https://doi.org/10.1016/j.future.2017.06.018

    Article  Google Scholar 

  9. Kumari, A., Jangirala, S., Abbasi, M.Y., Kumar, V., Alam, M.: Eseap: Ecc based secure and efficient mutual authentication protocol using smart card. J. Inf. Secur. Appl. 51, 102443 (2020). https://doi.org/10.1016/j.jisa.2019.102443

    Article  Google Scholar 

  10. Alam, I., Kumar, M.: A novel protocol for efficient authentication in cloud-based iot devices. Multimed. Tools Appl. (2022). https://doi.org/10.1007/s11042-022-11927-y

    Article  Google Scholar 

  11. Messerges, T.S., Dabbish, E.A., Sloan, R.H.: Examining smart-card security under the threat of power analysis attacks. IEEE Trans. Comput. 51(5), 541–552 (2002). https://doi.org/10.1109/TC.2002.1004593

    Article  MathSciNet  Google Scholar 

  12. Al-Saggaf, A.A., Sheltami, T., Alkhzaimi, H., Ahmed, G.: Lightweight two-factor-based user authentication protocol for iot-enabled healthcare ecosystem in quantum computing. Arab. J. Sci. Eng. 48, 2347–2357 (2023). https://doi.org/10.1007/s13369-022-07235-0

    Article  Google Scholar 

  13. Masdari, M., Ahmadzadeh, S.: A survey and taxonomy of the authentication schemes in telecare medicine information systems. J. Netw. Comput. Appl. 87, 1–19 (2017). https://doi.org/10.1016/j.jnca.2017.03.003

    Article  Google Scholar 

  14. Bouchaala, M., Ghazel, C., Saidane, L.A.: Enhancing security and efficiency in cloud computing authentication and key agreement scheme based on smart card. J. Supercomput. (2021). https://doi.org/10.1007/s11227-021-03857-7

    Article  Google Scholar 

  15. Chen, Y., Chen, J.: An efficient and privacy-preserving mutual authentication with key agreement scheme for telecare medicine information system. Peer-to-Peer Netw. Appl. 15(1), 516–528 (2022). https://doi.org/10.1007/s12083-021-01260-w

    Article  Google Scholar 

  16. Sahoo, S.S., Mohanty, S., Majhi, B.: Improved biometric-based mutual authentication and key agreement scheme using ecc. Wirel. Pers. Commun. 111(2), 991–1017 (2020). https://doi.org/10.1007/s11277-019-06897-8

    Article  Google Scholar 

  17. Haq, I.U., Wang, J., Zhu, Y., Maqbool, S.: A survey of authenticated key agreement protocols for multi-server architecture. J. Inf. Secur. Appl. 55, 102639 (2020). https://doi.org/10.1016/j.jisa.2020.102639

    Article  Google Scholar 

  18. Chatterjee, S., Roy, S., Das, A.K., Chattopadhyay, S., Kumar, N., Vasilakos, A.V.: Secure biometric-based authentication scheme using chebyshev chaotic map for multi-server environment. IEEE Trans. Dependable Secure Comput. 15(5), 824–839 (2016). https://doi.org/10.1109/TDSC.2016.2616876

    Article  Google Scholar 

  19. Chuang, M.-C., Chen, M.C.: An anonymous multi-server authenticated key agreement scheme based on trust computing using smart cards and biometrics. Expert Syst. Appl. 41(4), 1411–1418 (2014). https://doi.org/10.1016/j.eswa.2013.08.040

    Article  Google Scholar 

  20. Mishra, D., Das, A.K., Mukhopadhyay, S.: A secure user anonymity-preserving biometric-based multi-server authenticated key agreement scheme using smart cards. Expert Syst. Appl. 41(18), 8129–8143 (2014). https://doi.org/10.1016/j.eswa.2014.07.004

    Article  Google Scholar 

  21. Shen, H., Gao, C., He, D., Wu, L.: New biometrics-based authentication scheme for multi-server environment in critical systems. J. Ambient. Intell. Humaniz. Comput. 6(6), 825–834 (2015). https://doi.org/10.1007/s12652-015-0305-8

    Article  Google Scholar 

  22. Lu, Y., Li, L., Peng, H., Yang, Y.: A biometrics and smart cards-based authentication scheme for multi-server environments. Secur. Commun. Netw. 8(17), 3219–3228 (2015). https://doi.org/10.1002/sec.1246

    Article  Google Scholar 

  23. Ryu, J., Oh, J., Kwon, D., Son, S., Lee, J., Park, Y., Park, Y.: Secure ecc-based three-factor mutual authentication protocol for telecare medical information system. IEEE Access 10, 11511–11526 (2022). https://doi.org/10.1109/ACCESS.2022.3145959

    Article  Google Scholar 

  24. Bae, W.I., Kwak, J.: Smart card-based secure authentication protocol in multi-server iot environment. Multimed. Tools Appl. 79, 15793–15811 (2020). https://doi.org/10.1007/s11042-017-5548-2

    Article  Google Scholar 

  25. Lee, C.-C., Lin, T.-H., Chang, R.-X.: A secure dynamic id based remote user authentication scheme for multi-server environment using smart cards. Expert Syst. Appl. 38(11), 13863–13870 (2011). https://doi.org/10.1016/j.eswa.2011.04.190

    Article  Google Scholar 

  26. Li, X., Ma, J., Wang, W., Xiong, Y., Zhang, J.: A novel smart card and dynamic id based remote user authentication scheme for multi-server environments. Math. Comput. Model. 58(1–2), 85–95 (2013). https://doi.org/10.1016/j.mcm.2012.06.033

    Article  Google Scholar 

  27. Yoon, E.-J., Yoo, K.-Y.: Robust biometrics-based multi-server authentication with key agreement scheme for smart cards on elliptic curve cryptosystem. J. Supercomput. 63(1), 235–255 (2013). https://doi.org/10.1007/s11227-010-0512-1

    Article  Google Scholar 

  28. Kim, H., Jeon, W., Lee, K., Lee, Y., Won, D.: Cryptanalysis and improvement of a biometrics-based multi-server authentication with key agreement scheme. In: International conference on computational science and its applications, Springer, pp. 391–406 (2012). https://doi.org/10.1007/978-3-642-31137-6_30

  29. He, D., Wang, D.: Robust biometrics-based authentication scheme for multiserver environment. IEEE Syst. J. 9(3), 816–823 (2015). https://doi.org/10.1109/JSYST.2014.2301517

    Article  Google Scholar 

  30. Odelu, V., Das, A.K., Goswami, A.: A secure biometrics-based multi-server authentication protocol using smart cards. IEEE Trans. Inf. Forensics Secur. 10(9), 1953–1966 (2015). https://doi.org/10.1109/TIFS.2015.2439964

    Article  Google Scholar 

  31. Chaturvedi, A., Das, A.K., Mishra, D., Mukhopadhyay, S.: Design of a secure smart card-based multi-server authentication scheme. J. Inf. Secur. Appl. 30, 64–80 (2016). https://doi.org/10.1016/j.jisa.2016.05.006

    Article  Google Scholar 

  32. Ali, R., Pal, A.K.: Three-factor-based confidentiality-preserving remote user authentication scheme in multi-server environment. Arab. J. Sci. Eng. 42(8), 3655–3672 (2017). https://doi.org/10.1007/s13369-017-2665-1

    Article  MathSciNet  Google Scholar 

  33. Kumari, S., Li, X., Wu, F., Das, A.K., Choo, K.-K.R., Shen, J.: Design of a provably secure biometrics-based multi-cloud-server authentication scheme. Futur. Gener. Comput. Syst. 68, 320–330 (2017). https://doi.org/10.1016/j.future.2016.10.004

    Article  Google Scholar 

  34. Feng, Q., He, D., Zeadally, S., Wang, H.: Anonymous biometrics-based authentication scheme with key distribution for mobile multi-server environment. Futur. Gener. Comput. Syst. 84, 239–251 (2018). https://doi.org/10.1016/j.future.2017.07.040

    Article  Google Scholar 

  35. Kumar, A., Om, H.: An improved and secure multiserver authentication scheme based on biometrics and smartcard. Digit. Commun. Networks 4(1), 27–38 (2018). https://doi.org/10.1016/j.dcan.2017.09.004

    Article  Google Scholar 

  36. Barman, S., Das, A.K., Samanta, D., Chattopadhyay, S., Rodrigues, J.J., Park, Y.: Provably secure multi-server authentication protocol using fuzzy commitment. IEEE Access 6, 38578–38594 (2018). https://doi.org/10.1109/ACCESS.2018.2854798

    Article  Google Scholar 

  37. Jangirala, S., Mukhopadhyay, S., Das, A.K.: A multi-server environment with secure and efficient remote user authentication scheme based on dynamic id using smart cards. Wirel. Pers. Commun. 95(3), 2735–2767 (2017). https://doi.org/10.1007/s11277-017-3956-2

    Article  Google Scholar 

  38. Sahoo, S.S., Mohanty, S., Majhi, B.: An improved and secure two-factor dynamic id based authenticated key agreement scheme for multiserver environment. Wirel. Pers. Commun. 101(3), 1307–1333 (2018). https://doi.org/10.1007/s11277-018-5764-8

    Article  Google Scholar 

  39. Lwamo, N.M., Zhu, L., Xu, C., Sharif, K., Liu, X., Zhang, C.: Suaa: a secure user authentication scheme with anonymity for the single & multi-server environments. Inf. Sci. 477, 369–385 (2019). https://doi.org/10.1016/j.ins.2018.10.037

    Article  Google Scholar 

  40. Yao, H., Wang, C., Fu, X., Liu, C., Wu, B., Li, F.: A privacy-preserving rlwe-based remote biometric authentication scheme for single and multi-server environments. IEEE Access 7, 109597–109611 (2019). https://doi.org/10.1109/ACCESS.2019.2933576

    Article  Google Scholar 

  41. Barman, S., Shum, H.P., Chattopadhyay, S., Samanta, D.: A secure authentication protocol for multi-server-based e-healthcare using a fuzzy commitment scheme. IEEE Access 7, 12557–12574 (2019). https://doi.org/10.1109/ACCESS.2019.2893185

    Article  Google Scholar 

  42. Ali, Z., Hussain, S., Rehman, R.H.U., Munshi, A., Liaqat, M., Kumar, N., Chaudhry, S.A.: Itssaka-ms: an improved three-factor symmetric-key based secure aka scheme for multi-server environments. IEEE Access 8, 107993–108003 (2020). https://doi.org/10.1109/ACCESS.2020.3000716

    Article  Google Scholar 

  43. Sahoo, S.S., Mohanty, S., Majhi, B.: A secure three factor based authentication scheme for health care systems using iot enabled devices. J. Ambient. Intell. Humaniz. Comput. 12(1), 1419–1434 (2021). https://doi.org/10.1007/s12652-020-02213-6

    Article  Google Scholar 

  44. Luo, H., Wang, F., Xu, G.: Provably secure ecc-based three-factor authentication scheme for mobile cloud computing with offline registration centre. Wirel. Commun. Mob. Comput. (2021). https://doi.org/10.1155/2021/8848032

    Article  Google Scholar 

  45. Sharma, R., Arya, R.: A secure authentication technique for connecting different iot devices in the smart city infrastructure. Clust. Comput. 25(4), 2333–2349 (2022). https://doi.org/10.1007/s10586-021-03444-8

    Article  Google Scholar 

  46. Jegadeesan, S., Obaidat, M.S., Vijayakumar, P., Azees, M., Karuppiah, M.: Efficient privacy-preserving anonymous authentication scheme for human predictive online education system. Clust. Comput. 25(4), 2557–2571 (2022). https://doi.org/10.1007/s10586-021-03390-5

    Article  Google Scholar 

  47. Sivaselvan, N., Bhat, K.V., Rajarajan, M., Das, A.K., Rodrigues, J.J.: Suacc-iot: secure unified authentication and access control system based on capability for iot. Clust. Comput. (2022). https://doi.org/10.1007/s10586-022-03733-w

    Article  Google Scholar 

  48. Itoo, S., Ahmad, M., Kumar, V., Alkhayyat, A.: Rkmis: robust key management protocol for industrial sensor network system. J. Supercomput. 79, 1–29 (2023). https://doi.org/10.1007/s11227-022-05041-x

    Article  Google Scholar 

  49. Hammami, H., Yahia, S.B., Obaidat, M.S.: A novel efficient and lightweight authentication scheme for secure smart grid communication systems. J. Supercomput. 79, 1–17 (2022). https://doi.org/10.1007/s11227-022-04944-z

    Article  Google Scholar 

  50. Limbasiya, T., Sahay, S.K., Sridharan, B.: Privacy-preserving mutual authentication and key agreement scheme for multi-server healthcare system. Inf. Syst. Front. (2021). https://doi.org/10.1007/s10796-021-10115-x

    Article  Google Scholar 

  51. Roy, P.K., Bhattacharya, A.: A group key-based lightweight mutual authentication and key agreement (maka) protocol for multi-server environment. J. Supercomput. (2021). https://doi.org/10.1007/s11227-021-04114-7

    Article  Google Scholar 

  52. Koblitz, N.: Elliptic curve cryptosystems. Math. Comput. 48(177), 203–209 (1987). https://doi.org/10.1090/S0025-5718-1987-0866109-5

    Article  MathSciNet  Google Scholar 

  53. Miller, V. S.: Use of elliptic curves in cryptography. In: Conference on the theory and application of cryptographic techniques, Springer, pp. 417–426 (1985). https://doi.org/10.1007/3-540-39799-X_31

  54. Dodis, Y., Reyzin, L., Smith, A.: Fuzzy extractors: How to generate strong keys from biometrics and other noisy data. In: International conference on the theory and applications of cryptographic techniques. Springer, pp. 523–540 (2004). https://doi.org/10.1007/978-3-540-24676-3_31

  55. Sarkar, P.: A simple and generic construction of authenticated encryption with associated data. ACM Tran. Inf. Syst. Secur. 13(4), 1–16 (2010). https://doi.org/10.1145/1880022.1880027

    Article  Google Scholar 

  56. Stinson, D.R.: Some observations on the theory of cryptographic hash functions. Des. Codes Crypt. 38(2), 259–277 (2006). https://doi.org/10.1007/s10623-005-6344-y

    Article  MathSciNet  Google Scholar 

  57. Kocher, P., Jaffe, J., Jun, B., Rohatgi, P.: Introduction to differential power analysis. J. Cryptogr. Eng. 1(1), 5–27 (2011). https://doi.org/10.1007/s13389-011-0006-y

    Article  Google Scholar 

  58. Smart Card Overview, [Online], https://www.oracle.com/java/technologies/java-card/smartcards.html. Accessed 24 Feb 2023

  59. Abdalla, M., Fouque, P.-A., Pointcheval, D.: Password-based authenticated key exchange in the three-party setting. In: International Workshop on Public Key Cryptography, Springer, pp. 65–84 (2005). https://doi.org/10.1007/978-3-540-30580-4_6

  60. Rafique, F., Obaidat, M.S., Mahmood, K., Ayub, M.F., Ferzund, J., Chaudhry, S.A.: An efficient and provably secure certificateless protocol for industrial internet of things. IEEE Trans. Ind. Inf. 18(11), 8039–8046 (2022). https://doi.org/10.1109/TII.2022.3156629

    Article  Google Scholar 

  61. Ayub, M.F., Saleem, M.A., Altaf, I., Mahmood, K., Kumari, S.: Fuzzy extraction and puf based three party authentication protocol using usb as mass storage device. J. Inf. Secur. Appl. 55, 102585 (2020). https://doi.org/10.1016/j.jisa.2020.102585

    Article  Google Scholar 

  62. Zahoor, A., Mahmood, K., Shamshad, S., Saleem, M.A., Ayub, M.F., Conti, M., Das, A.K.: An access control scheme in iot-enabled smart-grid systems using blockchain and puf. Internet of Things (2023). https://doi.org/10.1016/j.iot.2023.100708

    Article  Google Scholar 

  63. Wu, F., Xu, L., Kumari, S., Li, X.: A novel and provably secure biometrics-based three-factor remote authentication scheme for mobile client-server networks. Comput. Electr. Eng. 45, 274–285 (2015). https://doi.org/10.1016/j.compeleceng.2015.02.015

    Article  Google Scholar 

  64. Jain, A.K., Nandakumar, K., Nagar, A.: Biometric template security. EURASIP J. Adv. Signal Process. 2008, 1–17 (2008). https://doi.org/10.1155/2008/579416

    Article  Google Scholar 

  65. Cremers, C.J.: The Scyther tool: verification, falsification, and analysis of security protocols. In: International Conference on Computer Aided Verification, Springer, pp. 414–418 (2008). https://doi.org/10.6100/IR614943

  66. Rehman, H.U., Ghani, A., Chaudhry, S.A., Alsharif, M.H., Nabipour, N.: A secure and improved multi server authentication protocol using fuzzy commitment. Multimed. Tools Appl. 80(11), 16907–16931 (2021). https://doi.org/10.1007/s11042-020-09078-z

    Article  Google Scholar 

Download references

Acknowledgements

Not applicable.

Author information

Authors and Affiliations

  1. Department of Computer Science and Engineering, Sardar Vallabhbhai National Institute of Technology, Surat, Gujarat, 395007, India

    Shivangi Shukla & Sankita J. Patel

Authors
  1. Shivangi Shukla
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Sankita J. Patel
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Shivangi Shukla.

Ethics declarations

Conflict of interest

The authors declare that they have no conflict of interest.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Shukla, S., Patel, S.J. A design of provably secure multi-factor ECC-based authentication protocol in multi-server cloud architecture. Cluster Comput 27, 1559–1580 (2024). https://doi.org/10.1007/s10586-023-04034-6

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10586-023-04034-6

Keywords

Search

Navigation