Advertisement

The Journal of Supercomputing

, Volume 74, Issue 9, pp 4771–4797 | Cite as

An efficient and secure design of multi-server authenticated key agreement protocol

  • Azeem Irshad
  • Husnain Naqvi
  • Shehzad Ashraf Chaudhry
  • Shouket Raheem
  • Saru Kumari
  • Ambrina Kanwal
  • Muhammad Usman
Article
  • 57 Downloads

Abstract

Multi-server authentication, being a crucial component of remote communication, provides the ease of one-time registration to users from a centralized registration authority. Therefore, the users could avail the offered services after getting authenticated of any service provider using the same registration credentials. In recent years, many multi-server authentication protocols have been demonstrated. Nonetheless, the existing schemes do not meet the security and efficiency requirements of the time. Recently, Chuang et al. presented a multi-server biometric authentication protocol which was later crypt-analysed and improved by Lin et al. with the identification of few attacks. Later, we discover that Lin et al.’s protocol is still prone to replay attack, privileged insider attack, trace attack, de-synchronization attack and key-compromise impersonation attacks. In this study, we present a multi-server authentication protocol which is not only comparable with Lin et al.’s scheme but also efficient than other state-of-the-art multi-server protocols. The security properties of our scheme are proved using formal analysis and evaluated with automated verification tool based on ProVerif.

Keywords

Multi-server authentication Biometric verification Online service providers Cryptanalysis Attacks 

References

  1. 1.
    Lamport L (1981) Password authentication with insecure communication. Commun ACM 24(11):770–772CrossRefGoogle Scholar
  2. 2.
    Sun HM (2000) An efficient remote user authentication scheme using smart cards. IEEE Trans Consum Electron 46(4):958–961CrossRefGoogle Scholar
  3. 3.
    Awashti AK, Sunder L (2004) An enhanced remote user authentication scheme using smartcards. IEEE Trans Consum Electron 50(2):583–586CrossRefGoogle Scholar
  4. 4.
    Khan MK (2009) Fingerprint biometric-based self and deniable authentication schemes for the electronic world. IETE Tech Rev 26(3):191–195CrossRefGoogle Scholar
  5. 5.
    Liao YP, Wang SS (2009) A secure dynamic ID based remote user authentication scheme for multi-server environment. Comput Stand Interfaces 31(1):24–29CrossRefGoogle Scholar
  6. 6.
    Wen FT, Li XL (2011) An improved dynamic ID-based remote user authentication with key agreement scheme. Comput Electr Eng 38(2):381–387MathSciNetCrossRefGoogle Scholar
  7. 7.
    Hsiang HC, Shih WK (2009) Improvement of the secure dynamic ID based remote user authentication scheme for multi-server environment. Comput Stand Interfaces 31(6):1118–1123CrossRefGoogle Scholar
  8. 8.
    Lee CC, Lin TH, Chang RX (2011) A secure dynamic ID based remote user authentication scheme for multi-server environment using smart cards. Expert Syst Appl 38(11):13863–13870Google Scholar
  9. 9.
    Guo DL, Wen FT (2014) Analysis and improvement of a robust smart card based-authentication scheme for multi-server architecture. Wirel Pers Commun 78(1):475–490CrossRefGoogle Scholar
  10. 10.
    Wen FT, Susilo W, Yang GM (2013) A robust smart card based anonymous user authentication protocol for wireless communications. Secur Commun Netw 7(6):987–993CrossRefGoogle Scholar
  11. 11.
    Sood SK, Sarje AK, Singh K (2011) A secure dynamic identity based authentication protocol for multi-server architecture. J Netw Comput Appl 34(2):609–618CrossRefGoogle Scholar
  12. 12.
    Li X, Xiong YP, Ma J, Wang WD (2012) An efficient and security dynamic identity based authentication protocol for multi-server architecture using smart cards. J Netw Comput Appl 35(2):763–769CrossRefGoogle Scholar
  13. 13.
    Xue KP, Hong PL, Ma CS (2014) A lightweight dynamic pseudonym identity based authentication and key agreement protocol without verification tables for multi-server architecture. J Comput Syst Sci 80(1):195–206MathSciNetzbMATHCrossRefGoogle Scholar
  14. 14.
    Li CT, Hwang MS (2010) An efficient biometrics-based remote user authentication scheme using smart cards. J Netw Comput Appl 33(1):1–5CrossRefGoogle Scholar
  15. 15.
    Khan MK, Zhang J (2007) Improving the security of a flexible biometrics remote user authentication scheme. Comput Stand Interfaces 29(1):82–85CrossRefGoogle Scholar
  16. 16.
    Kim HS, Lee JK, Yoo KY (2003) ID-based password authentication scheme using smart cards and fingerprints. ACM SIGOPS Oper Syst Rev 37(4):32–41CrossRefGoogle Scholar
  17. 17.
    Lee JK, Ryu SR, Yoo KY (2002) Finger print-based remote user authentication scheme using smart cards. Electron Lett 38(12):554–555CrossRefGoogle Scholar
  18. 18.
    Chuang MC, Chen MC (2014) An anonymous multi-server authenticated key agreement scheme based on trust computing using smart cards and biometrics. Expert Syst Appl 41(4):1411–1418CrossRefGoogle Scholar
  19. 19.
    Lin H, Fengtong W, Chunxia D (2015) An improved anonymous multi-server authenticated key agreement scheme using smart cards and biometrics. Wirel Pers Commun 84:2351–2362CrossRefGoogle Scholar
  20. 20.
    Kocher P, Jaffe J, Jun B (1999) Differential power analysis. Adv Cryptol CRYPTO’99 1666(16):388–397zbMATHGoogle Scholar
  21. 21.
    Messerges TS, Dabbish EA, Sloan RH (2002) Examining smart-card security under the threat of power analysis attacks. IEEE Trans Comput 51(5):541–552MathSciNetzbMATHCrossRefGoogle Scholar
  22. 22.
    Chatterjee S, Roy S, Das AK, Chattopadhyay S, Kumar N, Vasilakos AV (2016) Secure biometric-based authentication scheme using Chebyshev chaotic map for multi-server environment. IEEE Trans Dependable Secure Comput.  https://doi.org/10.1109/TDSC.2016.2616876
  23. 23.
    Reddy AG, Yoon EJ, Das AK, Odelu V, Yoo KY (2017) Design of mutually authenticated key agreement protocol resistant to impersonation attacks for multi-server environment. IEEE Access 5:3622–3639CrossRefGoogle Scholar
  24. 24.
    Odelu V, Das AK, Goswami A (2015) A secure biometrics-based multi-server authentication protocol using smart cards. IEEE Trans Inf Forensics Secur 10(9):1953–1966CrossRefGoogle Scholar
  25. 25.
    Irshad A, Chaudhry SA, Kumari S, Usman M, Mahmood K, Faisal MS (2017) An improved lightweight multiserver authentication scheme. Int J Commun Syst 30(17).  https://doi.org/10.1002/dac.3351
  26. 26.
    Kumari S, Das AK, Li X, Wu F, Khan MK, Jiang Q, Islam SH (2018) A provably secure biometrics-based authenticated key agreement scheme for multi-server environments. Multimed Tools Appl 77(2):2359–2389CrossRefGoogle Scholar
  27. 27.
    Jangirala S, Mukhopadhyay S, Das AK (2017) A multi-server environment with secure and efficient remote user authentication scheme based on dynamic ID using smart cards. Wirel Pers Commun 95:2735–2767CrossRefGoogle Scholar
  28. 28.
    Reddy AG, Das AK, Yoon EJ, Yoo KY (2016) An anonymous authentication with key-agreement protocol for multi-server architecture based on biometrics and smartcards. KSII Trans Internet Inf Syst 10(7):3371–3396Google Scholar
  29. 29.
    Reddy AG, Das AK, Odelu V, Yoo KY (2016) An enhanced biometric based authentication with key-agreement protocol for multi-server architecture based on elliptic curve cryptography. PLoS ONE 11(5):e0154308CrossRefGoogle Scholar
  30. 30.
    Irshad A, Kumari S, Li X, Wu F, Chaudhry SA, Arshad H (2017) An improved SIP authentication scheme based on server-oriented biometric verification. Wirel Pers Commun 97(2):2145–2166CrossRefGoogle Scholar
  31. 31.
    He D, Wang D (2015) Robust biometrics-based authentication scheme for multiserver environment. IEEE Syst J 9(3):816–823CrossRefGoogle Scholar
  32. 32.
    Li X, Niu J, Kumari S, Islam SH, Wu F, Khan MK, Das AK (2016) A novel chaotic maps-based user authentication and key agreement protocol for multi-server environments with provable security. Wirel Pers Commun 89(2):569–597CrossRefGoogle Scholar
  33. 33.
    Jiang Qi, Ma Jianfeng, Wei Fushan (2016) On the security of a privacy-aware authentication scheme for distributed mobile cloud computing services. IEEE Syst J.  https://doi.org/10.1109/JSYST.2016.2574719 Google Scholar
  34. 34.
    He D, Zeadally S, Kumar N, Wu W (2016) Efficient and anonymous mobile user authentication protocol using self-certified public key cryptography for multi-server architectures. IEEE Trans Inf Forensics Secur 11(9):2052–2064CrossRefGoogle Scholar
  35. 35.
    Li X, Ma J, Wang W, Xiong Y, Zhang J (2013) A novel smart card and dynamic ID based remote user authentication scheme for multi-server environments. Math Comput Model 58(1):85–95CrossRefGoogle Scholar
  36. 36.
    Irshad A, Sher M, Chaudhary SA, Naqvi H, Farash MS (2016) An efficient and anonymous multi-server authenticated key agreement based on chaotic map without engaging Registration Centre. J Supercomput 72(4):1623–1644CrossRefGoogle Scholar
  37. 37.
    Jiang Qi, Ma Jianfeng, Li Guangsong, Li Xinghua (2015) Improvement of robust smart-card-based password authentication scheme. Int J Commun Syst 28(2):383–393CrossRefGoogle Scholar
  38. 38.
    Li X, Xiong Y, Ma J, Wang W (2012) An efficient and security dynamic identity based authentication protocol for multi-server architecture using smart cards. J Netw Comput Appl 35(2):763–769CrossRefGoogle Scholar
  39. 39.
    Irshad A, Sher M, Ahmad HF, Alzahrani BA, Chaudhry SA, Kumar R (2016) An improved multi-server authentication scheme for distributed mobile cloud computing services. KSII Trans Internet Inf Syst (TIIS) 10(12):5529–5552Google Scholar
  40. 40.
    Chaudhry SA, Naqvi H, Farash MS, Shon T, Sher M (2015) An improved and robust biometrics-based three factor authentication scheme for multiserver environments. J Supercomput.  https://doi.org/10.1007/s11227-015-1601-y Google Scholar
  41. 41.
    Jiang Qi, Ma Jianfeng, Xiang Lu, Tian Youliang (2015) An efficient two-factor user authentication scheme with unlinkability for wireless sensor networks. Peer-to-Peer Netw Appl 8(6):1070–1081.  https://doi.org/10.1007/s12083-014-0285-z CrossRefGoogle Scholar
  42. 42.
    Irshad A, Sher M, Nawaz O, Chaudhry SA, Khan I, Kumari S (2017) A secure and provable multi-server authenticated key agreement for TMIS based on Amin et al. scheme. Multimed Tools Appl 76(15):16463–16489CrossRefGoogle Scholar
  43. 43.
    Jiang P, Wen Q, Li W, Jin Z, Zhang H (2015) An anonymous and efficient remote biometrics user authentication scheme in a multi server environment. Front Comput Sci 9(1):142–156MathSciNetCrossRefGoogle Scholar
  44. 44.
    Irshad A, Sher M, Chaudhry SA, Xie Q, Kumari S, Wu F (2018) An improved and secure chaotic map based authenticated key agreement in multi-server architecture. Multimed Tools Appl 77(1):1167–1204CrossRefGoogle Scholar
  45. 45.
    Chaudhry SA (2016) A secure biometric based multi-server authentication scheme for social multimedia networks. Multimed Tools Appl 75(20):12705–12725CrossRefGoogle Scholar
  46. 46.
    Jiang Qi, Wei Fushan, Shuai Fu, Ma Jianfeng, Li Guangsong, Alelaiwi Abdulhameed (2016) Robust extended chaotic maps-based three-factor authentication scheme preserving biometric template privacy. Nonlinear Dyn 83(4):2085–2101MathSciNetzbMATHCrossRefGoogle Scholar
  47. 47.
    Irshad A, Ahmad HF, Alzahrani BA, Sher M, Chaudhry SA (2016) An efficient and anonymous chaotic map based authenticated key agreement for multi-server architecture. KSII Trans Internet Inf Syst (TIIS) 10(12):5572–5595Google Scholar
  48. 48.
    Li X, Niu J, Khan MK, Liao J (2013) An enhanced smart card based remote user password authentication scheme. J Netw Comput Appl 36(5):1365–1371CrossRefGoogle Scholar
  49. 49.
    Kumari S, Li X, Wu F, Das AK, Arshad H, Khan MK (2016) A user friendly mutual authentication and key agreement scheme for wireless sensor networks using chaotic maps. Future Gener Comput Syst 63:56–75CrossRefGoogle Scholar
  50. 50.
    Chaudhry SA, Farash MS, Naqvi H, Kumari S, Khan MK (2015) An enhanced privacy preserving remote user authentication scheme with provable security. Secur Commun Netw 8(18):3782–3795CrossRefGoogle Scholar
  51. 51.
    Blanchet B, Cheval V, Allamigeon X, Smyth B ProVerif: cryptographic protocol verifier in the formal model. http://prosecco.gforge.inria.fr/personal/bblanche/proverif/. Accessed 10 Mar 2018
  52. 52.
    Burrows M, Abadi M, Needham R (1990) A logic of authentication. ACM Trans Comput Syst 8(1):18–36.  https://doi.org/10.1145/77648.77649 zbMATHCrossRefGoogle Scholar
  53. 53.
    Burrows M, Abadi M, Needham RM (1871) A logic of authentication. Proc R Soc Lond A Math Phys Sci 1989(426):233–271zbMATHGoogle Scholar
  54. 54.
    Kumari S, Li X, Wu F, Das AK, Choo KKR, Shen J (2017) Design of a provably secure biometrics-based multi-cloud-server authentication scheme. Future Gener Comput Syst 68:320–330CrossRefGoogle Scholar
  55. 55.
    Li X, Wang K, Shen J, Kumari S, Wu F, Hu Y (2016) An enhanced biometrics-based user authentication scheme for multi-server environments in critical systems. J Ambient Intell Humaniz Comput 7(3):427–443CrossRefGoogle Scholar
  56. 56.
    Amin R, Islam SH, Biswas GP, Khan MK, Kumar N (2015) An efficient and practical smart card based anonymity preserving user authentication scheme for TMIS using elliptic curve cryptography. J Med Syst 39(11):180CrossRefGoogle Scholar

Copyright information

© Springer Science+Business Media, LLC, part of Springer Nature 2018

Authors and Affiliations

  1. 1.Department of Computer Science and Software EngineeringInternational Islamic UniversityIslamabadPakistan
  2. 2.Computer Science DepartmentFederal Urdu UniversityIslamabadPakistan
  3. 3.Department of MathematicsChaudhary Charan Singh UniversityMeerutIndia
  4. 4.Computer Science DepartmentBahria UniversityIslamabadPakistan
  5. 5.Department of Computer SciencesQuaid-e-Azam UniversityIslamabadPakistan

Personalised recommendations