Skip to main content

Provable Identity Based User Authentication Scheme on ECC in Multi-server Environment

Abstract

With non-stop development of e-commerce and different internet-based applications’ demands, service providers include many physical servers scattering all over the world. If some users would like to use various services, they have to repeatedly register. Therefore, they must remember all these information such as, user-names or passwords. To solve this problem, many authentication schemes in multi-server environment are proposed. Furthermore, to prevent the adversary from keeping track of another user when he or she logins, many schemes apply dynamic identity, but they have some limitations with popular kinds of attacks such as, replay attack, impersonation attack, or man-in-the-middle attack...  In 2014, Yeh (Department of Information Management, National Dong Hwa University) proposed multi-server scheme using Rivest–Shamir–Adleman (RSA). However, we discover this scheme cannot achieve two basic properties, mutual authentication and session-key agreement. In this paper, we concretely demonstrate that discovery and propose a different provable version using elliptic curve cryptosystem in multi-server environment which overcomes the limitation of Yeh’s scheme and satisfies security and efficiency.

This is a preview of subscription content, access via your institution.

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6

References

  1. 1.

    Lamport, L. (1981). Password authentication with insecure communication. Communications of the ACM, 24(11), 770–772.

    MathSciNet  Article  Google Scholar 

  2. 2.

    Hwang, M. S., & Li, L. H. (2000). A new remote user authentication scheme using smart cards. IEEE Transactions on Consumer Electronics, 46(1), 28–30.

    Article  Google Scholar 

  3. 3.

    ElGamal, T. (1985). A public key cryptosystem and a signature scheme based on discrete logarithms. IEEE Transactions on Information Theory, 32(4), 469–472.

    MathSciNet  Article  MATH  Google Scholar 

  4. 4.

    Li, L. H., Lin, L. C., & Hwang, M. S. (2001). A remote password authentication scheme for multi-server architecture using neural networks. IEEE Transactions on Neural Networks, 12(6), 1498–1504.

    Article  Google Scholar 

  5. 5.

    Juang, W. S. (2004). Efficient multi-server password authenticated key agreement using smart cards. IEEE Transaction on Consumer Electronics, 50(1), 251–255.

    Article  Google Scholar 

  6. 6.

    Chang, C. C., & Lee, J. S. (2004). An efficient and secure multi-server password authentication scheme using smart-cards. In Proceedings of the third international conference on cyber worlds (pp. 417–422).

  7. 7.

    Ku, W. C., Chuang, H. M., Chiang, M. H., & Chang, K. T. (2005). Weaknesses of a multi-server password authenticated key agreement scheme. In Proceedings of 2005 national computer symposium (pp. 1–5).

  8. 8.

    Liao, Y. P., & Wang, S. S. (2009). A secure dynamic ID based remote user authentication scheme for multi-server environment. Computer Standards and Interfaces, 31(1), 24–29.

    Article  Google Scholar 

  9. 9.

    Hsiang, H. C., & Shih, W. K. (2009). Improvement of the secure dynamic ID based remote user authentication scheme for multi-server environment. Computer Standards and Interfaces, 31(6), 1118–1123.

    Article  Google Scholar 

  10. 10.

    Lee, C. C., Lin, T. H., & Chang, R. X. (2011). A secure dynamic ID based remote user authentication scheme for multi-server environment using smart-cards. Expert Systems with Applications, 38(11), 13863–13870.

    Google Scholar 

  11. 11.

    Wang, B., & Ma, M. (2012). A smartcard based efficient and secured multi-server authentication scheme. Wireless Personal Communications, 68(2), 361–378.

    Article  Google Scholar 

  12. 12.

    Pippal, R. S., Jaidhar, C. D., & Tapaswi, S. (2013). Robust smartcard authentication scheme for multi-server architecture. Wireless Personal Communications, 72(1), 729–745.

    Article  Google Scholar 

  13. 13.

    Yeh, K. H. (2014). A provably secure multi-server based authentication scheme. Wireless Personal Communications, 79(3), 1621–1634.

    Article  Google Scholar 

  14. 14.

    Rivest, R. L., Shamir, A., & Adleman, L. (1978). A method for obtaining digital signatures and public-key cryptosystems. Communications of the ACM, 21(2), 120–126.

    MathSciNet  Article  MATH  Google Scholar 

  15. 15.

    Bellare, M., Pointcheval, D., & Rogaway, P. (2000). Authenticated key exchange secure against dictionary attacks. In Proceedings of EUROCRYPT (Vol. 1807, pp. 140–156).

  16. 16.

    Li, X., Ma, Y., & Wang, J. (2012). An efficient and security dynamic identity based authentication protocol for multi-server architecture using smart cards. Journal of Network and Computer Application, 35(2), 763–769.

    Article  Google Scholar 

Download references

Acknowledgements

This research is funded by Vietnam National University Ho Chi Minh City (VNU-HCM) under Grant No. B2015-18-01.

Author information

Affiliations

Authors

Corresponding author

Correspondence to Toan-Thinh Truong.

Rights and permissions

Reprints and Permissions

About this article

Verify currency and authenticity via CrossMark

Cite this article

Truong, TT., Tran, MT., Duong, AD. et al. Provable Identity Based User Authentication Scheme on ECC in Multi-server Environment. Wireless Pers Commun 95, 2785–2801 (2017). https://doi.org/10.1007/s11277-017-3961-5

Download citation

Keywords

  • Authentication
  • Multi-server
  • Dynamic identity
  • User anonymity