Skip to main content
SpringerLink
Log in

Smart Card Based Remote User Authentication Scheme in Multi-server Environment Using Chebyshev Chaotic Map

  • Published:
Wireless Personal Communications Aims and scope Submit manuscript

Abstract

In order to authenticate remote users for a distributed network-operated system, remote user authentication is crucial. A huge number of enterprise apps run on several servers and a remote user accessing services from several servers needs authentication for most of the cases. In this current research communication a smart card-based remote user authentication in a multi-server environment using user biometrics and a Chebyshev chaotic map is introduced. The server details are hidden from the user, and the user is only given the option of picking his or her service based on its requirements. The server is chosen by the registration center based on the service requested by the user, and a handshaking session is established between the user and the server. Both user and server have to authenticate to the registration center by message passing. Finally, a session key is obtained using this procedure, which is used to accomplish further communication. The proposed solution facilitates modifying passwords and enabling additional services easier. The proposed approach is authenticated using formal security analysis utilizing BAN logic. Security analysis and comparison with some state of the art schemes proves its suitability for multi-server environment.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6

Similar content being viewed by others

Data Availability

No data from any source is used for the research purpose. Only the literature survey and comparison section contain referred data mentioned in the respective published papers/ articles.

Code Availability

Code for the different operations can be made available with reasonable request.

References

  1. Lamport, L. (1981). Password authentication with insecure communication. Communications of the ACM, 24(11), 770–772.

    Article  Google Scholar 

  2. Atkinson, R. D., & Castro, D. (2008). Digital quality of life: Understanding the personal and social benefits of the information technology revolution, SSRN

  3. Chen, B.-L., Kuo, W.-C., & Wuu, L.-C. (2014). Robust smart-card-based remote user password authentication scheme. International Journal of Communication Systems, 27(2), 377–389.

    Article  Google Scholar 

  4. Lwamo, N. M. R., Zhu, L., Xu, C., Sharif, K., Liu, X., & Zhang, C. (2019). A secure user authentication scheme with anonymity for the single and multi-server environments. Information Sciences, 477, 369–385.

    Article  Google Scholar 

  5. Bae, W., & Kwak, J. (2020). Smart card-based secure authentication protocol in multi-server IoT environment. Multimedia Tools and Applications, 79, 15793–15811.

    Article  Google Scholar 

  6. Tsai, J.-L. (2008). Efficient multi-server authentication scheme based on one-way hash function without verification table. Computers and Security, 27(3–4), 115–121.

    Article  Google Scholar 

  7. Chandrakar, P., & Om, H. (2017). A secure and robust anonymous three-factor remote user authentication scheme for multi-server environment using ECC. Computer Communications, 110, 26–34.

    Article  Google Scholar 

  8. Li, X., Niu, J., Kumari, S., Islam, S. H., Wu, F., Khan, M. K., & Das, A. K. (2016). A novel chaotic maps-based user authentication and key agreement protocol for multi-server environments with provable security. Wireless Personal Communications, 89(2), 569–597.

    Article  Google Scholar 

  9. Amin, R., Islam, S. K., Khan, M. K., Karati, A., Giri, D., & Kumari, S. (2017). A two-factor RSA-based robust authentication system for multiserver environments. Security and Communication Networks (2017)

  10. Hwang, T., Chen, Y., & Laih, C. J. (1990). Non-interactive password authentications without password tables. In Proceedings of IEEE TENCON’90: 1990 IEEE region 10 conference on computer and communication systems (pp. 429–431). IEEE

  11. Hwang, M. S., & Li, L. H. (2020). A new remote user authentication scheme using smart cards. IEEE Transactions on Consumer Electronics, 46(1), 28–30.

    Article  Google Scholar 

  12. Das, M. L., Saxena, A., & Gulati, V. P. (2004). A dynamic ID-based remote user authentication scheme. IEEE Transactions on Consumer Electronics, 50(2), 629–631.

    Article  Google Scholar 

  13. Wang, Y. Y., Liu, J. Y., Xiao, F. X., & Dan, J. (2009). A more efficient and secure dynamic ID-based remote user authentication scheme. Computer Communications, 32(4), 583–585.

    Article  CAS  Google Scholar 

  14. Yeh, K. H., Su, C., Lo, N. W., Li, Y., & Hung, Y. X. (2010). Two robust remote user authentication protocols using smart cards. Journal of Systems and Software, 83(12), 2556–2565.

    Article  Google Scholar 

  15. Chen, C. L., Deng, Y. Y., Tang, Y. W., Chen, J. H., & Lin, Y. F. (2018). An improvement on remote user authentication schemes using smart cards. Computers, 7(1), 9.

    Article  Google Scholar 

  16. Karuppiah, M., Das, A. K., Li, X., Kumari, S., Wu, F., Chaudhry, S. A., & Niranchana, R. (2019). Secure remote user mutual authentication scheme with key agreement for cloud environment. Mobile Networks and Applications, 24(3), 1046–1062.

    Article  Google Scholar 

  17. Chandrakar, P., & Om, H. (2018). An efficient two-factor remote user authentication and session key agreement scheme using rabin cryptosystem. Arabian Journal for Science and Engineering, 43(2), 661–673.

    Article  Google Scholar 

  18. Kaur, D., & Kumar, D. (2021). Cryptanalysis and improvement of a two-factor user authentication scheme for smart home. Journal of Information Security and Applications, 58, 102787.

    Article  Google Scholar 

  19. Lee, J. K., Ryu, S. R., & Yoo, K. Y. (2002). Fingerprint-based remote user authentication scheme using smart cards. Electronics Letters, 38(12), 554–555.

    Article  Google Scholar 

  20. Khan, M. K., & Zhang, J. (2006). An efficient and practical fingerprint-based remote user authentication scheme with smart cards. In: International conference on information security practice and experience (pp. 260–268). Berlin: Springer

  21. Li, C. T., & Hwang, M. S. (2010). An efficient biometrics-based remote user authentication scheme using smart cards. Journal of Network and Computer Applications, 33(1), 1–5.

    Article  Google Scholar 

  22. Das, A. K. (2011). Analysis and improvement on an efficient biometric-based remote user authentication scheme using smart cards. IET Information Security, 5(3), 145–151.

    Article  Google Scholar 

  23. Li, X., Niu, J., Wang, Z., & Chen, C. (2014). Applying biometrics to design three-factor remote user authentication scheme with key agreement. Security and Communication Networks, 7(10), 1488–1497.

    Article  Google Scholar 

  24. Shingala, M., Patel, C., & Doshi, N. (2018). An improve three factor remote user authentication scheme using smart card. Wireless Personal Communications, 99(1), 227–251.

    Article  Google Scholar 

  25. Saleem, M. A., Islam, S. H., Ahmed, S., Mahmood, K., & Hussain, M. (2021). Provably secure biometric-based client-server secure communication over unreliable networks. Journal of Information Security and Applications, 58, 102769.

    Article  Google Scholar 

  26. Rao, M. K., & Santhi, S. G. (2021). A novel user authentication protocol using biometric data for IoT networks. In rising threats in expert applications and solutions (pp. 85–91). Singapore: Springer

  27. Babamir, F. S., & Kırcı, M. (2020). A multibiometric cryptosystem for user authentication in client-server networks. Computer Networks, 181, 107427.

    Article  Google Scholar 

  28. Chen, Y., & Chen, J. (2021). A secure three-factor-based authentication with key agreement protocol for e-Health clouds. The Journal of Supercomputing, 77(4), 3359–3380.

    Article  Google Scholar 

  29. Sadhukhan, D., Ray, S., Biswas, G. P., Khan, M. K., & Dasgupta, M. (2021). A lightweight remote user authentication scheme for IoT communication using elliptic curve cryptography. The Journal of Supercomputing, 77(2), 1114–1151.

    Article  Google Scholar 

  30. Lee, H., Kang, D., Ryu, J., Won, D., Kim, H., & Lee, Y. (2020). A three-factor anonymous user authentication scheme for Internet of Things environments. Journal of Information Security and Applications, 52, 102494.

    Article  Google Scholar 

  31. Mbarek, B., Ge, M., & Pitner, T. (2020). An efficient mutual authentication scheme for internet of things. Internet of Things, 9, 100160.

    Article  Google Scholar 

  32. Chunka, C., Banerjee, S., & Goswami, R. S. (2021). An efficient user authentication and session key agreement in wireless sensor network using smart card. Wireless Personal Communications, 117(2), 1361–1385.

    Article  Google Scholar 

  33. Banerjee, S., Chunka, C., Sen, S., & Goswami, R. S. (2019). An enhanced and secure biometric based user authentication scheme in wireless sensor networks using smart cards. Wireless Personal Communications, 107(1), 243–270.

    Article  Google Scholar 

  34. Tsai, C. H., & Su, P. C. (2021). The application of multi-server authentication scheme in internet banking transaction environments. Information Systems and e-Business Management, 19(1), 77–105.

    Article  Google Scholar 

  35. Kandar, S., Pal, S., & Dhara, B. C. (2021). A biometric based remote user authentication technique using smart card in multi-server environment. Wireless Personal Communications, pp. 1–24.

  36. Qi, M., Chen, J., & Chen, Y. (2018). A secure biometrics-based authentication key exchange protocol for multi-server TMIS using ECC. Computer Methods and Programs in Biomedicine, 164, 101–109.

    Article  PubMed  Google Scholar 

  37. Kumari, S., Li, X., Wu, F., Das, A. K., Choo, K. K. R., & Shen, J. (2017). Design of a provably secure biometrics-based multi-cloud-server authentication scheme. Future Generation Computer Systems, 68, 320–330.

    Article  Google Scholar 

  38. Liao, Y. P., & Wang, S. S. (2009). A secure dynamic ID based remote user authentication scheme for multi-server environment. Computer Standards & Interfaces, 31(1), 24–29.

    Article  Google Scholar 

  39. Hsiang, H. C., & Shih, W. K. (2009). Improvement of the secure dynamic ID based remote user authentication scheme for multi-server environment. Computer Standards & Interfaces, 31(6), 1118–1123.

    Article  Google Scholar 

  40. Lee, C. C., Lin, T. H., & Chang, R. X. (2011). A secure dynamic ID based remote user authentication scheme for multi-server environment using smart cards. Expert Systems with Applications, 38(11), 13863–13870.

    Google Scholar 

  41. Liao, Y. P., & Hsiao, C. M. (2013). A novel multi-server remote user authentication scheme using self-certified public keys for mobile clients. Future Generation Computer Systems, 29(3), 886–900.

    Article  Google Scholar 

  42. Ali, R., & Pal, A. K. (2017). Three-factor-based confidentiality-preserving remote user authentication scheme in multi-server environment. Arabian Journal for Science and Engineering, 42(8), 3655–3672.

    Article  MathSciNet  Google Scholar 

  43. Chaudhry, S. A., Naqvi, H., Farash, M. S., Shon, T., & Sher, M. (2018). An improved and robust biometrics-based three factor authentication scheme for multiserver environments. The Journal of Supercomputing, 74(8), 3504–3520.

    Article  Google Scholar 

  44. Xu, D., Chen, J., & Liu, Q. (2019). Provably secure anonymous three-factor authentication scheme for multi-server environments. Journal of Ambient Intelligence and Humanized Computing, 10(2), 611–627.

    Article  Google Scholar 

  45. Ali, Z., Hussain, S., Rehman, R. H. U., Munshi, A., Liaqat, M., Kumar, N., & Chaudhry, S. A. (2020). ITSSAKA-MS: An improved three-factor symmetric-key based secure AKA scheme for multi-server environments. IEEE Access, 8, 107993–108003.

    Article  Google Scholar 

  46. Sahoo, S. S., Mohanty, S., & Majhi, B. (2021). A secure three factor based authentication scheme for health care systems using IoT enabled devices. Journal of Ambient Intelligence and Humanized Computing, 12(1), 1419–1434.

    Article  Google Scholar 

  47. Ngo, D. C., Teoh, A. B., & Goh, A. (2006). Biometric hash: High-confidence face recognition. IEEE Transactions on Circuits and Systems for Video Technology, 16(6), 771–775.

    Article  Google Scholar 

  48. Feng, Y. C., Yuen, P. C., & Jain, A. K. (2008). A hybrid approach for face template protection. In Biometric Technology for Human Identification V (Vol. 6944, p. 694408). International Society for Optics and Photonics

  49. Lumini, A., & Nanni, L. (2007). An improved biohashing for human authentication. Pattern Recognition, 40(3), 1057–1065.

    Article  Google Scholar 

  50. Kong, A., Cheung, K. H., Zhang, D., Kamel, M., & You, J. (2006). An analysis of biohashing and its variants. Pattern Recognition, 39(7), 1359–1368.

    Article  Google Scholar 

  51. Lee, T. F., Diao, Y. Y., & Hsieh, Y. P. (2019). A ticket-based multi-server biometric authentication scheme using extended chaotic maps for telecare medical information systems. Multimedia Tools and Applications, 78(22), 31649–31672.

    Article  Google Scholar 

  52. Irshad, A., Chaudhry, S. A., Xie, Q., Li, X., Farash, M. S., Kumari, S., & Wu, F. (2018). An enhanced and provably secure chaotic map-based authenticated key agreement in multi-server architecture. Arabian Journal for Science and Engineering, 43(2), 811–828.

    Article  Google Scholar 

  53. Irshad, A., Sher, M., Chaudhry, S. A., Xie, Q., Kumari, S., & Wu, F. (2018). An improved and secure chaotic map based authenticated key agreement in multi-server architecture. Multimedia Tools and Applications, 77(1), 1167–1204.

    Article  Google Scholar 

  54. Chatterjee, S., Roy, S., Das, A. K., Chattopadhyay, S., Kumar, N., & Vasilakos, A. V. (2016). Secure biometric-based authentication scheme using Chebyshev chaotic map for multi-server environment. IEEE Transactions on Dependable and Secure Computing, 15(5), 824–839.

    Article  Google Scholar 

  55. Madhusudhan, R., & Nayak, C. S. (2019). A robust authentication scheme for telecare medical information systems. Multimedia Tools and Applications, 78(11), 15255–15273.

    Article  Google Scholar 

  56. Kumar, A., & Om, H. (2021). An enhanced and provably secure authentication protocol using Chebyshev chaotic maps for multi-server environment. Multimedia Tools and Applications, 80(9), 14163–14189.

    Article  Google Scholar 

  57. Maitra, T., Singh, S., Saurabh, R., & Giri, D. (2021). Analysis and enhancement of secure three-factor user authentication using Chebyshev Chaotic Map. Journal of Information Security and Applications, 61, 102915.

    Article  Google Scholar 

  58. Kalra, S., & Sood, S. (2013). Advanced remote user authentication protocol for multi-server architecture based on ECC. Journal of Information Security and Applications, 18(2–3), 98–107.

    Article  Google Scholar 

  59. Ali, R., & Pal, A. K. (2018). An efficient three factor-based authentication scheme in multiserver environment using ECC. International Journal of Communication Systems, 31(4), e3484.

    Article  Google Scholar 

  60. Wu, T. Y., Yang, L., Lee, Z., Chen, C. M., Pan, J. S., & Islam, S. K. (2021). Improved ECC-based three-factor multiserver authentication scheme. Security and Communication Networks.

  61. Amin, R., Islam, S. K., Khan, M. K., Karati, A., Giri, D., & Kumari, S. (2017). A two-factor RSA-based robust authentication system for multiserver environments. Security and Communication Networks

  62. Kumari, S., & Om, H. (2017). Cryptanalysis and improvement of an anonymous multi-server authenticated key agreement scheme. Wireless Personal Communications, 96(2), 2513–2537.

    Article  Google Scholar 

  63. Li, C.-T., Lee, C.-C., Weng, C.-Y., & Chen, S.-J. (2016). A secure dynamic identity and chaotic maps based user authentication and key agreement scheme for e-healthcare systems. Journal of Medical Systems, 40, 1–10.

    Article  Google Scholar 

  64. Zhu, H. (2015). A provable privacy-protection system for multi-server environment. Nonlinear Dynamics, 82(1), 835–849.

    Article  MathSciNet  Google Scholar 

  65. Li, C. T. (2016). A secure chaotic maps-based privacy-protection scheme for multi-server environments. Security and Communication Networks, 9(14), 2276–2290.

    Article  Google Scholar 

Download references

Funding

There is no funding used from any government or private organization for this research.

Author information

Authors and Affiliations

  1. Department of Information Technology, Indian Institute of Engineering Science and Technology, Shibpur, Howrah, 711103, India

    Shyamalendu Kandar & Abhipsho Ghosh

Authors
  1. Shyamalendu Kandar
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Abhipsho Ghosh
    View author publications

    You can also search for this author in PubMed Google Scholar

Contributions

All authors contributed to the study conception and proposing the technique. Drawing the figures and BAN logic proofs are performed by Shyamalendu Kandar and security analysis and comparisons are done by Abhipsho Ghosh under the guidance of Shyamalendu Kandar. All authors read and approved the final manuscript.

Corresponding author

Correspondence to Shyamalendu Kandar.

Ethics declarations

Conflict of interest

The authors certify that they have NO affiliations with or involvement in any organization or entity with any financial interest (such as honorariam; educational grants; participation in speakers’ bureaus; membership, employment, consultancies, stock ownership, or other equity interest; and expert testimony or patent-licensing arrangements), or non-financial interest (such as personal or professional relationships, affiliations, knowledge or beliefs) in the subject matter or materials discussed in this manuscript.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Kandar, S., Ghosh, A. Smart Card Based Remote User Authentication Scheme in Multi-server Environment Using Chebyshev Chaotic Map. Wireless Pers Commun 133, 2657–2685 (2023). https://doi.org/10.1007/s11277-024-10895-w

Download citation

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11277-024-10895-w

Keywords

Search

Navigation