Abstract
In order to authenticate remote users for a distributed network-operated system, remote user authentication is crucial. A huge number of enterprise apps run on several servers and a remote user accessing services from several servers needs authentication for most of the cases. In this current research communication a smart card-based remote user authentication in a multi-server environment using user biometrics and a Chebyshev chaotic map is introduced. The server details are hidden from the user, and the user is only given the option of picking his or her service based on its requirements. The server is chosen by the registration center based on the service requested by the user, and a handshaking session is established between the user and the server. Both user and server have to authenticate to the registration center by message passing. Finally, a session key is obtained using this procedure, which is used to accomplish further communication. The proposed solution facilitates modifying passwords and enabling additional services easier. The proposed approach is authenticated using formal security analysis utilizing BAN logic. Security analysis and comparison with some state of the art schemes proves its suitability for multi-server environment.
Similar content being viewed by others
Data Availability
No data from any source is used for the research purpose. Only the literature survey and comparison section contain referred data mentioned in the respective published papers/ articles.
Code Availability
Code for the different operations can be made available with reasonable request.
References
Lamport, L. (1981). Password authentication with insecure communication. Communications of the ACM, 24(11), 770–772.
Atkinson, R. D., & Castro, D. (2008). Digital quality of life: Understanding the personal and social benefits of the information technology revolution, SSRN
Chen, B.-L., Kuo, W.-C., & Wuu, L.-C. (2014). Robust smart-card-based remote user password authentication scheme. International Journal of Communication Systems, 27(2), 377–389.
Lwamo, N. M. R., Zhu, L., Xu, C., Sharif, K., Liu, X., & Zhang, C. (2019). A secure user authentication scheme with anonymity for the single and multi-server environments. Information Sciences, 477, 369–385.
Bae, W., & Kwak, J. (2020). Smart card-based secure authentication protocol in multi-server IoT environment. Multimedia Tools and Applications, 79, 15793–15811.
Tsai, J.-L. (2008). Efficient multi-server authentication scheme based on one-way hash function without verification table. Computers and Security, 27(3–4), 115–121.
Chandrakar, P., & Om, H. (2017). A secure and robust anonymous three-factor remote user authentication scheme for multi-server environment using ECC. Computer Communications, 110, 26–34.
Li, X., Niu, J., Kumari, S., Islam, S. H., Wu, F., Khan, M. K., & Das, A. K. (2016). A novel chaotic maps-based user authentication and key agreement protocol for multi-server environments with provable security. Wireless Personal Communications, 89(2), 569–597.
Amin, R., Islam, S. K., Khan, M. K., Karati, A., Giri, D., & Kumari, S. (2017). A two-factor RSA-based robust authentication system for multiserver environments. Security and Communication Networks (2017)
Hwang, T., Chen, Y., & Laih, C. J. (1990). Non-interactive password authentications without password tables. In Proceedings of IEEE TENCON’90: 1990 IEEE region 10 conference on computer and communication systems (pp. 429–431). IEEE
Hwang, M. S., & Li, L. H. (2020). A new remote user authentication scheme using smart cards. IEEE Transactions on Consumer Electronics, 46(1), 28–30.
Das, M. L., Saxena, A., & Gulati, V. P. (2004). A dynamic ID-based remote user authentication scheme. IEEE Transactions on Consumer Electronics, 50(2), 629–631.
Wang, Y. Y., Liu, J. Y., Xiao, F. X., & Dan, J. (2009). A more efficient and secure dynamic ID-based remote user authentication scheme. Computer Communications, 32(4), 583–585.
Yeh, K. H., Su, C., Lo, N. W., Li, Y., & Hung, Y. X. (2010). Two robust remote user authentication protocols using smart cards. Journal of Systems and Software, 83(12), 2556–2565.
Chen, C. L., Deng, Y. Y., Tang, Y. W., Chen, J. H., & Lin, Y. F. (2018). An improvement on remote user authentication schemes using smart cards. Computers, 7(1), 9.
Karuppiah, M., Das, A. K., Li, X., Kumari, S., Wu, F., Chaudhry, S. A., & Niranchana, R. (2019). Secure remote user mutual authentication scheme with key agreement for cloud environment. Mobile Networks and Applications, 24(3), 1046–1062.
Chandrakar, P., & Om, H. (2018). An efficient two-factor remote user authentication and session key agreement scheme using rabin cryptosystem. Arabian Journal for Science and Engineering, 43(2), 661–673.
Kaur, D., & Kumar, D. (2021). Cryptanalysis and improvement of a two-factor user authentication scheme for smart home. Journal of Information Security and Applications, 58, 102787.
Lee, J. K., Ryu, S. R., & Yoo, K. Y. (2002). Fingerprint-based remote user authentication scheme using smart cards. Electronics Letters, 38(12), 554–555.
Khan, M. K., & Zhang, J. (2006). An efficient and practical fingerprint-based remote user authentication scheme with smart cards. In: International conference on information security practice and experience (pp. 260–268). Berlin: Springer
Li, C. T., & Hwang, M. S. (2010). An efficient biometrics-based remote user authentication scheme using smart cards. Journal of Network and Computer Applications, 33(1), 1–5.
Das, A. K. (2011). Analysis and improvement on an efficient biometric-based remote user authentication scheme using smart cards. IET Information Security, 5(3), 145–151.
Li, X., Niu, J., Wang, Z., & Chen, C. (2014). Applying biometrics to design three-factor remote user authentication scheme with key agreement. Security and Communication Networks, 7(10), 1488–1497.
Shingala, M., Patel, C., & Doshi, N. (2018). An improve three factor remote user authentication scheme using smart card. Wireless Personal Communications, 99(1), 227–251.
Saleem, M. A., Islam, S. H., Ahmed, S., Mahmood, K., & Hussain, M. (2021). Provably secure biometric-based client-server secure communication over unreliable networks. Journal of Information Security and Applications, 58, 102769.
Rao, M. K., & Santhi, S. G. (2021). A novel user authentication protocol using biometric data for IoT networks. In rising threats in expert applications and solutions (pp. 85–91). Singapore: Springer
Babamir, F. S., & Kırcı, M. (2020). A multibiometric cryptosystem for user authentication in client-server networks. Computer Networks, 181, 107427.
Chen, Y., & Chen, J. (2021). A secure three-factor-based authentication with key agreement protocol for e-Health clouds. The Journal of Supercomputing, 77(4), 3359–3380.
Sadhukhan, D., Ray, S., Biswas, G. P., Khan, M. K., & Dasgupta, M. (2021). A lightweight remote user authentication scheme for IoT communication using elliptic curve cryptography. The Journal of Supercomputing, 77(2), 1114–1151.
Lee, H., Kang, D., Ryu, J., Won, D., Kim, H., & Lee, Y. (2020). A three-factor anonymous user authentication scheme for Internet of Things environments. Journal of Information Security and Applications, 52, 102494.
Mbarek, B., Ge, M., & Pitner, T. (2020). An efficient mutual authentication scheme for internet of things. Internet of Things, 9, 100160.
Chunka, C., Banerjee, S., & Goswami, R. S. (2021). An efficient user authentication and session key agreement in wireless sensor network using smart card. Wireless Personal Communications, 117(2), 1361–1385.
Banerjee, S., Chunka, C., Sen, S., & Goswami, R. S. (2019). An enhanced and secure biometric based user authentication scheme in wireless sensor networks using smart cards. Wireless Personal Communications, 107(1), 243–270.
Tsai, C. H., & Su, P. C. (2021). The application of multi-server authentication scheme in internet banking transaction environments. Information Systems and e-Business Management, 19(1), 77–105.
Kandar, S., Pal, S., & Dhara, B. C. (2021). A biometric based remote user authentication technique using smart card in multi-server environment. Wireless Personal Communications, pp. 1–24.
Qi, M., Chen, J., & Chen, Y. (2018). A secure biometrics-based authentication key exchange protocol for multi-server TMIS using ECC. Computer Methods and Programs in Biomedicine, 164, 101–109.
Kumari, S., Li, X., Wu, F., Das, A. K., Choo, K. K. R., & Shen, J. (2017). Design of a provably secure biometrics-based multi-cloud-server authentication scheme. Future Generation Computer Systems, 68, 320–330.
Liao, Y. P., & Wang, S. S. (2009). A secure dynamic ID based remote user authentication scheme for multi-server environment. Computer Standards & Interfaces, 31(1), 24–29.
Hsiang, H. C., & Shih, W. K. (2009). Improvement of the secure dynamic ID based remote user authentication scheme for multi-server environment. Computer Standards & Interfaces, 31(6), 1118–1123.
Lee, C. C., Lin, T. H., & Chang, R. X. (2011). A secure dynamic ID based remote user authentication scheme for multi-server environment using smart cards. Expert Systems with Applications, 38(11), 13863–13870.
Liao, Y. P., & Hsiao, C. M. (2013). A novel multi-server remote user authentication scheme using self-certified public keys for mobile clients. Future Generation Computer Systems, 29(3), 886–900.
Ali, R., & Pal, A. K. (2017). Three-factor-based confidentiality-preserving remote user authentication scheme in multi-server environment. Arabian Journal for Science and Engineering, 42(8), 3655–3672.
Chaudhry, S. A., Naqvi, H., Farash, M. S., Shon, T., & Sher, M. (2018). An improved and robust biometrics-based three factor authentication scheme for multiserver environments. The Journal of Supercomputing, 74(8), 3504–3520.
Xu, D., Chen, J., & Liu, Q. (2019). Provably secure anonymous three-factor authentication scheme for multi-server environments. Journal of Ambient Intelligence and Humanized Computing, 10(2), 611–627.
Ali, Z., Hussain, S., Rehman, R. H. U., Munshi, A., Liaqat, M., Kumar, N., & Chaudhry, S. A. (2020). ITSSAKA-MS: An improved three-factor symmetric-key based secure AKA scheme for multi-server environments. IEEE Access, 8, 107993–108003.
Sahoo, S. S., Mohanty, S., & Majhi, B. (2021). A secure three factor based authentication scheme for health care systems using IoT enabled devices. Journal of Ambient Intelligence and Humanized Computing, 12(1), 1419–1434.
Ngo, D. C., Teoh, A. B., & Goh, A. (2006). Biometric hash: High-confidence face recognition. IEEE Transactions on Circuits and Systems for Video Technology, 16(6), 771–775.
Feng, Y. C., Yuen, P. C., & Jain, A. K. (2008). A hybrid approach for face template protection. In Biometric Technology for Human Identification V (Vol. 6944, p. 694408). International Society for Optics and Photonics
Lumini, A., & Nanni, L. (2007). An improved biohashing for human authentication. Pattern Recognition, 40(3), 1057–1065.
Kong, A., Cheung, K. H., Zhang, D., Kamel, M., & You, J. (2006). An analysis of biohashing and its variants. Pattern Recognition, 39(7), 1359–1368.
Lee, T. F., Diao, Y. Y., & Hsieh, Y. P. (2019). A ticket-based multi-server biometric authentication scheme using extended chaotic maps for telecare medical information systems. Multimedia Tools and Applications, 78(22), 31649–31672.
Irshad, A., Chaudhry, S. A., Xie, Q., Li, X., Farash, M. S., Kumari, S., & Wu, F. (2018). An enhanced and provably secure chaotic map-based authenticated key agreement in multi-server architecture. Arabian Journal for Science and Engineering, 43(2), 811–828.
Irshad, A., Sher, M., Chaudhry, S. A., Xie, Q., Kumari, S., & Wu, F. (2018). An improved and secure chaotic map based authenticated key agreement in multi-server architecture. Multimedia Tools and Applications, 77(1), 1167–1204.
Chatterjee, S., Roy, S., Das, A. K., Chattopadhyay, S., Kumar, N., & Vasilakos, A. V. (2016). Secure biometric-based authentication scheme using Chebyshev chaotic map for multi-server environment. IEEE Transactions on Dependable and Secure Computing, 15(5), 824–839.
Madhusudhan, R., & Nayak, C. S. (2019). A robust authentication scheme for telecare medical information systems. Multimedia Tools and Applications, 78(11), 15255–15273.
Kumar, A., & Om, H. (2021). An enhanced and provably secure authentication protocol using Chebyshev chaotic maps for multi-server environment. Multimedia Tools and Applications, 80(9), 14163–14189.
Maitra, T., Singh, S., Saurabh, R., & Giri, D. (2021). Analysis and enhancement of secure three-factor user authentication using Chebyshev Chaotic Map. Journal of Information Security and Applications, 61, 102915.
Kalra, S., & Sood, S. (2013). Advanced remote user authentication protocol for multi-server architecture based on ECC. Journal of Information Security and Applications, 18(2–3), 98–107.
Ali, R., & Pal, A. K. (2018). An efficient three factor-based authentication scheme in multiserver environment using ECC. International Journal of Communication Systems, 31(4), e3484.
Wu, T. Y., Yang, L., Lee, Z., Chen, C. M., Pan, J. S., & Islam, S. K. (2021). Improved ECC-based three-factor multiserver authentication scheme. Security and Communication Networks.
Amin, R., Islam, S. K., Khan, M. K., Karati, A., Giri, D., & Kumari, S. (2017). A two-factor RSA-based robust authentication system for multiserver environments. Security and Communication Networks
Kumari, S., & Om, H. (2017). Cryptanalysis and improvement of an anonymous multi-server authenticated key agreement scheme. Wireless Personal Communications, 96(2), 2513–2537.
Li, C.-T., Lee, C.-C., Weng, C.-Y., & Chen, S.-J. (2016). A secure dynamic identity and chaotic maps based user authentication and key agreement scheme for e-healthcare systems. Journal of Medical Systems, 40, 1–10.
Zhu, H. (2015). A provable privacy-protection system for multi-server environment. Nonlinear Dynamics, 82(1), 835–849.
Li, C. T. (2016). A secure chaotic maps-based privacy-protection scheme for multi-server environments. Security and Communication Networks, 9(14), 2276–2290.
Funding
There is no funding used from any government or private organization for this research.
Author information
Authors and Affiliations
Contributions
All authors contributed to the study conception and proposing the technique. Drawing the figures and BAN logic proofs are performed by Shyamalendu Kandar and security analysis and comparisons are done by Abhipsho Ghosh under the guidance of Shyamalendu Kandar. All authors read and approved the final manuscript.
Corresponding author
Ethics declarations
Conflict of interest
The authors certify that they have NO affiliations with or involvement in any organization or entity with any financial interest (such as honorariam; educational grants; participation in speakers’ bureaus; membership, employment, consultancies, stock ownership, or other equity interest; and expert testimony or patent-licensing arrangements), or non-financial interest (such as personal or professional relationships, affiliations, knowledge or beliefs) in the subject matter or materials discussed in this manuscript.
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.
About this article
Cite this article
Kandar, S., Ghosh, A. Smart Card Based Remote User Authentication Scheme in Multi-server Environment Using Chebyshev Chaotic Map. Wireless Pers Commun 133, 2657–2685 (2023). https://doi.org/10.1007/s11277-024-10895-w
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11277-024-10895-w