Abstract
Recently, Byun presented a privacy maintaining smartcard-based authentication protocol with provable security. We analyze and identify that his scheme is suffering from online password guessing threat, replay threat, and privileged insider threat. It is also not providing user-anonymity and password change phase. To eliminate these above-mentioned security issues, we have designed an extended user anonymous authenticated session key agreement protocol using smartcard. The scalability of our scheme is measured in both formal and informal ways. The formal validation of our scheme has done using Burrows-Abadi-Needham (BAN) logic. Also, simulation is done by automated validation of Internet security protocols and applications (AVISPA) tool. Informal security analysis ensures that our scheme resists to various kinds of fraudulent attacks. The proposed scheme does not only hold up aforementioned security attacks, but also achieves some security features like user-anonymity and easy-to-use password change phase. Our protocol is comparatively more efficient than other schemes in the terms of costs and estimated time.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Roy S, Karjee J, Rawat U, Dey N et al (2016) Symmetric key encryption technique: a cellular automata based approach in wireless sensor networks. Procedia Comput Sci 78:408–414
Dey N, Ashour AS, Shi F, Fong SJ, Sherratt RS (2017) Developing residential wireless sensor networks for ecg healthcare monitoring. IEEE Trans Consum Electron 63(4):442–449
Chandrakar P, Sinha S, Ali R (2019) Cloud-based authenticated protocol for healthcare monitoring system. J Ambient Intell Hum Comput: 1–17
Ali R, Chandrakar P, Kumar A (2020) On the security weaknesses in password-based anonymous authentication scheme for e-health care. In: Design frameworks for wireless networks. Springer, pp 23–40
Chandrakar P (2019) A secure remote user authentication protocol for healthcare monitoring using wireless medical sensor networks. Int J Ambient Comput Intell (IJACI) 10(1):96–116
Chandrakar P, Om H (2018) An efficient two-factor remote user authentication and session key agreement scheme using rabin cryptosystem. Arab J Sci Eng 43(2):661–673
Ali R, Pal AK (2018) An efficient three factor-based authentication scheme in multiserver environment using ECC. Int J Commun Syst 31(4):e3484
Lamport L (1981) Password authentication with insecure communication. Commun ACM 24(11):770–772
Li C-T, Hwang M-S (2010) An efficient biometrics-based remote user authentication scheme using smart cards. J Netw Comput Appl 33(1):1–5
Li X, Niu J-W, Ma J, Wang W-D, Liu C-L (2011) Cryptanalysis and improvement of a biometrics-based remote user authentication scheme using smart cards. J Netw Comput Appl 34(1):73–79
Das AK (2011) Cryptanalysis and further improvement of a biometric-based remote user authentication scheme using smart cards. arXiv preprint arXiv:1103.3159
Turkanović M, Brumen B, Hölbl M (2014) A novel user authentication and key agreement scheme for heterogeneous ad hoc wireless sensor networks, based on the internet of things notion. Ad Hoc Netw 20:96–112
Karuppiah M, Saravanan R (2014) A secure remote user mutual authentication scheme using smart cards. J Inf Secur Appl 19(4–5):282–294
Kalra S, Sood SK (2015) Secure authentication scheme for iot and cloud servers. Pervasive Mob Comput 24:210–223
Farash MS, Turkanović M, Kumari S, Hölbl M (2016) An efficient user authentication and key agreement scheme for heterogeneous wireless sensor network tailored for the internet of things environment. Ad Hoc Netw 36:152–176
Kaul SD, Awasthi AK (2016) Security enhancement of an improved remote user authentication scheme with key agreement. Wirel Pers Commun 89(2):621–637
Kumari S, Khan MK, Li X (2014) An improved remote user authentication scheme with key agreement. Comput Electr Eng 40(6):1997–2012
Kumari S, Gupta MK, Khan MK, Li X (2014) An improved timestamp-based password authentication scheme: comments, cryptanalysis, and improvement. Secur Commun Netw 7(11):1921–1932
Chaudhry SA, Farash MS, Naqvi H, Kumari S, Khan MK (2015) An enhanced privacy preserving remote user authentication scheme with provable security. Secur Commun Netw 8(18):3782–3795
Radhakrishnan N, Karuppiah M, Pandi V, Bhuiyan MZA (2017) Security on a lightweight authentication scheme with user untraceability. International conference on security, privacy and anonymity in computation, communication and storage. Springer, pp 489–496
Yeh K-H (2015) A lightweight authentication scheme with user untraceability. Front Inf Technol Electron Eng 16(4):259–271
Wu F, Xu L, Kumari S, Li X, Das AK, Shen J (2018) A lightweight and anonymous rfid tag authentication protocol with cloud assistance for e-healthcare applications. J Ambient Intell Hum Comput 9(4):919–930
Kumari S, Karuppiah M, Das AK, Li X, Wu F, Kumar N (2018) A secure authentication scheme based on elliptic curve cryptography for iot and cloud servers. J Supercomput 74(12):6428–6453
Karuppiah M, Das AK, Li X, Kumari S, Wu F, Chaudhry SA, Niranchana R (2019) Secure remote user mutual authentication scheme with key agreement for cloud environment. Mob Netw Appl 24(3):1046–1062
Qi M, Chen J (2017) An efficient two-party authentication key exchange protocol for mobile environment. Int J Commun Syst 30(16):e3341
Byun JW (2015) Privacy preserving smartcard-based authentication system with provable security. Secur Commun Netw 8(17):3028–3044
Awasthi AK, Srivastava K, Mittal R (2011) An improved timestamp-based remote user authentication scheme. Comput Electr Eng 37(6):869–874
Islam SH (2016) Design and analysis of an improved smartcard-based remote user password authentication scheme. Int J Commun Syst 29(11):1708–1719
Khan MK, Kumari S (2013) An authentication scheme for secure access to healthcare services. J Med Syst 37(4):9954
Li X, Niu J, Khan MK, Liao J (2013) An enhanced smart card based remote user password authentication scheme. J Netw Comput Appl 36(5):1365–1371
Burrows M, Abadi M, Needham RM (1989) A logic of authentication. Proc R Soc Lond A 426(1871):233–271
Chandrakar P, Om H (2017) Cryptanalysis and improvement of a biometric-based remote user authentication protocol usable in a multiserver environment. Trans Emerg Telecommun Technol 28(12):e3200
Chen B-L, Kuo W-C, Wuu L-C (2014) Robust smart-card-based remote user password authentication scheme. Int J Commun Syst 27(2):377–389
Bin Muhaya FT (2015) Cryptanalysis and security enhancement of zhu’s authentication scheme for telecare medicine information system. Secur Commun Netw 8(2):149–158
Chaturvedi A, Mishra D, Mukhopadhyay S (2013) Improved biometric-based three-factor remote user authentication scheme with key agreement using smart card. In: International conference on information systems security. Springer, pp 63–77
Islam SH, Khan MK (2014) Cryptanalysis and improvement of authentication and key agreement protocols for telecare medicine information systems. J Med Syst 38(10):135
Jiang Q, Ma J, Li G, Yang L (2014) An efficient ticket based authentication protocol with unlinkability for wireless access networks. Wirel Pers Commun 77(2):1489–1506
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.
About this chapter
Cite this chapter
Ali, R., Chandrakar, P. (2021). Design of Robust Smartcard-Based User Anonymous Authentication Protocol with AVISPA Simulation. In: Das, S.K., Samanta, S., Dey, N., Patel, B.S., Hassanien, A.E. (eds) Architectural Wireless Networks Solutions and Security Issues. Lecture Notes in Networks and Systems, vol 196. Springer, Singapore. https://doi.org/10.1007/978-981-16-0386-0_3
Download citation
DOI: https://doi.org/10.1007/978-981-16-0386-0_3
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-16-0385-3
Online ISBN: 978-981-16-0386-0
eBook Packages: EngineeringEngineering (R0)