Abstract
Modern life is based on different e-commerce applications for on-line booking tickets, electronic transactions, shopping etc. Smart cards are playing an essential role in many e-commerce applications due to low cost, portability. Remote users can get the benefit of different services using a single smart card in multi-server communication environment. However, this type of system has a major security drawback as the user always shows the same identity to different services and the system becomes vulnerable to many attacks. To eliminate the security problem, we introduce a security token service for secure multi-server authentication scheme using a single electronic identity card in a communication network. For further security, we use Diffie–Hellman DSA key exchange for message protection. Diffie–Hellman is a popular key exchange technique which produces secret key for symmetric encryption for efficient and secure e-commerce transaction.
Similar content being viewed by others
References
Lamport, L. (1981). Password authentication with insecure communication. Communication ACM, 24(11), 770–772.
Mitchell, C. (1989). Limitation of challenge–response entity authentication. Electronics Letters, 25(17), 1195–1196.
Chang, C. C., & Hwang, K. F. (2003). Some forgery attack on a remote user authentication scheme using smart cards. Informatica, 14(3), 189–294.
Hwang, M.-S., & Li, L. H. (2000). A new remote user authentication scheme using smart cards. IEEE Transactions on Consumer Electronics, 46(1), 28–30.
Kumar, M. (2004). New remote user authentication scheme using smart cards. IEEE Transaction on Consumer Electronics, 50(2), 597–600.
Shen, J. J., Lin, C. W., & Hwang, M. S. (2003). A modified remote user authentication scheme using smart cards. IEEE Transaction on Consumer Electronics, 49(2), 414–416.
Awashti, A. K., & Lal, S. (2004). An enhanced remote user authentication scheme using smart cards. IEEE Transaction on Consumer Electronics, 50(2), 583–586.
Chan, C. K., & Cheng, L. M. (2000). Cryptanalysis of a remote user authentication scheme using smart cards. IEEE Transactions on Consumer Electronics, 46, 992–993.
Tsai, J. (2008). Efficient multi-server authentication scheme based on one-way hash function without verification table. Computer Security, 27(4), 115–121.
Tsaur, W.-J., Li, J.-H., & Lee, W.-B. (2012). An efficient and secure multi-server authentication scheme with key agreement. Journal of Systems and Software, 85(4), 876–882.
Chen, T.-Y., Hwang, M.-S., Lee, C.-C., & Jan, J.-K. (2009). Cryptanalysis of a secure dynamic ID based remote user authentication scheme for multi-server environment. In Fourth international conference on innovative computing, information and control (pp. 725–728).
Hsiang, H. C., & Shih, W. K. (2009). Improvement of the secure dynamic ID based remote user authentication scheme for multi-server environment. Computer Standard Interfaces, 31(6), 1118–1123.
Xie, Q., & Chen, D. (2010). Two improved multi-server authentication protocols based on hash function and smart card. Journal of Networks, 5(12), 1434–1441.
Hu, L., Niu, X., & Yang, Y. (2007). An efficient multi-server password authenticated key agreement scheme using smart cards. In International conference on multimedia and ubiquitous engineering (pp. 903–907).
Wu, T. S., & Hsu, C. L. (2004). Efficient user identification scheme with key distribution preserving anonymity for distributed computer networks. Computer Security, 23, 120–125.
Das, M. L., Saxena, A., & Gulati, V. P. (2004). A dynamic ID-based remote user authentication scheme. IEEE Transactions on Consumer Electronics, 50(2), 629–631.
Song, R. (2010). Advanced smart card based password authentication protocol. Computer Standards & Interfaces, 32(5–6), 321–325.
Liao, Y.-P., & Wang, S. S. (2009). Secure dynamic ID based remote user authentication scheme for multi-server environment. Computer Standard Interfaces, 31(1), 24–29.
Tsai, J. L., Wu, T. C., & Tsai, K. Y. (2010). New dynamic ID authentication scheme using smart cards. International Journal of Communication Systems, 23(12), 1449–1462.
Chen, T. H., Hsiang, H. C., & Shih, W. K. (2011). Security enhancement on an improvement on two remote user authentication, schemes using smart cards. Future Generation Computer Systems, 27(4), 377–380.
Lee, C.-C., Lin, T.-H., & Chang, R. X. (2011). A secure dynamic ID based remote user authentication scheme for multi-server environment using smart cards. Expert System Applicaton, 38(11), 13863–13870.
Sood, S. K. (2012). An improved and secure smart card based dynamic identity authentication protocol. International Journal of Network Security, 14(1), 39–46.
Leu, J.-S., & Hsieh, W. B. (2014). Efficient and secure dynamic ID-based remote user authentication scheme for distributed systems using smart cards. IET Information Security, 8(2), 104–113.
Neuman, B. C., & Ts’o, T. (1994). Kerberos: An authentication service for computer networks. IEEE Communications, 32(9), 33–38.
Web Service Security: Scenarios, Patterns and Implementation Guidance for Web Services Enhancements (WSE) 3.0, Microsoft Corporation, patterns & practices Developer Center, December 2005.
Phan, R. C. W. (2005). Fixing the integrated Diffie–Hellman-DSA key exchange protocol. IEEE Communication Letters, 9(6), 570–572.
Forouzan, B. A., & Mukhopadhyay, D. (2010). Cryptography and network security (2nd ed.). Tata McGraw-Hill. ISBN-10: 0-07-070208-X.
Chatterjee, K., De, A., & Gupta, D. (2015). A secure and efficient authentication protocol in wireless sensor network. Wireless Personal Communication, 81(1), 17–37.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Chatterjee, K., De, A. A Novel Multi-Server Authentication Scheme for e-commerce Applications Using Smart Card. Wireless Pers Commun 91, 293–312 (2016). https://doi.org/10.1007/s11277-016-3462-y
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11277-016-3462-y