Skip to main content
SpringerLink
Log in

A Novel Multi-Server Authentication Scheme for e-commerce Applications Using Smart Card

  • Published:
Wireless Personal Communications Aims and scope Submit manuscript

Abstract

Modern life is based on different e-commerce applications for on-line booking tickets, electronic transactions, shopping etc. Smart cards are playing an essential role in many e-commerce applications due to low cost, portability. Remote users can get the benefit of different services using a single smart card in multi-server communication environment. However, this type of system has a major security drawback as the user always shows the same identity to different services and the system becomes vulnerable to many attacks. To eliminate the security problem, we introduce a security token service for secure multi-server authentication scheme using a single electronic identity card in a communication network. For further security, we use Diffie–Hellman DSA key exchange for message protection. Diffie–Hellman is a popular key exchange technique which produces secret key for symmetric encryption for efficient and secure e-commerce transaction.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5

Similar content being viewed by others

References

  1. Lamport, L. (1981). Password authentication with insecure communication. Communication ACM, 24(11), 770–772.

    Article  MathSciNet  Google Scholar 

  2. Mitchell, C. (1989). Limitation of challenge–response entity authentication. Electronics Letters, 25(17), 1195–1196.

    Article  Google Scholar 

  3. Chang, C. C., & Hwang, K. F. (2003). Some forgery attack on a remote user authentication scheme using smart cards. Informatica, 14(3), 189–294.

    MathSciNet  MATH  Google Scholar 

  4. Hwang, M.-S., & Li, L. H. (2000). A new remote user authentication scheme using smart cards. IEEE Transactions on Consumer Electronics, 46(1), 28–30.

    Article  Google Scholar 

  5. Kumar, M. (2004). New remote user authentication scheme using smart cards. IEEE Transaction on Consumer Electronics, 50(2), 597–600.

    Article  Google Scholar 

  6. Shen, J. J., Lin, C. W., & Hwang, M. S. (2003). A modified remote user authentication scheme using smart cards. IEEE Transaction on Consumer Electronics, 49(2), 414–416.

    Article  Google Scholar 

  7. Awashti, A. K., & Lal, S. (2004). An enhanced remote user authentication scheme using smart cards. IEEE Transaction on Consumer Electronics, 50(2), 583–586.

    Article  Google Scholar 

  8. Chan, C. K., & Cheng, L. M. (2000). Cryptanalysis of a remote user authentication scheme using smart cards. IEEE Transactions on Consumer Electronics, 46, 992–993.

    Article  Google Scholar 

  9. Tsai, J. (2008). Efficient multi-server authentication scheme based on one-way hash function without verification table. Computer Security, 27(4), 115–121.

    Article  Google Scholar 

  10. Tsaur, W.-J., Li, J.-H., & Lee, W.-B. (2012). An efficient and secure multi-server authentication scheme with key agreement. Journal of Systems and Software, 85(4), 876–882.

    Article  Google Scholar 

  11. Chen, T.-Y., Hwang, M.-S., Lee, C.-C., & Jan, J.-K. (2009). Cryptanalysis of a secure dynamic ID based remote user authentication scheme for multi-server environment. In Fourth international conference on innovative computing, information and control (pp. 725–728).

  12. Hsiang, H. C., & Shih, W. K. (2009). Improvement of the secure dynamic ID based remote user authentication scheme for multi-server environment. Computer Standard Interfaces, 31(6), 1118–1123.

    Article  Google Scholar 

  13. Xie, Q., & Chen, D. (2010). Two improved multi-server authentication protocols based on hash function and smart card. Journal of Networks, 5(12), 1434–1441.

    MathSciNet  Google Scholar 

  14. Hu, L., Niu, X., & Yang, Y. (2007). An efficient multi-server password authenticated key agreement scheme using smart cards. In International conference on multimedia and ubiquitous engineering (pp. 903–907).

  15. Wu, T. S., & Hsu, C. L. (2004). Efficient user identification scheme with key distribution preserving anonymity for distributed computer networks. Computer Security, 23, 120–125.

    Article  Google Scholar 

  16. Das, M. L., Saxena, A., & Gulati, V. P. (2004). A dynamic ID-based remote user authentication scheme. IEEE Transactions on Consumer Electronics, 50(2), 629–631.

    Article  Google Scholar 

  17. Song, R. (2010). Advanced smart card based password authentication protocol. Computer Standards & Interfaces, 32(5–6), 321–325.

    Article  Google Scholar 

  18. Liao, Y.-P., & Wang, S. S. (2009). Secure dynamic ID based remote user authentication scheme for multi-server environment. Computer Standard Interfaces, 31(1), 24–29.

    Article  Google Scholar 

  19. Tsai, J. L., Wu, T. C., & Tsai, K. Y. (2010). New dynamic ID authentication scheme using smart cards. International Journal of Communication Systems, 23(12), 1449–1462.

    Article  Google Scholar 

  20. Chen, T. H., Hsiang, H. C., & Shih, W. K. (2011). Security enhancement on an improvement on two remote user authentication, schemes using smart cards. Future Generation Computer Systems, 27(4), 377–380.

    Article  Google Scholar 

  21. Lee, C.-C., Lin, T.-H., & Chang, R. X. (2011). A secure dynamic ID based remote user authentication scheme for multi-server environment using smart cards. Expert System Applicaton, 38(11), 13863–13870.

    Google Scholar 

  22. Sood, S. K. (2012). An improved and secure smart card based dynamic identity authentication protocol. International Journal of Network Security, 14(1), 39–46.

    MathSciNet  Google Scholar 

  23. Leu, J.-S., & Hsieh, W. B. (2014). Efficient and secure dynamic ID-based remote user authentication scheme for distributed systems using smart cards. IET Information Security, 8(2), 104–113.

    Article  Google Scholar 

  24. Neuman, B. C., & Ts’o, T. (1994). Kerberos: An authentication service for computer networks. IEEE Communications, 32(9), 33–38.

    Article  Google Scholar 

  25. Web Service Security: Scenarios, Patterns and Implementation Guidance for Web Services Enhancements (WSE) 3.0, Microsoft Corporation, patterns & practices Developer Center, December 2005.

  26. Phan, R. C. W. (2005). Fixing the integrated Diffie–Hellman-DSA key exchange protocol. IEEE Communication Letters, 9(6), 570–572.

    Article  MathSciNet  Google Scholar 

  27. Forouzan, B. A., & Mukhopadhyay, D. (2010). Cryptography and network security (2nd ed.). Tata McGraw-Hill. ISBN-10: 0-07-070208-X.

  28. Chatterjee, K., De, A., & Gupta, D. (2015). A secure and efficient authentication protocol in wireless sensor network. Wireless Personal Communication, 81(1), 17–37.

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. National Institute of Technology, Patna, India

    Kakali Chatterjee & Asok De

Authors
  1. Kakali Chatterjee
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Asok De
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Kakali Chatterjee.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Chatterjee, K., De, A. A Novel Multi-Server Authentication Scheme for e-commerce Applications Using Smart Card. Wireless Pers Commun 91, 293–312 (2016). https://doi.org/10.1007/s11277-016-3462-y

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11277-016-3462-y

Keywords

Search

Navigation