Skip to main content
SpringerLink
Log in

A Provably Secure ID-Based Mutual Authentication and Key Agreement Scheme for Mobile Multi-Server Environment Without ESL Attack

  • Published:
Wireless Personal Communications Aims and scope Submit manuscript

Abstract

In mobile multi-server authentication, a client can access different servers over an insecure channel like Internet and wireless networks for numerous online applications. In the literature, several multi-server authentication schemes for mobile clients have been devised. However, most of them are insecure against ephemeral secret leakage (ESL) attack and other vulnerabilities. For mutual authentication and key agreement, mobile client and server used ephemeral secrets (random numbers) and leakage of these secrets may be possible in practice. Since these are generated by an external source that may be controlled by an adversary. Also they are generally pre-computed and stored in insecure devices. Thus, if the secrets are leaked then the session key would turn out to be known and the private keys of client and server may be compromised from the eavesdropped messages. This phenomenon is called ESL attack. To defeat the weaknesses, in this paper, we design an ESL attack-free identity-based mutual authentication and key agreement scheme for mobile multi-server environment. The proposed scheme is analyzed and proven to be provably secure in the random oracle model under the Computational Diffie–Hellman assumption.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. He, D. (2012). Cryptanalysis of an authenticated key agreement protocol for wireless mobile communications. ETRI Journal, 34(3), 482–484.

    Article  Google Scholar 

  2. He, D. (2012). An efficient remote user authentication and key exchange protocol for mobile client-server environment from pairings. Ad Hoc Networks, 10(6), 1009–1016.

    Article  Google Scholar 

  3. He, D., Chen, J., & Hu, J. (2012). An ID-based client authentication with key agreement protocol for mobile client-server environment on ECC with provable security. Information Fusion, 13(3), 223–230.

    Article  Google Scholar 

  4. He, D., Chen, J., & Zhang, R. (2012). A more secure authentication scheme for telecare medicine information systems. Journal of Medical Systems, 36(3), 1989–1995.

    Article  Google Scholar 

  5. He, D., Chen, J., & Hu, J. (2011). Further improvement of Juang et al. ’s password-authenticated key agreement scheme using smart cards. Kuwait Journal of Science & Engineering, 38(2A), 55–68.

    MathSciNet  Google Scholar 

  6. He, D., Chen, J., & Hu, J. (2012). Improvement on a smart card based password authentication scheme. Journal of Internet Technology, 13(3), 405–410.

    Google Scholar 

  7. He, D., Chen, J., & Chen, Y. (2012). A secure mutual authentication scheme for session initiation protocol using elliptic curve cryptography. Security and Communication Networks. doi:10.1002/sec.506.

  8. He, D., Chen, Y., & Chen, J. (2012). Cryptanalysis and improvement of an extended chaotic maps-based key agreement protocol. Nonlinear Dynamics, 69(3), 1149–1157.

    Article  MATH  MathSciNet  Google Scholar 

  9. Tsai, J. L. (2008). Efficient multi-server authentication scheme based on one-way hash function without verification table. Computers and Security, 27(3–4), 115–121.

    Article  Google Scholar 

  10. Geng, J., & Zhang, L. (2008). A dynamic ID-based user authentication and key agreement scheme for multi-server environment using bilinear pairings. In Proceedings of the power electronics and intelligent transportation system, pp. 33–37.

  11. Liao, Y. P., & Wang, S. S. (2009). A secure dynamic ID based remote user authentication scheme for multi-server environment. Computer Standards and Interfaces, 31(1), 24–29.

    Article  Google Scholar 

  12. Hsiang, H. C., & Shih, W. K. (2009). Improvement of the secure dynamic ID based remote user authentication scheme for multi-server environment. Computer Standards and Interfaces, 31(6), 1118–1123.

    Article  Google Scholar 

  13. Lee, C.-C., Lin, T.-H., & Chang, R.-X. (2011). A secure dynamic ID based remote user authentication scheme for multi-server environment using smart cards. Expert Systems with Applications, 38, 13863–13870.

    Google Scholar 

  14. Lee, S. G. (2009). Cryptanalysis of multiple-server password-authenticated key agreement scheme using smart cards. Cryptology ePrint Archive 2009; Report 2009/490.

  15. Chuang, Y. H., & Tseng, Y. M. (2009). Security weaknesses of two dynamic ID-based user authentication and key agreement schemes for multi-server environment. In Proceedings of the national computer symposium (NCS2009), vol. 5, pp. 250–257.

  16. Sood, S. K., Sarje, A., & Singh, K. (2011). A secure dynamic identity based authentication protocol for multi-server architecture. Journal of Network and Computer Applications, 34, 609–618.

    Article  Google Scholar 

  17. Li, X., Xiong, Y., Ma, J., & Wang, W. (2012). An efficient and secure dynamic identity based authentication protocol for multi-server architecture using smartcards. Journal of Network and Computer Applications, 35, 763–769.

    Article  Google Scholar 

  18. Han, W. (2012). Weaknesses of a dynamic identity based authentication protocol for multi-server architecture. arXiv preprint archive 2012. http://arxiv.org/ftp/arxiv/papers/1201/1201.0883.pdf.

  19. Li, X., Ma, J., Wang, W., Xiong, Y., & Zhang, J. (2013). A novel smart card and dynamic ID based remote user authentication scheme for multi-server environments. Mathematical and Computer Modelling, 58, 85–95.

    Article  Google Scholar 

  20. Zhaoa, D., Peng, H., Li, S., & Yang, Y. (2013). An efficient dynamic ID based remote user authentication scheme using self-certified public keys for multi-server environment. arXiv preprint archive 2013. http://arxiv.org/pdf/1305.6350.pdf.

  21. Wang, B., & Ma, M. (2013). A smart card based efficient and secured multi-server authentication scheme. Wireless Personal Communications, 68, 361–378.

    Article  Google Scholar 

  22. He, D., & Wu, S. (2013). Security flaws in a smart card based authentication scheme for multi-server environment. Wireless Personal Communications, 70, 323–329.

    Article  Google Scholar 

  23. Chuang, Y.-H., & Tseng, Y.-M. (2013). Towards generalized ID-based user authentication for mobile multi-server environment. Intrnational Journal of Communication Systems, 25, 447–406.

    Article  Google Scholar 

  24. Han, W., & Zhu, Z. (2013). An ID-based mutual authentication with key agreement protocol for multi-server environment on elliptic curve cryptosystem. Intrnational Journal of Communication Systems. doi:10.1002/dac.2405.

  25. Cao, X., & Zhong, S. (2006). Breaking a remote user authentication scheme for multi-server architecture. IEEE Communications Letters, 10(8), 580–581.

    Article  Google Scholar 

  26. Shamir, A. (1984). Identity-based cryptosystems and signature schemes. In Proceedings of the advances in cryptology (CRYPTO’84), LNCS 196, Springer, Berlin, pp. 47–53.

  27. Boneh, D., & Franklin, M. (2003). Identity-based encryption from the Weil pairing. SIAM Journal on Computing, 32, 586–615.

    Article  MATH  MathSciNet  Google Scholar 

  28. Tseng, Y.-M., Tsai, T.-T., & Huang, S.-S. (2013). Leakage-free ID-based signature. The Computer Journal. doi:10.1093/comjnl/bxt116.

  29. Canetti, R., & Krawczyk, H. (2001). Analysis of key exchange protocols and their use for building secure channels. In Proceedings of advances in cryptology (Eurocrypt’01), LNCS, pp. 453–474.

  30. Cheng, Z., Nistazakis, M., Comley, R., & Vasiu, L. (2005). On the indistinguishability-based security model of key agreement protocols-simple cases, Cryptology ePrint Archieve, Report 2005/129.

  31. Mandt, T., & Tan, C. (2008). Certificateless authenticated two-party key agreement protocols. In Proceedings of the ASIAN’08, LNCS 4435, pp. 37–44.

  32. Islam, S. H., & Biswas, G. P. (2011). Comments on ID-based client authentication with key agreement protocol on ECC for mobile client-server environment. In Proceedings of the international conference on advanced in computing and communications (ACC 2011), CCIS 191, Springer, Berlin, pp. 628–635.

  33. Islam, S. H., & Bisws, G. P. (2011). A more efficient and secure ID-based remote mutual authentication with key agreement scheme for mobile devices on elliptic curve cryptosystem. Journal of Systems and Software, 84, 1892–1898.

    Article  Google Scholar 

  34. LaMacchia, B., Lauter, K., & Mityagin, A. (2007). Stronger security of authenticated key exchange. In Proceeding of the ProvSec’07, pp. 1–16.

  35. Swanson, C. M. (2008). Security in key agreement: Two-party certificateless schemes. Master’s thesis, University of Waterloo, Canada.

  36. Islam, S. H., & Biswas, G. P. (2013). Design of improved password authentication and update scheme based on elliptic curve cryptography. Mathematical and Computer Modelling, 57, 2703–2717.

    Article  MATH  MathSciNet  Google Scholar 

  37. Islam, S. H., & Biswas, G. P. (2012). A pairing-free identity-based authenticated group key agreement protocol for imbalanced mobile networks. Annals of Telecommunications, 67(11–12), 547–558.

    Article  Google Scholar 

  38. Hou, M., Xu, Q., Shanqing, G., & Jiang, H. (2010). Cryptanalysis of identity-based authenticated key agreement protocols from parings. Journal of Networks, 5(7), 826–855.

    Article  Google Scholar 

  39. Ballare, M., & Rogaway, P. (1993). Random oracles are practical: A paradigm for designing efficient protocols. In Proceedings of the 1st ACM conference on computer and communications security (CCS’93), pp. 62–73.

  40. Pippal, R. S., Jaidhar, C. D., & Tapaswi, S. (2013). Robust smart card authentication scheme for multi-server architecture. Wireless Personal Communications, 72, 729–745.

    Article  Google Scholar 

  41. Tsai, J.-L., Lo, N.-W., & Wu, T.-C. (2013). A new password-based multi-server authentication scheme robust to password guessing attacks. Wireless Personal Communications, 71, 1977–1988.

    Article  Google Scholar 

  42. Miller, V. S. (1985). Use of elliptic curves in cryptography. In Proceeding of the advances in cryptology (Crypto’85), pp. 417–426.

  43. Koblitz, N. (1987). Elliptic curve cryptosystem. Journal of Mathematics of Computation, 48(177), 203–209.

    Article  MATH  MathSciNet  Google Scholar 

  44. Pointcheval, D., & Stern, J. (2000). Security arguments for digital signatures and blind signatures. Journal of Cryptology, 13, 361–396.

    Article  MATH  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science and Information Systems, Birla Institute of Technology and Science, Pilani, Pilani, 333031, Rajasthan, India

    SK Hafizul Islam

Authors
  1. SK Hafizul Islam
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to SK Hafizul Islam.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Islam, S.H. A Provably Secure ID-Based Mutual Authentication and Key Agreement Scheme for Mobile Multi-Server Environment Without ESL Attack. Wireless Pers Commun 79, 1975–1991 (2014). https://doi.org/10.1007/s11277-014-1968-8

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11277-014-1968-8

Keywords

Search

Navigation