article

An Improved and Secure Two-factor Dynamic ID Based Authenticated Key Agreement Scheme for Multiserver Environment

Authors:

Shreeya Swagatika Sahoo,

Sujata Mohanty,

Banshidhar MajhiAuthors Info & Claims

Wireless Personal Communications: An International Journal, Volume 101, Issue 3

Pages 1307 - 1333

Published: 01 August 2018 Publication History

Abstract

The smart card based password authentication scheme is one of the most important and efficient security mechanism, which is used for providing security to authorized users over an insecure network. In this paper, we analyzed major security flaws of Jangirala et al.'s scheme and proved that it is vulnerable to forgery attack, replay attack, user impersonation attack. Also, Jangirala et al.'s scheme fail to achieve mutual authentication as it claimed. We proposed an improved two factor based dynamic ID based authenticated key agreement protocol for the multiserver environment. The proposed scheme has been simulated using widely accepted AVISPA tool. Furthermore, mutual authentication is proved through BAN logic. The rigorous security and performance analysis depicts that the proposed scheme provides users anonymity, mutual authentication, session key agreement and secure against various active attacks.

References

[1]

Lamport, L. (1981). Password authentication with insecure communication. Communications of the ACM, 24(11), 770---772.

Digital Library

[2]

Hwang, T., Chen, Y., & Laih, C. J. (1990) Non-interactive password authentications without password tables. In 1990 IEEE region 10 conference on computer and communication systems, 1990, IEEE TENCON'90 (pp. 429---431). IEEE.

[3]

Yang, W.-H., & Shieh, S.-P. (1999). Password authentication schemes with smart cards. Computers & Security, 18(8), 727---733.

Digital Library

[4]

Hwang, M.-S., & Li, L.-H. (2000). A new remote user authentication scheme using smart cards. IEEE Transactions on Consumer Electronics, 46(1), 28---30.

Digital Library

[5]

Chan, C.-K., & Cheng, L.-M. (2000). Cryptanalysis of a remote user authentication scheme using smart cards. IEEE Transactions on Consumer Electronics, 46(4), 992---993.

Digital Library

[6]

Sun, H.-M. (2000). An efficient remote use authentication scheme using smart cards. IEEE Transactions on Consumer Electronics, 46(4), 958---961.

Digital Library

[7]

Chien, H.-Y., Jan, J.-K., & Tseng, Y.-M. (2002). An efficient and practical solution to remote authentication: Smart card. Computers & Security, 21(4), 372---375.

Digital Library

[8]

Wu, S.-T., & Chieu, B.-C. (2003). A user friendly remote authentication scheme with smart cards. Computers & Security, 22(6), 547---550.

Digital Library

[9]

Ku, W.-C., & Chen, S.-M. (2004). Weaknesses and improvements of an efficient password based remote user authentication scheme using smart cards. IEEE Transactions on Consumer Electronics, 50(1), 204---207.

Digital Library

[10]

Yoon, E.-J., Ryu, E.-K., & Yoo, K.-Y. (2004). Further improvement of an efficient password based remote user authentication scheme using smart cards. IEEE Transactions on Consumer Electronics, 50(2), 612---614.

Digital Library

[11]

Lu, R., & Cao, Z. (2005). Efficient remote user authentication scheme using smart card. Computer Networks, 49(4), 535---540.

Digital Library

[12]

Lee, S.-W., Kim, H.-S., & Yoo, K.-Y. (2005). Improvement of chien et al'.s remote user authentication scheme using smart cards. Computer Standards & Interfaces, 27(2), 181---183.

[13]

Lee, N.-Y., & Chiu, Y.-C. (2005). Improved remote authentication scheme with smart card. Computer Standards & Interfaces, 27(2), 177---180.

[14]

Xu, J., Zhu, W.-T., & Feng, D.-G. (2009). An improved smart card based password authentication scheme with provable security. Computer Standards & Interfaces, 31(4), 723---728.

Digital Library

[15]

Amin, R., & Biswas, G. P. (2015). Cryptanalysis and design of a three-party authenticated key exchange protocol using smart card. Arabian Journal for Science and Engineering, 40(11), 3135---3149.

[16]

Li, L.-H., Lin, L.-C., & Hwang, M.-S. (2001). A remote password authentication scheme for multiserver architecture using neural networks. IEEE Transactions on Neural Networks, 12(6), 1498---1504.

Digital Library

[17]

Lin, I.-C., Hwang, M.-S., & Li, L.-H. (2003). A new remote user authentication scheme for multi-server architecture. Future Generation Computer Systems, 19(1), 13---22.

[18]

Juang, W.-S. (2004). Efficient multi-server password authenticated key agreement using smart cards. IEEE Transactions on Consumer Electronics, 50(1), 251---255.

Digital Library

[19]

Chang, C.-C., & Lee, J.-S. (2004). An efficient and secure multi-server password authentication scheme using smart cards. In 2004 international conference on cyberworlds (pp. 417---422). IEEE.

Digital Library

[20]

Tsaur, W.-J., Chia-Chun, W., & Lee, W.-B. (2004). A smart card-based remote scheme for password authentication in multi-server internet services. Computer Standards & Interfaces, 27(1), 39---51.

[21]

Yang, Y., Deng, R. H., & Bao, F. (2006). A practical password-based two-server authentication and key exchange system. IEEE Transactions on Dependable and Secure Computing, 3(2), 105---114.

Digital Library

[22]

Tsai, J.-L. (2008). Efficient multi-server authentication scheme based on one-way hash function without verification table. Computers & Security, 27(3), 115---121.

Digital Library

[23]

Liao, Y.-P., & Wang, S.-S. (2009). A secure dynamic id based remote user authentication scheme for multi-server environment. Computer Standards & Interfaces, 31(1), 24---29.

Digital Library

[24]

Hsiang, H.-C., & Shih, W.-K. (2009). Improvement of the secure dynamic id based remote user authentication scheme for multi-server environment. Computer Standards & Interfaces, 31(6), 1118---1123.

Digital Library

[25]

Lee, C.-C., Lin, T.-H., & Chang, R.-X. (2011). A secure dynamic id based remote user authentication scheme for multi-server environment using smart cards. Expert Systems with Applications, 38(11), 13863---13870.

[26]

Sood, S. K., Sarje, A. K., & Singh, K. (2011). A secure dynamic identity based authentication protocol for multi-server architecture. Journal of Network and Computer Applications, 34(2), 609---618.

Digital Library

[27]

Li, X., Xiong, Y., Ma, J., & Wang, W. (2012). An efficient and security dynamic identity based authentication protocol for multi-server architecture using smart cards. Journal of Network and Computer Applications, 35(2), 763---769.

Digital Library

[28]

Li, X., Ma, J., Wang, W., Xiong, Y., & Zhang, J. (2013). A novel smart card and dynamic id based remote user authentication scheme for multi-server environments. Mathematical and Computer Modelling, 58(1), 85---95.

[29]

Zhao, D., Peng, H., Li, S., & Yang, Y. (2013). An efficient dynamic id based remote user authentication scheme using self-certified public keys for multi-server environment. arXiv preprint arXiv:1305.6350.

[30]

Xue, K., Hong, P., & Ma, C. (2014). A lightweight dynamic pseudonym identity based authentication and key agreement protocol without verification tables for multi-server architecture. Journal of Computer and System Sciences, 80(1), 195---206.

Digital Library

[31]

Das, A. K. (2015). A secure and efficient user anonymity-preserving three-factor authentication protocol for large-scale distributed wireless sensor networks. Wireless Personal Communications, 82(3), 1377---1404.

Digital Library

[32]

Li, X., Niu, J., Kumari, S., Liao, J., & Liang, W. (2015). An enhancement of a smart card authentication scheme for multi-server architecture. Wireless Personal Communications, 80(1), 175---192.

Digital Library

[33]

Odelu, V., Das, A. K., & Goswami, A. (2015). An effective and robust secure remote user authenticated key agreement scheme using smart cards in wireless communication systems. Wireless Personal Communications, 84(4), 2571---2598.

Digital Library

[34]

Shunmuganathan, S., Saravanan, R. D., & Palanichamy, Y. (2015). Secure and efficient smart-card-based remote user authentication scheme for multiserver environment. Canadian Journal of Electrical and Computer Engineering, 38(1), 20---30.

[35]

Jangirala, S., Mukhopadhyay, S., & Das, A. K. (2017). A multi-server environment with secure and efficient remote user authentication scheme based on dynamic ID using smart cards. Wireless Personal Communications, 95(3), 2735---2767.

Digital Library

[36]

Burrows, M., Abadi, M., & Needham, R. M. (1989). A logic of authentication. Proceedings of the Royal Society of London A: Mathematical, Physical and Engineering, 426, 233---271.

[37]

Ali, R., & Pal, A. K. (2017). Three-factor-based confidentiality-preserving remote user authentication scheme in multi-server environment. Arabian Journal for Science and Engineering, 42(8), 3655---3672.

[38]

AVISPA Automated Validation of Internet Security Protocols and Applications. http://www.avispa-project.org/ (2015).

[39]

Viganò, L. (2006). Automated security protocol analysis with the AVISPA tool. Electronic Notes in Theoretical Computer Science, 155, 61---86.

Digital Library

[40]

Armando, A., Basin, D., Boichut, Y., Chevalier, Y., Compagna, L., Cuéllar, J., et al. (2005). The AVISPA tool for the automated validation of internet security protocols and applications. In International conference on computer aided verification (pp. 281---285). Springer.

Digital Library

[41]

Dolev, D., & Yao, A. (1983). On the security of public key protocols. IEEE Transactions on Information Theory, 29(2), 198---208.

Digital Library

Cited By

Kumar AOm H(2021)An enhanced and provably secure authentication protocol using Chebyshev chaotic maps for multi-server environmentMultimedia Tools and Applications10.1007/s11042-020-10320-x80:9(14163-14189)Online publication date: 1-Apr-2021
https://dl.acm.org/doi/10.1007/s11042-020-10320-x

An Improved and Secure Two-factor Dynamic ID Based Authenticated Key Agreement Scheme for Multiserver Environment

Recommendations

Improved Biometric-Based Three-factor Remote User Authentication Scheme with Key Agreement Using Smart Card
ICISS 2013: Proceedings of the 9th International Conference on Information Systems Security - Volume 8303

Remote user authentication is a very important mechanism in the network system to verify the correctness of remote user and server over the insecure channel. In remote user authentication, server and user mutually authenticate each other and draw a ...
A Multi-server Environment with Secure and Efficient Remote User Authentication Scheme Based on Dynamic ID Using Smart Cards

The growth of the Internet and telecommunication technology has facilitated remote access. During the last decade, numerous remote user authentication schemes based on dynamic ID have been proposed for the multi-server environment using smart cards. ...
Cryptanalysis and security enhancement of a 'more efficient & secure dynamic ID-based remote user authentication scheme'

Remote user authentication is a method, in which remote server verifies the legitimacy of a user over an insecure communication channel. Currently, smart card-based remote user authentication schemes have been widely adopted due to their low ...

Comments

Information & Contributors

Information

Published In

cover image Wireless Personal Communications: An International Journal

Wireless Personal Communications: An International Journal Volume 101, Issue 3

August 2018

566 pages

ISSN:0929-6212

Issue’s Table of Contents

Copyright © Copyright © 2018 Springer Science+Business Media, LLC, part of Springer Nature.

Publisher

Kluwer Academic Publishers

United States

Publication History

Published: 01 August 2018

Author Tags

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

1
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 10 Oct 2024

Other Metrics

View Author Metrics

Citations

Cited By

Kumar AOm H(2021)An enhanced and provably secure authentication protocol using Chebyshev chaotic maps for multi-server environmentMultimedia Tools and Applications10.1007/s11042-020-10320-x80:9(14163-14189)Online publication date: 1-Apr-2021
https://dl.acm.org/doi/10.1007/s11042-020-10320-x

View Options

View options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Issue’s Table of Contents