On the security of a smartcard-based authentication system for multiserver environments
Authors: 
Xianping Mao, Jing Zhao, Xuefeng Li, Huanyu Ma, Xiaochuan Wu, Qiushan LiuAuthors Info & Claims
Xianping Mao, Jing Zhao, Xuefeng Li, Huanyu Ma, Xiaochuan Wu, Qiushan LiuAuthors Info & ClaimsPages 345 - 349
Abstract
Password-based authentication and key agreement protocols for multiserver environments have drawn much attention due to their simplicity and efficiency. Very recently, Amin et al. introduced a password-based authentication and key agreement protocol using smart cards. We review this protocol and point out that it has some security drawbacks. This protocol cannot resist replay attack, server masquerading attack, user impersonation attack and session key computation attack. Besides, this protocol does not provide user anonymity.
References
[1]
Li-Hua Li, Iuon-Chang Lin, and Min-Shiang Hwang. 2001. A remote password authentication scheme for multiserver architecture using neural networks. IEEE Trans. Neural Networks 12, 6 (2001), 1498--1504.
[2]
Woei-Jiunn Tsaur, Wu Chia Chun, and Wei-Bin Lee. 2004. A smart card-based remote scheme for password authentication in multi-server Internet services. 27 (11 2004), 39--51.
[3]
Jia-Lun Tsai. 2008. E cient multi-server authentication scheme based on one-way hash function without verification table. Computers & Security 27, 3--4 (2008), 115--121.
[4]
Ren-Chiun Wang, Wen-Shenq Juang, and Chin-Laung Lei. 2009. User authentication scheme with privacy-preservation for multi-server environment. IEEE Communications Letters 13, 2 (2009), 157--159.
[5]
Y.P. Liao and S.S. Wang. 2009. A secure dynamic ID based remote user authentication scheme for multi-server environment. 19 (01 2009), 13--22.
[6]
Te-Yu Chen, Min-Shiang Hwang, Cheng-Chi Lee, and Jinn-Ke Jan. 2009. Cryptanalysis of a secure dynamic ID based remote user authentication scheme for multi-server environment. In Innovative Computing, Information and Control (ICICIC), 2009 Fourth International Conference on. IEEE, 725--728.
[7]
Han-Cheng Hsiang and Wei-Kuan Shih. 2009. Improvement of the secure dynamic ID based remote user authentication scheme for multi-server environment. 31 (11 2009), 1118--1123.
[8]
Cheng-Chi Lee, Tsung-Hung Lin, and Rui-Xiang Chang. 2011. A secure dynamic ID based remote user authentication scheme for multi-server environment using smart cards. Expert System with Applications 38, 11 (2011), 13863--13870.
[9]
Sandeep K Sood, Anil K Sarje, and Kuldip Singh. 2011. A secure dynamic identity based authentication protocol for multi-server architecture. Journal of Network and Computer Applications 34, 2 (2011), 609--618.
[10]
Toan-Thinh Truong, Minh-Triet Tran, and Anh-Duc Duong. 2013. Robust secure dynamic ID based remote user authentication scheme for multi-server environment. In International Conference on Computational Science and Its Applications. Springer, 502--515.
[11]
Xiong Li, Yongping Xiong, Jian Ma, and Wendong Wang. 2012. An efficient and security dynamic identity based authentication protocol for multi-server architecture using smart cards. J. Network and Computer Applications 35, 2 (2012), 763--769.
[12]
Ravi Singh Pippal, Jaidhar C. D., and Shashikala Tapaswi. 2013. Robust Smart Card Authentication Scheme for Multi-server Architecture. Wireless Personal Communications 72, 1 (2013), 729--745.
[13]
Xiong Li, Jian ma, Wendong Wang, Yongping Xiong, and Junsong Zhang. 2013. A novel smart card and dynamic ID based remote user authentication scheme for multi-server environment. 58 (07 2013), 85--95.
[14]
Xiong Li, Jianwei Niu, Saru Kumari, Junguo Liao, and Wei Liang. 2015. An Enhancement of a Smart Card Authentication Scheme for Multi-server Architecture. Wireless Personal Communications 80, 1 (2015), 175--192.
[15]
Debiao He and Ding Wang. 2014. Robust Biometrics-Based Authentication Scheme for Multiserver Environment. 9 (01 2014), 1--8.
[16]
Vanga Odelu, Ashok Kumar Das, and Adrijit Goswami. 2014. Cryptanalysis on 'Robust Biometrics-Based Authentication Scheme for Multi-server Environment'. Cryptology ePrint Archive, Report 2014/715. (2014). http://eprint.iacr.org/2014/715.
[17]
Ming-Chin Chuang and Meng Chen. 2014. An anonymous multi-server authenticated key agreement scheme based on trust computing using smart cards and biometrics. 41 (03 2014), 1411--1418.
[18]
Dheerendra Mishra, Ashok Kumar Das, and Sourav Mukhopadhyay. 2014. A secure user anonymity-preserving biometric-based multi-server authenticated key agreement scheme using smart cards. 41 (12 2014), 8129âĂŞ8143.
[19]
Yanrong Lu, Lixiang Li, Peng Haipeng, and Yixian Yang. 2015. A biometrics and smart cards-based authentication scheme for multi-server environments. 8 (03 2015).
[20]
Ruhul Amin, SK Ha zul Islam, Muhammad Khurram Khan, Arijit Karati, Debasis Giri, and Saru Kumari. 2017. A Two-Factor RSA-Based Robust Authentication System for Multiserver Environments. Security and Communication Networks 2017 (2017). Article ID 5989151.
Index Terms
- On the security of a smartcard-based authentication system for multiserver environments
Recommendations
Privacy preserving smartcard-based authentication system with provable security
In this paper, we suggest a new privacy preserving smartcard-based password authenticated key exchange SC-PAKE with provable security. Only the user who has two secrets smartcard and password can go through authentication with key exchange while ...
New identity-based three-party authenticated key agreement protocol with provable security
Key agreement allows multi-parties exchanging public information to create a common secret key that is known only to those entities over an insecure network. In the recent years, several identity-based (ID-based) authenticated key agreement protocols ...
Secure remote user authentication scheme using bilinear pairings
WISTP'07: Proceedings of the 1st IFIP TC6 /WG8.8 /WG11.2 international conference on Information security theory and practices: smart cards, mobile and ubiquitous computing systemsIn 2006, Das et al. proposed a remote user authentication scheme using the properties of bilinear pairings. The current paper, however, demonstrates that Das et al.'s scheme is still vulnerable to an impersonation attack and an off-line password ...
Comments
Information & Contributors
Information
Published In
November 2017
545 pages
ISBN:9781450353656
DOI:10.1145/3162957
- Conference Chairs:
- Jalel Ben-Othman,
- Feng Gang,
- Program Chairs:
- Jain-Shing Liu,
- Masayuki Arai
Copyright © 2017 ACM.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 24 November 2017
Check for updates
Author Tags
Qualifiers
- Research-article
Conference
ICCIP 2017
ICCIP 2017: 2017 the 3rd International Conference on Communication and Information Processing
November 24 - 26, 2017
Tokyo, Japan
Acceptance Rates
Overall Acceptance Rate 61 of 301 submissions, 20%
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 46Total Downloads
- Downloads (Last 12 months)0
- Downloads (Last 6 weeks)0
Reflects downloads up to 26 Jul 2024
Other Metrics
Citations
View Options
Get Access
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in