KSII Transactions on Internet and Information Systems (TIIS)

Korean Society for Internet Information (한국인터넷정보학회)
권호 표지
DOI QR코드

DOI QR Code

An Extended Multi-Server-Based User Authentication and Key Agreement Scheme with User Anonymity

  • Li, Chun-Ta (Department of Information Management, Tainan University of Technology) ;
  • Lee, Cheng-Chi (Department of Library and Information Science, Fu Jen Catholic University) ;
  • Weng, Chi-Yao (Department of Computer Science and Engineering, National Sun Yat-sen University) ;
  • Fan, Chun-I (Department of Computer Science and Engineering, National Sun Yat-sen University)
  • Received : 2012.05.05
  • Accepted : 2012.09.03
  • Published : 2013.01.31
Download PDF
⟨ Previous Next ⟩

Abstract

With the explosive growth of computer networks, many remote service providing servers and multi-server network architecture are provided and it is extremely inconvenient for users to remember numerous different identities and passwords. Therefore, it is important to provide a mechanism for a remote user to use single identity and password to access multi-server network architecture without repetitive registration and various multi-server authentication schemes have been proposed in recent years. Recently, Tsaur et al. proposed an efficient and secure smart card based user authentication and key agreement scheme for multi-server environments. They claimed that their scheme satisfies all of the requirements needed for achieving secure password authentication in multi-server environments and gives the formal proof on the execution of the proposed authenticated key agreement scheme. However, we find that Tsaur et al.'s scheme is still vulnerable to impersonation attack and many logged-in users' attack. We propose an extended scheme that not only removes the aforementioned weaknesses on their scheme but also achieves user anonymity for hiding login user's real identity. Compared with other previous related schemes, our proposed scheme keeps the efficiency and security and is more suitable for the practical applications.

Keywords

References

  1. C. C. Chang and J. S. Lee, "An efficient and secure multi-server password authentication scheme using smart cards," in Proc. of 3th International Conference on Cyberworlds, pp. 417-422, 2004.
  2. W. Juang, "Efficient multi-server password authenticated key agreement using smart cards," IEEE Transactions on Consumer Eletronics, vol. 50, no. 1, pp. 251-255, 2004. https://doi.org/10.1109/TCE.2004.1277870
  3. M. S. Hwang, S. K. Chong and T. Y. Chen, "Dos-resistant ID-based password authentication scheme using smart cards," Journal of Systems and Software, vol. 83, no. 1, pp. 163-172, 2010. https://doi.org/10.1016/j.jss.2009.07.050
  4. P. Kocher, J. Jaffe and B. Jun, "Differential power analysis," Advances in Cryptology, pp. 388-397, 1999. http://www.cryptography.com/public/pdf/DPA.pdf
  5. L. H. Li, I. C. Lin and M. S. Hwang, "A remote password authentication scheme for multi-server architecture using neural networks," IEEE Transactions on Neural Network, vol. 12, no. 6, pp. 1498-1504, 2001. https://doi.org/10.1109/72.963786
  6. C. T. Li and M. S. Hwang, "An efficient biometrics-based remote user authentication scheme using smart cards," Journal of Network and Computer Applications, vol. 33, no. 1, pp. 1-5, 2010. https://doi.org/10.1016/j.jnca.2009.08.001
  7. C. T. Li, C. C. Lee, L. J. Wang and C. J. Liu, "A secure billing service with two-factor user authentication in wireless sensor networks," International Journal of Innovative Computing, Information and Control, vol. 7, no. 8, pp. 4821-4831, 2011. http://www.ijicic.org/ijicic-10-03005.pdf
  8. C. T. Li, "Secure smart card based password authentication scheme with user anonymity," Information Technology and Control, vol. 40, no. 2, pp. 157-162, 2011.
  9. C. T. Li and C. C. Lee, "A robust remote user authentication scheme using smart card," Information Technology and Control, vol. 40, no. 3, pp. 236-245, 2011.
  10. C. T. Li and C. C. Lee, "A novel user authentication and privacy preserving scheme with smart cards for wireless communications," Mathematical and Computer Modelling, vol. 55, no. 1-2, pp. 35-44, 2012. https://doi.org/10.1016/j.mcm.2011.01.010
  11. I. C. Lin, M. S. Hwang and L. H. Li, "A new remote user authentication scheme for multi-server architecture," Future Generation Computer Systems, vol. 19, no. 1, pp. 13-22, 2003. https://doi.org/10.1016/S0167-739X(02)00093-6
  12. T. S. Messerges, E. A. Dabbish and R. H. Sloan, "Examining smart-card security under the threat of power analysis attacks," IEEE Transactions on Computers, vol. 51, no. 5, pp. 541-552, 2002. https://doi.org/10.1109/TC.2002.1004593
  13. R. Ramasamy and A. P. Muniyandi, "An efficient password authentication scheme for smart card," International Journal of Network Security, vol. 14, no. 3, pp. 180-186, 2012.
  14. J. L. Tsai, "Efficient multi-server authentication scheme based on one-way hash function without verification table," Computers & Security, vol. 27, no. 3-4, pp. 115-121, 2008. https://doi.org/10.1016/j.cose.2008.04.001
  15. W. J. Tsaur, J. H. Li and W. B. Lee, "An efficient and secure multi-server authentication scheme with key agreement," Journal of Systems and Software, vol. 85, no. 4, pp. 876-882, 2012. https://doi.org/10.1016/j.jss.2011.10.049
  16. R. Wang, W. Juan and C. Lei, "User authentication scheme with privacy-preservation for multi-server environment," IEEE Communications Letters, vol. 13, no. 2, pp. 157-159, 2009. https://doi.org/10.1109/LCOMM.2009.081884
  17. L. Yang, J. F. Ma and Q. Jiang, "Mutual authentication scheme with smart cards and password under trusted computing," International Journal of Network Security, vol. 14, no. 3, pp. 156-163, 2012.

Cited by

  1. An extended chaotic maps based user authentication and privacy preserving scheme against DoS attacks in pervasive and ubiquitous computing environments vol.74, pp.4, 2013, https://doi.org/10.1007/s11071-013-1029-y
  2. PRIAM: Privacy Preserving Identity and Access Management Scheme in Cloud vol.8, pp.1, 2013, https://doi.org/10.3837/tiis.2014.01.017
  3. An extended chaotic-maps-based protocol with key agreement for multiserver environments vol.76, pp.1, 2013, https://doi.org/10.1007/s11071-013-1174-3
  4. A Secure and Efficient Remote User Authentication Scheme for Multi-server Environments Using ECC vol.8, pp.8, 2014, https://doi.org/10.3837/tiis.2014.08.021
  5. A Secure Biometrics Based Authentication with Key Agreement Scheme in Telemedicine Networks for E-Health Services vol.83, pp.4, 2013, https://doi.org/10.1007/s11277-015-2538-4
  6. A secure chaotic maps‐based privacy‐protection scheme for multi‐server environments vol.9, pp.14, 2013, https://doi.org/10.1002/sec.1487
  7. An Untraceable Biometric-Based Multi-server Authenticated Key Agreement Protocol with Revocation vol.90, pp.4, 2013, https://doi.org/10.1007/s11277-016-3418-2
  8. A novel three-party password-based authenticated key exchange protocol with user anonymity based on chaotic maps vol.22, pp.8, 2013, https://doi.org/10.1007/s00500-017-2504-z
  9. Trusted Authority Assisted Three-Factor Authentication and Key Agreement Protocol for the Implantable Medical System vol.2018, pp.None, 2018, https://doi.org/10.1155/2018/7579161
  10. 자금 세탁 방지를 위한 블록체인 기반 스마트 컨트랙트 메커니즘 설계 vol.19, pp.5, 2018, https://doi.org/10.7472/jksii.2018.19.5.1
  11. Provably Secure Crossdomain Multifactor Authentication Protocol for Wearable Health Monitoring Systems vol.2020, pp.None, 2020, https://doi.org/10.1155/2020/8818704
  12. Privacy-Preserving Mutual Authentication and Key Agreement Scheme for Multi-Server Healthcare System vol.23, pp.4, 2013, https://doi.org/10.1007/s10796-021-10115-x