nach oben

Wireless Networks

Erschienen in:

01.01.2019

A new three-factor authentication and key agreement protocol for multi-server environment

verfasst von: T. Sudhakar, V. Natarajan

Erschienen in: Wireless Networks | Ausgabe 7/2020

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Several password and smart-card based two-factor security remote user authentication protocols for multi-server environment have been proposed for the last two decades. Due to tamper-resistant nature of smart cards, the security parameters are stored in it and it is also a secure place to perform authentication process. However, if the smart card is lost or stolen, it is possible to extract the information stored in smart card using power analysis attack. Hence, the two factor security protocols are at risk to various attacks such as password guessing attack, impersonation attack, replay attack and so on. Therefore, to enhance the level of security, researchers have focused on three-factor (Password, Smart Card, and Biometric) security authentication scheme for multi-server environment. In existing biometric based authentication protocols, keys are generated using fuzzy extractor in which keys cannot be renewed. This property of fuzzy extractor is undesirable for revocation of smart card and re-registration process when the smart card is lost or stolen. In addition, existing biometric based schemes involve public key cryptosystem for authentication process which leads to increased computation cost and communication cost. In this paper, we propose a new multi-server authentication protocol using smart card, hash function and fuzzy embedder based biometric. We use Burrows–Abadi–Needham logic to prove the correctness of the new scheme. The security features and efficiency of the proposed scheme is compared with recent schemes and comparison results show that this scheme provides strong security with a significant efficiency.

Vorheriger Artikel Towards a capability maturity model for digital forensic readiness

Nächster Artikel Energy-saving automated system for microclimate in agricultural premises with utilization of ventilation air

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Lamport, L. (1981). Password authentication with insecure communication. Communications of the ACM, 24, 770–772.

Chang, C. C., & Wu, T. C. (1991). Remote password authentication with smart cards. IEE Proceedings-e, 138(3), 165–168.

Wu, T. C. (1995). Remote login authentication scheme based on the geometric approach. Computer Communications, 18(12), 959–963.

Wu, T. C., & Sung, H. S. (1996). Authentication passwords over an insecure channel. Computers & Security, 15(5), 431–439.

Wang, S.-J., & Chang, J.-F. (1996). Smart card based secure password authentication scheme. Computers & Security, 15(3), 231–237.

Yang, W.-H., & Shieh, S.-P. (1999). Password authentication scheme with smart card. Computers & Security, 18(8), 727–733.

Jan, J. K., & Chen, Y. Y. (1998). Paramita wisdom password authentication scheme without verification tables. The Journal of Systems and Software, 42(1), 45–57.

Hwang, M. S., & Li, L. H. (2000). A new remote user authentication scheme using smart cards. IEEE Transactions on Consumer Electronics, 46(1), 28–30.

Li, L. H., Lin, L. C., & Hwang, M. S. (2001). A remote password authentication scheme for multi-server architecture using neural networks. IEEE Transactions on Neural Networks, 12(6), 1498–1504.

10.

Lin, I. C., Hwang, M. S., & Li, L. H. (2003). A new remote user authentication scheme for multi-server architecture. Future Generation Computer Systems, 19(1), 13–22.MATH

11.

Juang, W. S. (2004). Efficient multi-server password-authenticated key agreement using smart cards. IEEE Transactions on Consumer Electronics, 50(1), 251–255.

12.

Liao, I.-E., Lee, C.-C., & Hwang, M.-S. (2006). A password authentication scheme over insecure networks. Journal of Computer and System Sciences, 72, 727–740.MathSciNetMATH

13.

Chao, J. (2012). An Improved remote password authentication scheme with smartcard. Journal of Electronics, 29(6), 550–555.

14.

Liao, Y.-P., & Wang, S.-S. (2009). A secure dynamic ID-based remote user authentication scheme for a multi-server environment. Computer Standards and Interfaces, 31(1), 24–29.

15.

Sood, S. K., Sarje, A. K., & Singh, K. (2011). A secure dynamic identity based authentication protocol for multi-server architecture. Journal of Network and Computer Applications, 34(2), 609–618.

16.

Hsiang, H. C., & Shih, W. K. (2009). Improvement of the secure dynamic ID-based remote user authentication scheme for a multi-server environment. Computer Standards and Interfaces, 31(6), 1118–1123.

17.

Lee, C. C., Lin, T. H., & Chang, R. X. (2011). A secure dynamic ID based remote user authentication scheme for multi-server environment using smart cards. Expert System with Applications, 38(11), 13863–13870.

18.

Li, X. J., et al. (2013). A novel smart card and dynamic ID based remote user authentication scheme for multi-serverenvironment. Mathematical and Computer Modelling, 58(1–2), 85–95.

19.

Pippal, R. S., Jaidhar, C. D., & Tapaswi, S. (2013). Robust smart card authentication scheme for multi-server architecture. Wireless Personal Communications, 72(1), 729–745.

20.

Saraswathi, S., Renuka Devi, S., & Yogesh, P. (2015). Secure and efficient smart-card-based remote user authentication scheme for multi-server environment. Canadian Journal of Electrical and Computer Engineering, 38(1), 20–30.

21.

Kocher, P., Jaffe, J., & Jun, B. (1999). Differential power analysis. In 19th annual international cryptology conference CRYPTO’99. pp. 388–397.

22.

Messergers, T. S., Dabbish, E. A., & Sloan, R. H. (2002). Examining smart card security under the threat of power analysis attacks. IEEE Transactions on Computers, 51(5), 541–552.MathSciNetMATH

23.

Lee, J. K., Ryu, S. R., & Yoo, K. Y. (2002). Fingerprint-based remote user authentication scheme using smart cards. Electronics Letters, 38(12), 554–555.

24.

Lin, C.-H., & Lai, Y.-Y. (2004). A flexible biometrics remote user authentication scheme. Computer Standards Interfaces, 27, 19–23.

25.

Khan, M. K., & Zhang, J. (2007). Improving the security of a flexible biometrics remote user authentication scheme. Computer Standards Interfaces, 29, 82–85.

26.

Khan, M. K., Zhang, J., & Wang, X. (2008). Chaotic hash-based fingerprint biometric remote user authentication scheme on mobile devices. Chaos, Solitons and Fractals, 35, 519–524.

27.

Li, C.-T., & Hwang, M.-S. (2010). An online biometrics-based secret sharing scheme for multiparty cryptosystem using smart cards. In ICIC international conference 2010. ISSN:1349-4198.

28.

Li, C.-T., & Hwang, M.-S. (2010). An efficient biometrics-based remoteuser authentication scheme using smart cards. Journal of Network and Computer Applications, 33, 1–5.

29.

Li, X., Niu, J.-W., Ma, J., Wang, W.-D., & Liu, C.-L. (2011). Cryptanalysis and improvement of a biometric-based remote user authentication scheme using smart cards. Journal of network and computer applications, 34(1), 73–79.

30.

Chuang, M.-C., & Chen, M. C. (2014). An anonymous multi-server authenticated key agreement scheme based on trust computing using smart cards and biometrics. Expert Systems with Applications, 41(4), 1411–1418.

31.

Das, A. K., Mishra, D., & Mukhopadhyay, S. (2014). A secure user anonymity preserving biometric-based multi-server authenticated key agreement scheme using smart cards. Expert Systems with Applications, 41, 8129–8143.

32.

Baruah, K. C., Banerjee, S., Dutta, M. P., & Bhunia, C. T. (2015). An improved biometric-based multi-server authentication scheme using smart card. international journal of security and its applications, 9(1), 397–408.

33.

Lin, Y., Wang, K., Zhang, B., Liu, Y., & Li, X. (2016). An enhanced biometric-based three factors user authentication scheme for multi-server environments. International Journal of Security and Its Applications, 10(1), 315–328.

34.

He, D., & Wang, D. (2015). Robust biometrics-based authentication scheme for multi-server environment. IEEE Systems Journal, 9(3), 816–823.

35.

Yoon, E.-J., & Yoo, K.-Y. (2013). Robust biometrics-based multi-server authentication with key agreement scheme for smart cards on elliptic curve cryptosystem. Journal of Supercomputing, 63(1), 235–255.

36.

Odelu, V., Das, A. K., & Goswami, A. (2015). A secure biometrics-based multi-server authentication protocol using smart cards. IEEE Transactions on Information Forensics and Security, 10(9), 1953–1966.

37.

Subhas, B., Das, A. K., Samanta, D., Samiran, C., Joel, J. P. C., & Youngho, P. (2018). Provably secure multi-server authentication protocol using fuzzy commitment. IEEE Access, 6, 38578–38594.

38.

Buhan, I., Doumen, J., Hartel, P., Tang, Q., & Veldhuis, R. (2010). Embedding renewable cryptographic keys into noisy data. International Journal of Information Security, 9(3), 193–208.

39.

Burrows, M., Abadi, M., & Needham, R. (1990). A logic of authentication. ACM Transactions on Computer Systems, 8(1), 18–36.MATH

40.

Lu, Y., Li, L., Yang, X., & Yang, Y. (2015). Robust biometrics based authentication and key agreement scheme for multi-server environments using smart cards. PLoS ONE, 10(5), 1–13.

41.

Lin, H., Wen, F., & Du, C. (2015). An improved anonymous multi-server authenticated key agreement scheme using smart cards and biometrics. Wireless Personal Communications, 84(4), 2351–2362.

42.

Reddy, A. G., Yoon, E.-J., Das, A. K., Odelu, V., & Yoo, K.-Y. (2017). Design of mutually authenticated key agreement protocol resistant to impersonation attacks for multi-server environment. IEEE Access, 5, 3622–3639.

43.

Security Protocol Animator for AVISPA. http://www.irisa.fr/celtique/genet/span/. Accessed April 2016.

44.

AVISPA. Automated validation of internet security protocols and applications. http://www.avispa-project.org/. Accessed April 2016.

45.

Kilinc, H. H., & Yanik, T. (2014). A survey of SIP authentication and key agreement schemes. IEEE Communications Surveys and Tutorials, 16(2), 1005–1023.

Titel: A new three-factor authentication and key agreement protocol for multi-server environment
verfasst von: T. Sudhakar
V. Natarajan
Publikationsdatum: 01.01.2019
Verlag: Springer US
Erschienen in: Wireless Networks / Ausgabe 7/2020
Print ISSN: 1022-0038
Elektronische ISSN: 1572-8196
DOI: https://doi.org/10.1007/s11276-018-01922-3

Neuer Inhalt

Bildnachweise

VDI-Icon, Profil Icon, inhalt2, Springer Professional Modul/© Springer Fachmedien Wiesbaden GmbH, Nachhaltigkeitsaward Key Visual/© Cometis AG/Global ESG Monitor | Daniel Rupp | Generiert mit KI, Search Icon, Banner Hanser, Kryptowährungen/© gopixa / Getty Images / iStock, MG4 aus China auf dem Prüfstand im ADAC-Technik-Zentrum in Landsberg am Lech/© ADAC e.V., Chassis eines Elektrofahrzeugs/© chesky / stock.adobe.com, Zeitschrift Wissensmanagement Cover, PatentFit-Logo/© Springer Fachmedien Wiesbaden GmbH, Sustainibility Finance/© Robert Kneschke / stock.adobe.com / Springer Fachmedien Wiesbaden GmbH, Zukunftswerkstatt Sales Excellence 2024/© AndreyPopov / Getty Images / iStock, 2023_Antrieb/© supervisuell

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Weitere Artikel der Ausgabe 7/2020

State-of-the-art approach to clustering protocols in VANET: a survey

Closed form expression for the inverse cumulative distribution function of Nakagami distribution

Impacts of sleeping time during the day on the timing and level of basal heart rate: analysis of ALLSTAR big data

A ε-sensitive indistinguishable scheme for privacy preserving

Influence maximization algorithm based on cross propagation in location-based social networks

An Autonomous Fault-Awareness model adapted for upgrade performance in clusters of homogeneous wireless sensor networks

Neuer Inhalt

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.