Skip to main content
Erschienen in: Wireless Personal Communications 1/2015

01.09.2015

Design and Analysis of Bilinear Pairing Based Mutual Authentication and Key Agreement Protocol Usable in Multi-server Environment

verfasst von: Ruhul Amin, G. P. Biswas

Erschienen in: Wireless Personal Communications | Ausgabe 1/2015

Einloggen

Aktivieren Sie unsere intelligente Suche um passende Fachinhalte oder Patente zu finden.

search-config
loading …

Abstract

With the increasing popularity and demand for various applications, the internet user accesses remote server by performing remote user authentication protocol using smart card over the insecure channel. In order to resist insider attack, most of the users remember a set of identity and password for accessing different application servers. Therefore, remembering set of identity and password is an extra overhead to the user. To avoid the mentioned shortcoming, many remote user authentication and key agreement protocols for multi-server architecture have been proposed in the literature. Recently, Hsieh–Leu proposed an improve protocol of Liao et al. scheme and claimed that the improve protocol is applicable for practical implementation. However, through careful analysis, we found that Hsieh–Leu scheme is still vulnerable to user anonymity, password guessing attack, server masquerading attack and the password change phase is inefficient. Therefore, the main aim of this paper was to design a bilinear pairing based three factors remote user authentication scheme using smart card for providing security weaknesses free protocol. In order to validate security proof of the proposed protocol, this paper uses BAN logic which ensures that the same protocol achieves mutual authentication and session key agreement property securely. Furthermore, this paper also informally illustrates that the proposed protocol is well protected against all the relevant security attacks. The performance analysis and comparison with other schemes are also made, and it has been found that the proposed protocol achieves complete security requirements with comparatively lesser complexities.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

Literatur
1.
Zurück zum Zitat Amin, R. (2013). Cryptanalysis and an efficient secure ID-based remote user authentication using smart card. International Journal of Computer Applications, 75(13), 43–48.CrossRef Amin, R. (2013). Cryptanalysis and an efficient secure ID-based remote user authentication using smart card. International Journal of Computer Applications, 75(13), 43–48.CrossRef
3.
Zurück zum Zitat Amin, R., & Biswas, G. P. (2015). Remote access control mechanism using rabin public key cryptosystem. In Information systems design and intelligent applications, advances in intelligent systems and computing (vol. 339, pp. 525–533). Springer. doi:10.1007/978-81-322-2250-7_52. Amin, R., & Biswas, G. P. (2015). Remote access control mechanism using rabin public key cryptosystem. In Information systems design and intelligent applications, advances in intelligent systems and computing (vol. 339, pp. 525–533). Springer. doi:10.​1007/​978-81-322-2250-7_​52.
4.
Zurück zum Zitat Amin, R., Maitra, T., & Giri, D. (2013). An improved efficient remote user authentication scheme in multi-server environment using smart card. International Journal of Computer Applications, 69(22), 1–6.CrossRef Amin, R., Maitra, T., & Giri, D. (2013). An improved efficient remote user authentication scheme in multi-server environment using smart card. International Journal of Computer Applications, 69(22), 1–6.CrossRef
5.
Zurück zum Zitat Awasthi, A. K., & Lal, S. (2004). An enhanced remote user authentication scheme using smart cards. IEEE Transactions on Consumer Electronics, 50(2), 583–586.CrossRef Awasthi, A. K., & Lal, S. (2004). An enhanced remote user authentication scheme using smart cards. IEEE Transactions on Consumer Electronics, 50(2), 583–586.CrossRef
6.
Zurück zum Zitat Badra, M., & Urien, P. (2004). Introducing smartcards to remote authenticate passwords using public key encryption. In Advances in wired and wireless communication, 2004 IEEE/Sarnoff symposium on (pp. 123–126). doi:10.1109/SARNOF.2004.1302856. Badra, M., & Urien, P. (2004). Introducing smartcards to remote authenticate passwords using public key encryption. In Advances in wired and wireless communication, 2004 IEEE/Sarnoff symposium on (pp. 123–126). doi:10.​1109/​SARNOF.​2004.​1302856.
7.
Zurück zum Zitat Boneh, D., & Franklin, M. (2001). Identity-based encryption from the weil pairing. In Advances in cryptology CRYPTO 2001, lecture notes in computer science (vol. 2139, pp. 213–229). Springer, Berlin. doi:10.1007/3-540-44647-8_13. Boneh, D., & Franklin, M. (2001). Identity-based encryption from the weil pairing. In Advances in cryptology CRYPTO 2001, lecture notes in computer science (vol. 2139, pp. 213–229). Springer, Berlin. doi:10.​1007/​3-540-44647-8_​13.
10.
Zurück zum Zitat Chang, C. C., & Wu, T. C. (1991). Remote password authentication with smart cards. IEE Proceedings E Computers and Digital Techniques, 138(3), 165–168.CrossRef Chang, C. C., & Wu, T. C. (1991). Remote password authentication with smart cards. IEE Proceedings E Computers and Digital Techniques, 138(3), 165–168.CrossRef
11.
Zurück zum Zitat Chang, Y. F., Yu, S. H., & Shiao, D. R. (2013). A uniqueness-and-anonymity-preserving remote user authentication scheme for connected health care. Journal of Medical Systems, 37(2), 1–9. doi:10.1007/s10916-012-9902-7.MATH Chang, Y. F., Yu, S. H., & Shiao, D. R. (2013). A uniqueness-and-anonymity-preserving remote user authentication scheme for connected health care. Journal of Medical Systems, 37(2), 1–9. doi:10.​1007/​s10916-012-9902-7.MATH
12.
Zurück zum Zitat Lee, C.-C., Lai, Y.-M., & Li, C. T. (2011). An improved secure dynamic ID based remote user authentication scheme for multi-server environment. Expert Systems with Applications, 38(11), 203–209. Lee, C.-C., Lai, Y.-M., & Li, C. T. (2011). An improved secure dynamic ID based remote user authentication scheme for multi-server environment. Expert Systems with Applications, 38(11), 203–209.
13.
Zurück zum Zitat Cheon, J. H., & Lee, D. H. (2002). Diffie-hellman problems and bilinear maps. Cryptology ePrint Archive: Report 2002. Cheon, J. H., & Lee, D. H. (2002). Diffie-hellman problems and bilinear maps. Cryptology ePrint Archive: Report 2002.
15.
Zurück zum Zitat Eisenbarth, T., Kasper, T., Moradi, A., Paar, C., Salmasizadeh, M., & Shalmani, M. (2008). On the power of power analysis in the real world: A complete break of the keeloq code hopping scheme. In Advances in cryptology CRYPTO 2008, lecture notes in computer science (vol. 5157, pp. 203–220). Springer, Berlin. doi:10.1007/978-3-540-85174-5_12. Eisenbarth, T., Kasper, T., Moradi, A., Paar, C., Salmasizadeh, M., & Shalmani, M. (2008). On the power of power analysis in the real world: A complete break of the keeloq code hopping scheme. In Advances in cryptology CRYPTO 2008, lecture notes in computer science (vol. 5157, pp. 203–220). Springer, Berlin. doi:10.​1007/​978-3-540-85174-5_​12.
16.
Zurück zum Zitat Frey, G., & Rück, H. G. (1994). A remark concerning m-divisibility and the discrete logarithm in the divisor class group of curves. Mathematics of computation, 62(206), 865–874. doi:10.2307/2153546.MathSciNet Frey, G., & Rück, H. G. (1994). A remark concerning m-divisibility and the discrete logarithm in the divisor class group of curves. Mathematics of computation, 62(206), 865–874. doi:10.​2307/​2153546.MathSciNet
17.
Zurück zum Zitat Geng, J., & Zhang, L. (2008). A dynamic ID-based user authentication and key agreement scheme for multi-server environment using bilinear pairings. In Power electronics and intelligent transportation system, 2008. PEITS ’08. Workshop on (pp. 33–37). doi:10.1109/PEITS.2008.35. Geng, J., & Zhang, L. (2008). A dynamic ID-based user authentication and key agreement scheme for multi-server environment using bilinear pairings. In Power electronics and intelligent transportation system, 2008. PEITS ’08. Workshop on (pp. 33–37). doi:10.​1109/​PEITS.​2008.​35.
18.
19.
Zurück zum Zitat Hsieh, W. B., & Leu, J. S. (2014). An anonymous mobile user authentication protocol using self-certified public keys based on multi-server architectures. The Journal of Supercomputing, 70(1), 133–148. doi:10.1007/s11227-014-1135-8.CrossRef Hsieh, W. B., & Leu, J. S. (2014). An anonymous mobile user authentication protocol using self-certified public keys based on multi-server architectures. The Journal of Supercomputing, 70(1), 133–148. doi:10.​1007/​s11227-014-1135-8.CrossRef
20.
Zurück zum Zitat Islam, S. (2014). A provably secure ID-based mutual authentication and key agreement scheme for mobile multi-server environment without esl attack. Wireless Personal Communications, 79(3), 1975–1991. doi:10.1007/s11277-014-1968-8.CrossRef Islam, S. (2014). A provably secure ID-based mutual authentication and key agreement scheme for mobile multi-server environment without esl attack. Wireless Personal Communications, 79(3), 1975–1991. doi:10.​1007/​s11277-014-1968-8.CrossRef
21.
Zurück zum Zitat Jin, A. T. B., Ling, D. N. C., & Goh, A. (2004). Biohashing: Two factor authentication featuring fingerprint data and tokenised random number. Pattern Recognition, 37(11), 2245–2255.CrossRef Jin, A. T. B., Ling, D. N. C., & Goh, A. (2004). Biohashing: Two factor authentication featuring fingerprint data and tokenised random number. Pattern Recognition, 37(11), 2245–2255.CrossRef
23.
Zurück zum Zitat Kocher, P., Jaffe, J., & Jun, B. (1999). Differential power analysis. In Advances in cryptology CRYPTO 99, lecture notes in computer science (vol. 1666, pp. 388–397). Kocher, P., Jaffe, J., & Jun, B. (1999). Differential power analysis. In Advances in cryptology CRYPTO 99, lecture notes in computer science (vol. 1666, pp. 388–397).
24.
Zurück zum Zitat Lee, W. B., & Chang, C. C. (2000). User identification and key distribution maintaining anonymity for distributed computer network. Computer and System Science, 15(4), 211–214.MathSciNetMATH Lee, W. B., & Chang, C. C. (2000). User identification and key distribution maintaining anonymity for distributed computer network. Computer and System Science, 15(4), 211–214.MathSciNetMATH
25.
Zurück zum Zitat Lee, C. C., Lin, T. H., & Chang, R. X. (2011). A secure dynamic ID based remote user authentication scheme for multi-server environment using smart cards. Expert Systems with Applications, 38(11), 13,863–13,870. doi:10.1016/j.eswa.2011.04.190. Lee, C. C., Lin, T. H., & Chang, R. X. (2011). A secure dynamic ID based remote user authentication scheme for multi-server environment using smart cards. Expert Systems with Applications, 38(11), 13,863–13,870. doi:10.​1016/​j.​eswa.​2011.​04.​190.
26.
Zurück zum Zitat Li, X., Ma, J., Wang, W., Xiong, Y., & Zhang, J. (2010). A novel smart card and dynamic ID based remote user authentication scheme for multi-server environments. Mathematical and Computer Modelling 58(1–2), 85–95 (2013). doi:10.1016/j.mcm.2012.06.033. Financial IT and security and international symposium on computational electronics. Li, X., Ma, J., Wang, W., Xiong, Y., & Zhang, J. (2010). A novel smart card and dynamic ID based remote user authentication scheme for multi-server environments. Mathematical and Computer Modelling 58(1–2), 85–95 (2013). doi:10.​1016/​j.​mcm.​2012.​06.​033. Financial IT and security and international symposium on computational electronics.
28.
Zurück zum Zitat Li, X., Qiu, W., Zheng, D., Chen, K., & Li, J. (2010). Anonymity enhancement on robust and efficient password-authenticated key agreement using smart cards. IEEE Transactions on Industrial Electronics, 57(2), 793–800. doi:10.1109/TIE.2009.2028351.CrossRef Li, X., Qiu, W., Zheng, D., Chen, K., & Li, J. (2010). Anonymity enhancement on robust and efficient password-authenticated key agreement using smart cards. IEEE Transactions on Industrial Electronics, 57(2), 793–800. doi:10.​1109/​TIE.​2009.​2028351.CrossRef
29.
Zurück zum Zitat Li, X., Xiong, Y., Ma, J., & Wang, W. (2012). An efficient and security dynamic identity based authentication protocol for multi-server architecture using smart cards. Journal of Network and Computer Applications, 35(2), 763–769. doi:10.1016/j.jnca.2011.11.009.CrossRef Li, X., Xiong, Y., Ma, J., & Wang, W. (2012). An efficient and security dynamic identity based authentication protocol for multi-server architecture using smart cards. Journal of Network and Computer Applications, 35(2), 763–769. doi:10.​1016/​j.​jnca.​2011.​11.​009.CrossRef
30.
Zurück zum Zitat Liao, Y. P., & Hsiao, C. M. (2013). A novel multi-server remote user authentication scheme using self-certified public keys for mobile clients. Future Generation Computer Systems, 29(3), 886–900.CrossRef Liao, Y. P., & Hsiao, C. M. (2013). A novel multi-server remote user authentication scheme using self-certified public keys for mobile clients. Future Generation Computer Systems, 29(3), 886–900.CrossRef
34.
Zurück zum Zitat Menezes, A., Vanstone, S., & Okamoto, T. (1991). Reducing elliptic curve logarithms to logarithms in a finite field. In Proceedings of the twenty-third annual ACM symposium on theory of computing, STOC ’91 (pp. 80–89). doi:10.1145/103418.103434. Menezes, A., Vanstone, S., & Okamoto, T. (1991). Reducing elliptic curve logarithms to logarithms in a finite field. In Proceedings of the twenty-third annual ACM symposium on theory of computing, STOC ’91 (pp. 80–89). doi:10.​1145/​103418.​103434.
35.
Zurück zum Zitat Messerges, T. S., Dabbish, E. A., & Sloan, R. H. (2002). Examining smart-card security under the threat of power analysis attacks. IEEE Transactions on Computers, 51(5), 541–552.MathSciNetCrossRef Messerges, T. S., Dabbish, E. A., & Sloan, R. H. (2002). Examining smart-card security under the threat of power analysis attacks. IEEE Transactions on Computers, 51(5), 541–552.MathSciNetCrossRef
36.
37.
Zurück zum Zitat Shao, M.H., & Chin, Y.C. (2010). A novel approach to dynamic ID-based remote user authentication scheme for multi-server environment. In Proceedings of the 2010 fourth international conference on network and system security, NSS ’10 (pp. 548–553). IEEE Computer Society, Washington, DC, USA. doi:10.1109/NSS.2010.95. Shao, M.H., & Chin, Y.C. (2010). A novel approach to dynamic ID-based remote user authentication scheme for multi-server environment. In Proceedings of the 2010 fourth international conference on network and system security, NSS ’10 (pp. 548–553). IEEE Computer Society, Washington, DC, USA. doi:10.​1109/​NSS.​2010.​95.
38.
Zurück zum Zitat Sood, S. K., Sarje, A. K., & Singh, K. (2011). A secure dynamic identity based authentication protocol for multi-server architecture. Journal of Network and Computer Applications, 34(2), 609–618. doi:10.1016/j.jnca.2010.11.011. Efficient and Robust Security and Services of Wireless Mesh Networks. Sood, S. K., Sarje, A. K., & Singh, K. (2011). A secure dynamic identity based authentication protocol for multi-server architecture. Journal of Network and Computer Applications, 34(2), 609–618. doi:10.​1016/​j.​jnca.​2010.​11.​011. Efficient and Robust Security and Services of Wireless Mesh Networks.
39.
Zurück zum Zitat Tsai, J. L., Wu, T. C., & Tsai, K. Y. (2010). New dynamic ID authentication scheme using smart cards. International Journal of Communication Systems, 23(3), 1449–1462.MathSciNetCrossRef Tsai, J. L., Wu, T. C., & Tsai, K. Y. (2010). New dynamic ID authentication scheme using smart cards. International Journal of Communication Systems, 23(3), 1449–1462.MathSciNetCrossRef
40.
Zurück zum Zitat Tseng, Y. M., Wu, T. Y., & Wu, J. (2008). A pairing-based user authentication scheme for wireless clients with smart card. Informatics, 19(2), 285–302.MATH Tseng, Y. M., Wu, T. Y., & Wu, J. (2008). A pairing-based user authentication scheme for wireless clients with smart card. Informatics, 19(2), 285–302.MATH
41.
Zurück zum Zitat Tsuar, W. J., Chang, C. C., & Wu, W. L. (2001). A flexible user authentication scheme for multi-server internet services. In Networking ICN 2001, lecture notes in computer science (vol. 2093, pp. 174–183). Springer, Berlin. doi:10.1007/3-540-47728-4_18. Tsuar, W. J., Chang, C. C., & Wu, W. L. (2001). A flexible user authentication scheme for multi-server internet services. In Networking ICN 2001, lecture notes in computer science (vol. 2093, pp. 174–183). Springer, Berlin. doi:10.​1007/​3-540-47728-4_​18.
42.
Zurück zum Zitat Turkanovic, M., Brumen, B., & Hölbl, M. (2014). A novel user authentication and key agreement scheme for heterogeneous ad hoc wireless sensor networks, based on the internet of things notion. Ad Hoc Networks, 20, 96–112. doi:10.1016/j.adhoc.2014.03.009.CrossRef Turkanovic, M., Brumen, B., & Hölbl, M. (2014). A novel user authentication and key agreement scheme for heterogeneous ad hoc wireless sensor networks, based on the internet of things notion. Ad Hoc Networks, 20, 96–112. doi:10.​1016/​j.​adhoc.​2014.​03.​009.CrossRef
44.
Zurück zum Zitat Wei, J., Liu, W., & Hu, X. (2014). Cryptanalysis and improvement of a robust smart card authentication scheme for multi-server architecture. Wireless Personal Communications, 77(3), 2255–2269. doi:10.1007/s11277-014-1636-z.CrossRef Wei, J., Liu, W., & Hu, X. (2014). Cryptanalysis and improvement of a robust smart card authentication scheme for multi-server architecture. Wireless Personal Communications, 77(3), 2255–2269. doi:10.​1007/​s11277-014-1636-z.CrossRef
46.
Zurück zum Zitat Zhao, D., Peng, H., Li, S., & Yang, Y. (2013) An efficient dynamic ID based remote user authentication scheme using self-certified public keys for multi-server environment. CoRR abs/1305.6350. http://arxiv.org/abs/1305.6350 Zhao, D., Peng, H., Li, S., & Yang, Y. (2013) An efficient dynamic ID based remote user authentication scheme using self-certified public keys for multi-server environment. CoRR abs/1305.6350. http://​arxiv.​org/​abs/​1305.​6350
Metadaten
Titel
Design and Analysis of Bilinear Pairing Based Mutual Authentication and Key Agreement Protocol Usable in Multi-server Environment
verfasst von
Ruhul Amin
G. P. Biswas
Publikationsdatum
01.09.2015
Verlag
Springer US
Erschienen in
Wireless Personal Communications / Ausgabe 1/2015
Print ISSN: 0929-6212
Elektronische ISSN: 1572-834X
DOI
https://doi.org/10.1007/s11277-015-2616-7

Weitere Artikel der Ausgabe 1/2015

Wireless Personal Communications 1/2015 Zur Ausgabe

Neuer Inhalt