Top

Wireless Personal Communications

Published in:

01-12-2014

A Provably Secure Multi-server Based Authentication Scheme

Author: Kuo-Hui Yeh

Published in: Wireless Personal Communications | Issue 3/2014

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

With the rapid growth of electronic commerce and demand on variants of Internet based applications, the system providing resources and business services often consists of many servers around the world. So far, a variety of authentication schemes have been published to achieve remote user authentication on multi-server communication environment. Recently, Pippal et al. proposed a multi-server based authentication protocol to pursue the system security and computation efficiency. Nevertheless, based on our analysis, the proposed scheme is insecure against user impersonation attack, server counterfeit attack, and man-in-the-middle attack. In this study, we first demonstrate how these malicious attacks can be invoked by an adversary. Then, a security enhanced authentication protocol is developed to eliminate all identified weaknesses. Meanwhile, the proposed protocol can achieve the same order of computation complexity as Pippal et al.’s protocol does.

previous article Energy Detector in Ultra Wideband Systems Using Phase Compensation Technique

next article Compressed Channel Sensing using Designated Null Subcarriers in Full Duplex Wireless OFDM Systems

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Bellare, M., Pointcheval, D., & Rogaway, P. (2000). Authenticated key exchange secure against dictionary attacks. In Proceedings of EUROCRYPT (Vol. 1807, pp. 140–156). LNCS 2000.

Bellare, M., & Rogaway, P. (1993). Entity authentication and key distribution. In Proceedings of CRYPTO (Vol. 773, pp. 232–249) LNCS.

Blake-Wilson, S., Johnson, D., & Menezes, A. (1997). Key agreement protocols and their security analysis. In Proceedings of th 6th IMA international conference on cryptography and coding (Vol. 1355, pp. 30–45). LNCS.

Chang, C. C., & Lee, J. S. (2004). An efficient and secure multi-server password authentication scheme using smart card. In Proceedings of international conference on cyberworlds (pp. 417–422).

Chang, C. C., & Lee, C. Y. (2012). A secure single sign-on mechanism for distributed computer networks. IEEE Transactions on Industrial Electronics, 59(1), 629–637.CrossRef

Chen, B. L., Kuo, W. C., & Wu, L. C. (2012). Cryptanalysis of Sood et al.’s dynamic identity based authentication protocol for multi-server architecture. International Journal of Digital Content Technology and its Applications (JDCTA), 6(4), 180–187.CrossRef

He, D., & Wu, S. (2012). Security flaws in a smart card based authentication scheme for multi-server environment. Wireless Personal Communications,. doi:10.1007/s11277-012-0696-1.

Hsiang, C., & Shih, W. K. (2009). Improvement of the secure dynamic ID based remote user authentication scheme for multi-server environment. Computer Standards & Interfaces, 31(6), 1118–1123.CrossRef

Juang, W. S. (2004). Efficient multi-server password authenticated key agreement using smart cards. IEEE Transaction on Consumer Electronics, 50(1), 251–255.CrossRef

10.

Ku, W. C., Chuang, H. M., Chiang, M. H., & Chang, K. T. (2005). Weaknesses of a multi-server password authenticated key agreement scheme. In Proceedings of 2005 national computer symposium (pp. 1–5).

11.

Lee, C. C., Lin, T. H., & Chang, R. X. (2011). A secure dynamic ID based remote user authentication scheme for multi-server environment using smart cards. Expert Systems with Applications, 38(11), 13863–13870.

12.

Li, X., Xiong, Y., Ma, J., & Wang, W. (2012). An efficient and security dynamic identity based authentication protocol for multi-server architecture using smart cards. Journal of Network and Computer Applications, 35(2), 763–769.CrossRef

13.

Liao, Y. P., & Wang, S. S. (2009). A secure dynamic ID based remote user authentication scheme for multi-server environment. Computer Standards & Interfaces, 31(1), 24–29.CrossRef

14.

Pippal, R. S., Jaidhar, C. D., & Tapaswi, S. (2013). Robust smart card authentication scheme for multi-server architecture. Wireless Personal Communications. doi:10.1007/s11277-013-1039-6.

15.

Sood, S. K., Sarje, A. K., & Singh, K. (2011). A secure dynamic identity based authentication protocol for multi-server architecture. Journal of Network and Computer Applications, 34(2), 609–618.CrossRef

16.

Tsai, J.-L., Lo, N.-W., & Wu, T.-C. (2012). A new password-based multi-server authentication scheme robust to password guessing attacks. Wireless Personal Communications. doi:10.1007/s11277-012-0918-6.

17.

Wang, B., & Ma, M. (2012). A smart card based efficient and secured multi-server authentication scheme. Wireless Personal Communications. doi:10.1007/s11277-011-0456-7.

18.

Yeh, K.-H., Lo, N. W., Hsiang, T.-R., Wei, Y.-C., & Hsieh, H.-Y. (2013). Chaos between password-based authentication protocol and dictionary attacks. Advanced Science Letters, 19(3), 1048–1051(4).CrossRef

Title: A Provably Secure Multi-server Based Authentication Scheme
Author: Kuo-Hui Yeh
Publication date: 01-12-2014
Publisher: Springer US
Published in: Wireless Personal Communications / Issue 3/2014
Print ISSN: 0929-6212
Electronic ISSN: 1572-834X
DOI: https://doi.org/10.1007/s11277-014-1948-z

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Technik"

Springer Professional "Wirtschaft+Technik"

Springer Professional "Wirtschaft"

Other articles of this Issue 3/2014

A Novel 2.5–3.1 GHz Wide-Band Low-Noise Amplifier in 0.18 CMOS

An Integration of Source and Jammer for a Decode-and-Forward Two-way Scheme Under Physical Layer Security

A Multiagent Based Scheme for Unlicensed Spectrum Access in CR Networks

Channel Estimation in Long Term Evolution Uplink Using Minimum Mean Square Error-Support Vector Regression

Performance Analysis of Dual-Hop AF Relay Networks in the Presence of Channel Estimation Errors and Feedback Delay

Fault-Tolerant Energy Efficiency Computing Approach for Sparse Sampling Under Wireless Sensor Smart Grid