Swipe to navigate through the articles of this issue
Recently, Pippal et al. proposed an authentication scheme for multi-server architecture and claimed that their scheme had many advantages compared to the previous schemes, such as security, reliability, etc. In this paper, we reanalyze the security of their scheme and demonstrate that their scheme is vulnerable to impersonation attack even if the adversary doesn’t know the information stored in the user’s smart card. Moreover, the adversary can proceed off-line password guessing attack if the user’s smart card is compromised. In order to eliminate those shortcomings, we propose an improved multi-server authentication scheme which can preserve user anonymity. We demonstrate the completeness of the proposed scheme through the BAN logic. Compared with other related protocols, the security analysis and performance evaluation show that our proposed scheme can provide stronger security.
Please log in to get access to this content
To get access to this content you need the following product:
Das, M., Saxena, A., & Gulati, V. (2004). A dynamic ID-based remote user authentication scheme. IEEE Transactions on Consumer Electronics, 50(2), 665–667. CrossRef
Wen, F., & Li, X. (2011). An improved dynamic ID-based remote user authentication with key agreement scheme. Computers and Electrical Engineering, 38(2), 381–387. CrossRef
Wen, F., Susilo, W., & Yang, G. (2013). A secure and effective anonymous user authentication scheme for roaming service in global mobility networks. Wireless Personal Communications, 73(3), 993–1004. CrossRef
Li, L., Lin, I., & Hwang, M. (2001). A remote password authentication scheme for multiserver architecture using neural networks. IEEE Transactions on Neural Network, 12(6), 1498–1504. CrossRef
Cao, X., & Zhong, S. (2006). Breaking a remote user authentication scheme for multiserver architecture. IEEE Communications Letters, 10(8), 580–581. CrossRef
Juang, W. (2004). Efficient multi-server password authenticated key agreement using smart cards. IEEE Transactions on Consumer Electronics, 50(1), 251–255. CrossRef
Tsai, J. (2008). Efficient multi-server authentication scheme based on one-way hash function without verification table. Computers and Security, 27(3–4), 115–121. CrossRef
Liao, Y., & Wang, S. (2009). A secure dynamic ID based remote user authentication scheme for multi-server environment. Computer Standards and Interface, 19(1), 13–22.
Hsiang, H., & Shih, W. (2009). Improvement of the secure dynamic ID based remote user authentication scheme for multi-server environment. Computer Standards and Interface, 31(6), 1118–1123. CrossRef
Sood, S., Sarje, A., & Singh, K. (2011). A secure dynamic identity based authentication protocol for multi-server architecture. Journal of Network and Computer Applications, 34(2), 609–618. CrossRef
Lee, C., Lin, T., & Chang, R. (2011). A secure dynamic ID based remote user authentication scheme for multi-server environment using smart cards. Expert Systems with Applications, 38(11), 13863–13870.
Li, X., Xiong, Y., Ma, J., & Wang, W. (2012). An efficient and security dynamic identity based authentication protocol for multi-server architecture using smart cards. Journal of Network and Computer Applications, 35(2), 763–769. CrossRef
Li, X., Ma, J., Wang, W., Xiong, Y., & Zhang, J. (2012). A novel smart card and dynamic ID based remote user authentication scheme for multi-server environments. Mathematical and Computer Modelling, 58(1–2), 85–95.
Guo, D., & Wen, F. (2013). A more secure dynamic ID based remote user authentication scheme for multi-server environment. Journal of Computational Information Systems, 9(2), 407–414.
Wang, B., & Ma, M. (2013). A smart card based efficient and secured multi-server authentication scheme. Wireless Personal Communications, 68, 361–378. CrossRef
He, D., & Wu, S. (2013). Security flaws in a smart card based authentication scheme for multi-server environment. Wireless Personal Communications, 70(1), 323–329. CrossRef
Pippal, R., Jaidhar, C., & Tapaswi, S. (2013). Robust smart card authentication scheme for multi-server architecture. Wireless Personal Communications, 72, 729–745. CrossRef
Tsai, J., Lo, N., & Wu, T. (2012). A new password-based multi-server authentication scheme robust to password guessing attacks. Wireless Personal Communications, 71, 1977–1988. CrossRef
Kocher, P., Jaffe, J., & Jun, B. (1999). Differential power analysis: 19th Annual international cryptology conference, (pp. 388–397).
Charvet, X., Pelletier, H. (2005). Improving the DPA attack using Wavelet transform. In: NIST Physical Security Testing Workshop, Vol. 46.
Jasper G. J., van Woudenberg, J., Witteman, M., & Bakker, B. (2011). Improving differential power analysis by elastic alignment. In: Proceedings of the 11th international conference on topics in cryptology: CT-RSA 2011, (pp. 104–119).
Burrows, M., Abadi, M., & Needham, R. (1990). A logic of authentication. ACM Transactions on Computer Systems, 8(1), 18–36. CrossRef
Chang, Y., Yu, S., & Shiao, D. (2013). A uniqueness-and-anonymity-preserving remote user authentication scheme for connected health care. Journal of Medical Systems, 37(3), 1–16. MATH
- Analysis and Improvement of a Robust Smart Card Based-Authentication Scheme for Multi-Server Architecture
- Publication date
- Springer US