Top

Wireless Personal Communications

Published in:

01-09-2014

Analysis and Improvement of a Robust Smart Card Based-Authentication Scheme for Multi-Server Architecture

Authors: Dianli Guo, Fengtong Wen

Published in: Wireless Personal Communications | Issue 1/2014

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

Recently, Pippal et al. proposed an authentication scheme for multi-server architecture and claimed that their scheme had many advantages compared to the previous schemes, such as security, reliability, etc. In this paper, we reanalyze the security of their scheme and demonstrate that their scheme is vulnerable to impersonation attack even if the adversary doesn’t know the information stored in the user’s smart card. Moreover, the adversary can proceed off-line password guessing attack if the user’s smart card is compromised. In order to eliminate those shortcomings, we propose an improved multi-server authentication scheme which can preserve user anonymity. We demonstrate the completeness of the proposed scheme through the BAN logic. Compared with other related protocols, the security analysis and performance evaluation show that our proposed scheme can provide stronger security.

previous article QoS-Driven Power Allocation Under Peak and Average Interference Constraints in Cognitive Radio Networks

next article AODV_RR: A Maximum Transmission Range Based Ad Hoc on-Demand Distance Vector Routing in MANET

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Lamport, L. (1981). Password authentication with insecure communication. Communications of the ACM, 24(11), 770–772.CrossRefMathSciNet

Das, M., Saxena, A., & Gulati, V. (2004). A dynamic ID-based remote user authentication scheme. IEEE Transactions on Consumer Electronics, 50(2), 665–667.CrossRef

Wen, F. (2013). A robust uniqueness-and-anonymity-preserving remote user authentication scheme for connected health care. Journal of Medical Systems, 37, 9980. doi:10.1007/s10916-013-9980-1.CrossRef

Wen, F., & Li, X. (2011). An improved dynamic ID-based remote user authentication with key agreement scheme. Computers and Electrical Engineering, 38(2), 381–387.CrossRef

Wen, F., Susilo, W., & Yang, G. (2013). A secure and effective anonymous user authentication scheme for roaming service in global mobility networks. Wireless Personal Communications, 73(3), 993–1004.CrossRef

Li, L., Lin, I., & Hwang, M. (2001). A remote password authentication scheme for multiserver architecture using neural networks. IEEE Transactions on Neural Network, 12(6), 1498–1504.CrossRef

Lin, I., Hwang, M., & Li, L. (2003). A new remote user authentication scheme for multi-server architecture. Future Generation Computer System, 19(1), 13–22.CrossRefMATH

Cao, X., & Zhong, S. (2006). Breaking a remote user authentication scheme for multiserver architecture. IEEE Communications Letters, 10(8), 580–581.CrossRef

Juang, W. (2004). Efficient multi-server password authenticated key agreement using smart cards. IEEE Transactions on Consumer Electronics, 50(1), 251–255.CrossRef

10.

Tsai, J. (2008). Efficient multi-server authentication scheme based on one-way hash function without verification table. Computers and Security, 27(3–4), 115–121.CrossRef

11.

Liao, Y., & Wang, S. (2009). A secure dynamic ID based remote user authentication scheme for multi-server environment. Computer Standards and Interface, 19(1), 13–22.

12.

Hsiang, H., & Shih, W. (2009). Improvement of the secure dynamic ID based remote user authentication scheme for multi-server environment. Computer Standards and Interface, 31(6), 1118–1123.CrossRef

13.

Sood, S., Sarje, A., & Singh, K. (2011). A secure dynamic identity based authentication protocol for multi-server architecture. Journal of Network and Computer Applications, 34(2), 609–618.CrossRef

14.

Lee, C., Lin, T., & Chang, R. (2011). A secure dynamic ID based remote user authentication scheme for multi-server environment using smart cards. Expert Systems with Applications, 38(11), 13863–13870.

15.

Li, X., Xiong, Y., Ma, J., & Wang, W. (2012). An efficient and security dynamic identity based authentication protocol for multi-server architecture using smart cards. Journal of Network and Computer Applications, 35(2), 763–769.CrossRef

16.

Li, X., Ma, J., Wang, W., Xiong, Y., & Zhang, J. (2012). A novel smart card and dynamic ID based remote user authentication scheme for multi-server environments. Mathematical and Computer Modelling, 58(1–2), 85–95.

17.

Guo, D., & Wen, F. (2013). A more secure dynamic ID based remote user authentication scheme for multi-server environment. Journal of Computational Information Systems, 9(2), 407–414.

18.

Wang, B., & Ma, M. (2013). A smart card based efficient and secured multi-server authentication scheme. Wireless Personal Communications, 68, 361–378.CrossRef

19.

He, D., & Wu, S. (2013). Security flaws in a smart card based authentication scheme for multi-server environment. Wireless Personal Communications, 70(1), 323–329.CrossRef

20.

Pippal, R., Jaidhar, C., & Tapaswi, S. (2013). Robust smart card authentication scheme for multi-server architecture. Wireless Personal Communications, 72, 729–745.CrossRef

21.

Tsai, J., Lo, N., & Wu, T. (2012). A new password-based multi-server authentication scheme robust to password guessing attacks. Wireless Personal Communications, 71, 1977–1988.CrossRef

22.

Kocher, P., Jaffe, J., & Jun, B. (1999). Differential power analysis: 19th Annual international cryptology conference, (pp. 388–397).

23.

Messerges, T., Dabbish, E., & Sloan, R. (2002). Examining smart card security under the threat of power analysis attacks. IEEE Transactions on Computers, 5(51), 541–552.CrossRefMathSciNet

24.

Charvet, X., Pelletier, H. (2005). Improving the DPA attack using Wavelet transform. In: NIST Physical Security Testing Workshop, Vol. 46.

25.

Jasper G. J., van Woudenberg, J., Witteman, M., & Bakker, B. (2011). Improving differential power analysis by elastic alignment. In: Proceedings of the 11th international conference on topics in cryptology: CT-RSA 2011, (pp. 104–119).

26.

Burrows, M., Abadi, M., & Needham, R. (1990). A logic of authentication. ACM Transactions on Computer Systems, 8(1), 18–36.CrossRef

27.

Chang, Y., Yu, S., & Shiao, D. (2013). A uniqueness-and-anonymity-preserving remote user authentication scheme for connected health care. Journal of Medical Systems, 37(3), 1–16.MATH

Title: Analysis and Improvement of a Robust Smart Card Based-Authentication Scheme for Multi-Server Architecture
Authors: Dianli Guo
Fengtong Wen
Publication date: 01-09-2014
Publisher: Springer US
Published in: Wireless Personal Communications / Issue 1/2014
Print ISSN: 0929-6212
Electronic ISSN: 1572-834X
DOI: https://doi.org/10.1007/s11277-014-1762-7

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Technik"

Springer Professional "Wirtschaft+Technik"

Springer Professional "Wirtschaft"

Other articles of this Issue 1/2014

Reliability Analysis for a Data Flow in Event-Driven Wireless Sensor Networks

Receiver Performances Considering Effects of Gain Control and Quantization in FDM-Based Narrowband Communication Systems

Narrowband Short Range Directive Channel Propagation Loss in Indoor Environment at Three Frequency Bands

Construction of Tree Network with Limited Delivery Latency in Homogeneous Wireless Sensor Networks

QoS-Driven Power Allocation Under Peak and Average Interference Constraints in Cognitive Radio Networks

Performance Evaluation of Non-prioritized and Prioritized Call Admission Control Schemes in Wireless Cellular Networks