nach oben

Wireless Personal Communications

Erschienen in:

18.05.2017

Cryptanalysis and Improvement of an Anonymous Multi-server Authenticated Key Agreement Scheme

verfasst von: Shipra Kumari, Hari Om

Erschienen in: Wireless Personal Communications | Ausgabe 2/2017

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

A multi-server authentication scheme offers a single registration procedure, but allows to access services from multiple servers. For efficiently communicating with the servers, a number of password based remote user authentication schemes have been explored. Recently, Chuang and Chen (Expert Syst Appl 41(4):1411–1418, 2014) have discussed an anonymous multi-server a uthenticated key agreement scheme using smart card together with password and biometrics. This scheme achieves various security requirements while supporting multiple servers as claimed by the authors. In this paper, we show that this scheme is susceptible to different attacks, such as DOS attack, user/server impersonation attack, a smart card attack, session specific temporary key attack, and it does not achieve perfect forward secrecy. In this paper, we propose a new scheme by overcoming the drawbacks of the Chuang and Chen’s scheme. Our scheme can provide non-repudiation as the authentication message sent by a user is digitally signed by the server using the RSA digital signature. Due to efficiency and security, our scheme is suitable for the services like tele medicine information system, which can provide healthcare delivery services between the patients and doctors to employ telecare medicine facilities and access electronic medical records.

Vorheriger Artikel A Miniaturized CPW-Fed Spiral Ring Resonator Loaded Slot Antenna for Wireless Application

Nächster Artikel Multiple Criteria Relay Selection Scheme in Cooperative Communication Networks

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Xue, K., Hong, P., & Ma, C. (2014). A lightweight dynamic pseudonym identity based authentication and key agreement protocol without verification tables for multi-server architecture. Journal of Computer and System Sciences, 80(1), 195–206.MathSciNetCrossRefMATH

Chang, Y. F., Yu, S. H., & Shiao, D. R. (2013). A uniqueness-andanonymity preserving remote user authentication scheme for connected health care. Journal of Medical Systems, 37(2), 9902. doi:10.1007/s10916-012-9902-7.CrossRef

Lee, C. C., Lin, T. H., & Chang, R. X. (2011). A secure dynamic ID based remote user authentication scheme for multiserver environment using smart cards. Expert Systems with Applications, 38(11), 13863–13870.

Li, X., Ma, J., Wang, W. D., Xiong, Y. P., & Zhang, J. S. (2012). A novel smart card and dynamic ID based remote user authentication scheme for multi-server environments. Mathematical and Computer Modelling, 58(1–2), 85–95. doi:10.1016/j.mcm.2012.06.033.

Li, X., Niu, J., Kumari, S., Liao, J., & Liang, W. (2014). An Enhancement of a smart card authentication scheme for multi-server architecture. Wireless Personal Communications. doi:10.1007/s11277-014-2002-x

Chuang, M.-C., & Chen, M. C. (2014). An anonymous multi-server authenticated key agreement scheme based on trust computing using smart cards and biometrics. Expert Systems with Applications, 41(4), 1411–1418.CrossRef

Yoon, E., & Yoo, K. (2013). Robust biometrics-based multi-server authentication with key agreement scheme for smart cards on elliptic curve cryptosystem. Journal of Supercomputing, 63(1), 235–255.CrossRef

He, D. Security flaws in a biometrics-based multi-server authentication with key agreement scheme. Technical report 2011/365, ePrint Archive. http://eprint.iacr.org/2011/365.pdf

He, D., & Wang, D. (2014). Robust biometrics-based authentication scheme for multi-server environment. IEEE System Journal, 9(3), 1–8.

10.

Odelu, V., Das, A. K., & Goswami, A. (2014). Cryptanalysis on robust biometrics-based authentication scheme for multi-server environment. Cryptology ePrint Archive. http://eprint.iacr.org/2014/715. pdf

11.

Lamport, L. (1981). Password authentication with in secure communication. Communications of the ACM, 24(11), 770–772.MathSciNetCrossRef

12.

Wu, Z. Y., Lee, Y. C., Lai, F., Lee, H. C., & Chung, Y. (2012). A secure authentication scheme for telecare medicine information systems. Journal of Medical Systems, 36(3), 1529–1535.CrossRef

13.

He, D., Chen, J., & Zhang, R. (2012). A more secure authentication scheme for telecare medicine information systems. Journal of Medical Systems, 36(3), 1989–1995.CrossRef

14.

Wei, J., Hu, X., & Liu, W. (2012). An improved authentication scheme for telecare medicine information systems. Journal of Medical Systems, 36(6), 3597–3604.CrossRef

15.

Zhu, Z. (2012). An efficient authentication scheme for telecare medicine information systems. Journal of Medical Systems, 36(6), 3833–3838.CrossRef

16.

Lee, T. F., & Liu, C. M. (2013). A secure smart-card based authentication and key agreement scheme for telecare medicine information systems. Journal of Medical Systems, 37(3), 1–8.

17.

Das, A. K., & Bruhadeshwar, B. (2013). An improved and effective secure password-based authentication and key agreement scheme using smart cards for the telecare medicine information system. Journal of Medical Systems, 37(5), 1–17.CrossRef

18.

Chen, H. M., Lo, J. W., & Yeh, C. K. (2012). An efficient and secure dynamic id-based authentication scheme for telecare medical information systems. Journal of Medical Systems, 36(6), 3907–3915.CrossRef

19.

Cao, T., & Zhai, J. (2013). Improved dynamic id-based authentication scheme for telecare medical information systems. Journal of Medical Systems, 37(2), 1–7.CrossRef

20.

Lin, H. Y. (2013). On the security of a dynamic id-based authentication scheme for telecare medical information systems. Journal of Medical Systems, 37(2), 1–5.CrossRef

21.

Xie, Q., Zhang, J., & Dong, N. (2013). Robust anonymous authentication scheme for telecare medical information systems. Journal of Medical Systems, 37(2), 1–8.CrossRef

22.

Jiang, Q., Ma, J., Ma, Z., & Li, G. (2013). A privacy enhanced authentication scheme for telecare medical information systems. Journal of Medical Systems, 37(1), 1–8.CrossRef

23.

Wu, F., & Xu, L. (2013). Security analysis and improvement of a privacy authentication scheme for telecare medical information systems. Journal of Medical Systems, 37(4), 1–9. doi:10.1007/s10916-013-9958-z.CrossRef

24.

Mishra, D., & Mukhopadhyay, S. (2013). Cryptanalysis of Wu and Xus authentication scheme for telecare medicine information systems. arXiv preprint arXiv: 1309.5255.

25.

Jiang, Q., Ma, J., Lu, X., & Tian, Y. (2014). Robust chaotic map-based authentication and key agreement scheme with strong anonymity for telecare medicine information systems. Journal of Medical Systems, 38(2), 1–8.CrossRef

26.

Mishra, D. (2015). On the security flaws in ID-based password authentication schemes for telecare medical information systems. Journal of Medical Systems, 39(1), 1–16.MathSciNetCrossRef

27.

Yanrong, L., Lixiang, L., Haipeng, P., & Yixian, Y. (2015). An enhanced biometric-based authentication scheme for telecare medicine information systems using elliptic curve cryptosystem. Journal of Medical Systems, 39(3), 1–8. doi:10.1007/s10916-015-0221-7.

28.

Wen, F. T., & Guo, D. I. (2014). An improved anonymous authentication scheme for telecare medical information systems. Journal of Medical Systems, 38(5), 1–11.

29.

Awasthi, A. K., & Srivastava, K. (2013). A biometric authentication scheme for telecare medicine information systems with nonce. Journal of Medical Systems, 37(5), 1–4.CrossRef

30.

Mishra, D., Mukhopadhyay, S., Kumari, S., Khan, M. K., & Chaturvedi, A. (2014). Security enhancement of a biometric based authentication scheme for telecare medicine information systems with nonce. Journal of Medical Systems, 38(5), 1–11.CrossRef

31.

Tan, Z. (2014). A user anonymity preserving three-factor authentication scheme for telecare medicine information systems. Journal of Medical Systems, 38(3), 1–9.CrossRef

32.

Arshad, H., & Nikooghadam, M. (2014). Three-factor anonymous authentication and key agreement scheme for telecare medicine information systems. Journal of Medical Systems, 38(12), 1–12.CrossRef

33.

Burrows, M., Abadi, M., & Needham, R. (1990). A logic of authentication. ACM Transactions on Computer System, 8, 18–36.CrossRefMATH

34.

Koblitz, N. (1987). Elliptic curve cryptosystems. Mathematics of computation, 48, 203–209.MathSciNetCrossRefMATH

Titel: Cryptanalysis and Improvement of an Anonymous Multi-server Authenticated Key Agreement Scheme
verfasst von: Shipra Kumari
Hari Om
Publikationsdatum: 18.05.2017
Verlag: Springer US
Erschienen in: Wireless Personal Communications / Ausgabe 2/2017
Print ISSN: 0929-6212
Elektronische ISSN: 1572-834X
DOI: https://doi.org/10.1007/s11277-017-4310-4

Neuer Inhalt

Bildnachweise

VDI-Icon, Profil Icon, inhalt2, Springer Professional Modul/© Springer Fachmedien Wiesbaden GmbH, Die Gewinner und Laudatoren des Sustainability Award in Automotive 2024/© Uli Regenscheit | ATZlive, Search Icon, Banner Hanser, Dr. Fabian Struck/© Forto Logistics SE & Co., Bau Immobilie/© Gina Sanders / Fotolia, Kundenpotenzial/© Andrii Yalanskyi / Getty Images / iStock, Zeitschrift Wissensmanagement Cover, PatentFit-Logo/© Springer Fachmedien Wiesbaden GmbH, chassis.tech plus 2023/© [M] ATZlive / TÜV SÜD PRODUCT SERVICE GMBH, adäsion-Webinar-Matinee/© krystiannawrocki_ Getty Images, Lack- und Pulvertreff/© Spinger Fachverlage Wiesbaden GmbH

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Technik"

Springer Professional "Wirtschaft+Technik"

Springer Professional "Wirtschaft"

Weitere Artikel der Ausgabe 2/2017

Optimizing Spectrum Sharing in Wireless Mesh Network Using Cognitive Technology

Chaotic Interleaving for the Transmission of Compressed Video Frames with Self-Embedded Digital Signatures

Collaborative Synchronization Mechanism in Wireless Multimedia Sensor Networks

Performance Evaluation of SAC-OCDMA System in Free Space Optics and Optical Fiber System Based on Different Types of Codes

Novel Algorithm for Tracking LEO Satellites Using Doppler Frequency Shift Technique

A Feasible Segment-by-Segment ALOHA Algorithm for RFID Systems

Neuer Inhalt

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.