Abstract
An authentication scheme handling multiple servers offers a feasible environment to users to conveniently access the rightful services from various servers using one-time registration. The practical realization of distribution of online services efficiently and transparently in multiple-server systems has come true by virtue of multi-server user authentication schemes. Due to distinguished properties like, difficulty to forge or copy, in-feasibility to lose or guess or forget, etc., biometrics have been widely preferred as a third authenticating factor in password and smart card based user authentication protocols. In this paper, we design a new biometrics-based multi-server authentication scheme based on trusted multiple-servers. We harness the concept of fuzzy extractor to provide the proper matching of biometric patterns. We evaluate our scheme through informal discussions on performance and also using Burrows-Abadi-Needham logic (BAN-logic) & random oracle model for formal security analysis. We also compose a comparative assessment of our scheme and the related ones. Outcome of the analysis and assessment shows our scheme an edge above many related and contemporary schemes.
Similar content being viewed by others
References
Abdalla M, Fouque P, Pointcheval D (2005) Password-based authenticated key exchange in the three-party setting. PKC 2005: 8th international workshop on theory and practice in public key cryptography, lecture notes in computer science 3386:65–84
Bakrawy L, Ghali N, Hassanien A, Kim TH (2011) A fast and secure one-way hash function. Sec Technol Comm Comp Inform Sci 259:85–93
Bergamo P, D’Arco P, De Santis A, Kocarev L (2005) Security of public-key cryptosystems based on Chebyshev polynomials. IEEE Trans Circ Sys 52(7):1382–1393
Boyko V, Mackenzie P, Patel S (2000) Provably secure password-based authenticated key exchange protocols using Diffie-Hellman, Advances in Cryptology - EUROCRYPT2000. Lect Notes Comput Sci 1807:156–171
Burrows M, Abadi M, Needham R (1990) A logic of authentication. ACM Trans Comput Syst 8:18–36
Chang CC, Le HD (2015) A provably secure, efficient and flexible authentication scheme for ad hoc wireless sensor networks. IEEE Trans Wirel Commun 15(1):357–366
Chen TY, Lee CC, Hwang MS, Jan JK (2013) Towards secure and efficient user authentication scheme using smart card for multi-server environments. J Supercomput 66:1008–1032
Chuang MC, Chen MC (2014) An anonymous multi-server authenticated key agreement scheme based on trust computing using smart cards and biometrics. Expert Syst Appl 41(4):1411–1418
Crypto++ Library 5.6.1. (2013) Available at: http://www.cryptopp.com/
Dodis Y, Reyzin L, Smith A (2004) Fuzzy extractors: how to generate strong keys from biometrics and other noisy data, Advances in Cryptology-EUROCRYPT2004. Lect Notes Comput Sci 3027:523–540
Fu Z, Sun X, Liu Q, Zhou L, Shu J (2015) Achieving efficient cloud search services: multi-keyword ranked search over encrypted cloud data supporting parallel computing. IEICE Trans Commun E98-B(1):190–200
Fu Z, Ren K, Shu J, Sun X, Huang F (2016a) Enabling personalized search over encrypted outsourced data with efficiency improvement. IEEE Trans Parallel Distributed Sys 27(9):2546–2559
Fu Z, Wu X, Guan C, Sun X, Ren K (2016b) Towards efficient multi-keyword fuzzy search over encrypted outsourced data with accuracy improvement. IEEE Trans Inform Forensics Sec 11(2):2706–2716
Guo P, Wang J, Li B, Lee S (2014) A variable threshold-value authentication architecture for wireless mesh networks. J Inter Technol 15(6):929–936
Gura N, Patel A, Wander A, Eberle H, Shantz SC (2004) Comparing elliptic curve cryptography and RSA on 8-bit CPUs. Lect Notes Comput Sci 3156:119–132
Han S, Chang E (2009) Chaotic map based key agreement with/out clock synchronization. Chaos, Solitons Fractals 39(3):1283–1289
He D, Wang D (2015) Robust biometrics-based authentication scheme for multiserver environment. IEEE Syst J 9(3):816–823
Hong SM, Oh SY, Yoon H (1996) New modular multiplication algorithms for fast modular exponentiation. Lect Notes Comput Sci 1070:166–177
Hsiang HC, Shih WK (2009) Improvement of the secure dynamic ID based remote user authentication scheme for multi-server environment. Com Standards Inter 31(6):1118–1123
Juang WS (2004) Efficient multi-server password authenticated key agreement using smart cards. IEEE Trans Consum Electron 50(1):251–255
Kaufman C (2005) Internet key exchange (IKEv2) protocol. RFC 4306, December 2005
Kim S, Lim S, Won D (2002) Cryptanalysis of flexible remote password authentication scheme of ICN’01. Electron Lett 38(24):1519–1520
Kocarev L, Tasev Z (2003) Public-key encryption based on Chebyshev maps. In: Proceedings of the International Symposium on Circuits and Systems (ISCAS’03) 3:28–31
Kocher P, Jaffe J, Jun B. (1999) Differential power analysis. Advances in Cryptology (CRYPTO’99) 388–397
Ku WC (2005) Weaknesses and drawbacks of a password authentication scheme using neural networks for multiserver architecture. IEEE Trans Neural Net 16(4):1002–1005
W.C. Ku, S.T. Chang, M.H. Chiang, Weaknesses of a remote user authentication scheme using smart cards for multi-server architecture, IEICE Trans Commun E88-B(8) (2005) 3451–3454.
Kumari S, Khan MK, Li X (2014) An improved remote user authentication scheme with key agreement. Comput Electr Eng 40(6):1997–2012
Lee TF (2015) Provably Secure Anonymous Single-Sign-On Authentication Mechanisms Using Extended Chebyshev Chaotic Maps for Distributed Computer Networks. IEEE Syst J PP(99):1–8
Lee WB, Chang CC (2000) User identification and key distribution maintaining anonymity for distributed computer network. Comput Syst Sci Eng 15(4):211–214
Lee JS, Chang YF, Chang CC (2008) A novel authentication protocol for multi-server architecture without smart cards. Inter J Innova Comp, Inform Control 4(6):1357–1364
Lee CC, Lin T-H, Chang R-X (2011) A secure dynamic ID based remote user authentication scheme for multi-server environment using smart cards. Expert Syst Appl 38(11):13863–13870
Leu J-S, Hsieh W-B (2014) Efficient and secure dynamic ID-based remote user authentication scheme for distributed systems using smart cards. IET Inf Secur 8(2):104–113
Li LH, Lin IC, Hwang MS (2001) A remote password authentication scheme for multi-server architecture using neural networks. IEEE Trans Neural Net 12(6):1498–1504
Li X, Niu J, Ma J, Wang W, Liu C (2011) Cryptanalysis and improvement of a biometrics-based remote user authentication scheme using smart cards. J Netw Comput Appl 34(1):73–79
Li X, Xiong Y, Ma J, Wang W (2012) An efficient and security dynamic identity based authentication protocol for multi-server architecture using smart cards. J Netw Comput Appl 35(2):763–769
Li CT, Lee CC, Weng CC, Fan CI (2013) An extended multi-server-based user authentication and key agreement scheme with user anonymity. KSII Trans Inter Inform Sys 7(1):119–131
Liao YP, Wang SS (2009) A secure dynamic ID based remote user authentication scheme for multiserver environment. Com Standards Inter 31(1):24–29
Lin IC (2008) A neural network system for authenticating remote users in multi-server architecture. Int J Commun Syst 21:435–445
Lin IC, Hwang MS, Li LH (2003) A new remote user authentication scheme for multi-server architecture. Futur Gener Comput Syst 19:13–22
Martin KM (2012) Everyday cryptography: fundamental principles and applications. Oxford University Press, Oxford, p 495 Chapter 13
Mason JC, Handscomb JC (2003) Chebyshev polynomials. Chapman & Hall, London
Messerges TS, Dabbish EA, Sloan RH (2002) Examining smart-card security under the threat of power analysis attacks. IEEE Trans Comput 51(5):541–552
Mishra D, Das AK, Mukhopadhyay S (2014) A secure user anonymity-preserving biometric-based multi-server authenticated key agreement scheme using smart cards. Expert Syst Appl 41(18):8129–8143
Mitchell C (2005) Trusted computing. Institution of Electrical Engineers, London
Schneier B (1996) Applied cryptography protocols algorithms and source code in C, Second edn. John Wiley and Sons Inc., Hoboken
Shen H, Gao CZ, He DD, Wu LB (2015) New biometrics-based authentication scheme for multi-server environment in critical systems. J Ambient Intell Humaniz Comput 6(6):825–834
Sood SK, Sarje AK, Singh K (2011) A secure dynamic identity based authentication protocol for multi-server architecture. J Netw Comput Appl 34(2):609–618
Tsai JL (2008) Efficient multi-server authentication scheme based on one-way hash function without verification table. Comp Sec 27:115–121
Tsai JL, Lo NW, Wu TC (2013) A new password-based multi-server authentication scheme robust to password guessing attacks. Wirel Pers Commun 71:1977–1988
Tsaur WJ (2001) A flexible user authentication scheme for multi-server internet services, Networking-ICN, Lecture Notes in Computer Science, vol 2093. Springer, Berlin, pp 174–183
Tsaur WJ, Wu CC, Lee WB (2005) An enhanced user authentication scheme for multi-server internet services. Appl Math Comput 170:258–266
Tsaur WJ, Li JH, Lee WB (2012) An efficient and secure multi-server authentication scheme with key agreement. J Syst Softw 85(4):876–882
Wang RC, Juang WS, Lei WS (2009) User authentication scheme with privacy-preservation for multiserver environment. IEEE Commun Lett 13(2):157–159
Xia Z, Wang X, Sun X, Wang Q (2015) A secure and dynamic multi-keyword ranked search scheme over encrypted cloud data. IEEE Trans Parallel Distributed Sys 27(2):340–352
Xue K, Hong P, Ma C (2014) A lightweight dynamic pseudonym identity based authentication and key agreement protocol without verification tables for multi-server architecture. J Comput Syst Sci 80:195–206
Yeh KH, Lo NW (2010) A novel remote user authentication scheme for multi-server environment without using smart cards. Intern J Innova Comp Inform Control 6(8):3467–3478
Yoon E, Yoo K (2013) Robust biometrics-based multi-server authentication with key agreement scheme for smart cards on elliptic curve cryptosystem. J Supercomput 63(1):235–255
Zhang L (2008) Cryptanalysis of the public key encryption based on multiple chaotic systems. Chaos, Solitons Fractals 37(3):669–674
Zhang L, Tang S, Zhu S (2016) An energy efficient authenticated key agreement protocol for SIP-based green VoIP networks. J Netw Comput Appl 59:126–133
Zhu H, Hao X, Zhang Y, Jiang M (2015) A biometrics-based multi-server key agreement scheme on chaotic maps cryptosystem. J Inform Hiding Multimed Signal Processing 6(2):211–224
Zhu H, Zhang Y, Sun Y (2016) Provably secure multi-server privacy-protection system based on Chebyshev chaotic maps without using symmetric cryptography. Intern J Net Sec 18(5):803–815
Acknowledgements
The authors would like to acknowledge the anonymous reviewers and the Editor for the constructive and helpful suggestions. Dr. Xiong Li is supported by the National Natural Science Foundation of China under Grant No. 61300220.
Author information
Authors and Affiliations
Corresponding author
Ethics declarations
Conflict of interest
Authors declare that there is no conflict of interests regarding the publication of this article.
Rights and permissions
About this article
Cite this article
Kumari, S., Das, A.K., Li, X. et al. A provably secure biometrics-based authenticated key agreement scheme for multi-server environments. Multimed Tools Appl 77, 2359–2389 (2018). https://doi.org/10.1007/s11042-017-4390-x
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11042-017-4390-x