Skip to main content
SpringerLink
Log in

Cryptanalysis and Extended Three-Factor Remote User Authentication Scheme in Multi-Server Environment

  • Research Article - Computer Engineering and Computer Science
  • Published:
Arabian Journal for Science and Engineering Aims and scope Submit manuscript

Abstract

Recently, Wen et al. have developed three-factor authentication protocol for multi-server environment, claiming it to be resistant to several kinds of attacks. In this paper, we review Wen et al.’s protocol and find that it does not fortify against many security vulnerabilities: (1) inaccurate password change phase, (2) failure to achieve forward secrecy, (3) improper authentication, (4) known session-specific temporary information vulnerability and (5) lack of smart card revocation and biometric update phase. To get rid of these security weaknesses, we present a safe and reliable three-factor authentication scheme usable in multi-server environment. The Burrows–Abadi–Needham logic shows that our scheme is accurate, and the formal and informal security verifications show that it can defend against various spiteful threats. Further, we simulate our scheme using the broadly known Automated Validation of Internet Security Protocols and Applications tool, which ensures that it is safe from the active and passive attacks and also prevent the replay and man-in-the-middle attacks. The performance evaluation shows that the presented protocol gives strong security as well as better complexity in the terms of communication cost, computation cost and estimated time.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Khan, M.K.; Kumari, S.: An authentication scheme for secure access to healthcare services. J. Med. Syst. 37(4), 1–12 (2013)

    Article  Google Scholar 

  2. He, D.; Kumar, N.; Khan, M.H.; Lee, J.H.: Anonymous two-factor authentication for consumer roaming service in global mobility networks. IEEE Trans. Consum. Electron. 59(4), 811–817 (2013)

    Article  Google Scholar 

  3. Islam, S.H.; Khan, M.K.: Cryptanalysis and improvement of authentication and key agreement protocols for telecare medicine information systems. J. Med. Syst. 38(10), 1–16 (2014)

    Article  Google Scholar 

  4. Amin, R.; Biswas, G.P.: A secure three-factor user authentication and key agreement protocol for tmis with user anonymity. J. Med. Syst. 39(8), 1–19 (2015)

    Google Scholar 

  5. Amin, R.; Islam, S.H.; Biswas, G.P.; Khan, M.K.; Li, X.: Cryptanalysis and enhancement of anonymity preserving remote user mutual authentication and session key agreement scheme for e-health care systems. J. Med. Syst. 39(11), 1–21 (2015)

    Google Scholar 

  6. Kumari, S.; Om, H.: Authentication protocol for wireless sensor networks applications like safety monitoring in coal mines. Comput. Netw. 104, 137–154 (2016)

    Article  Google Scholar 

  7. Amin, R.; Biswas, G.P.: A novel user authentication and key agreement protocol for accessing multi-medical server usable in tmis. J. Med. Syst. 39(3), 1–17 (2015)

    Article  Google Scholar 

  8. Mishra, D.; Kumari, S.; Khan, M.K.; Mukhopadhyay, S.: An anonymous biometricbased remote userauthenticated key agreement scheme for multimedia systems. Int. J. Commun. Syst.(2015). doi:10.1002/dac.2946

  9. Kim, M.; Park, N.; Won, D.: Security improvement on a dynamic ID-based remote user authentication scheme with session key agreement for multi-server environment. SecTech/CA/CES3 339, 122–127 (2012)

    Google Scholar 

  10. Amin, R.; Biswas, G.P.: Design and analysis of bilinear pairing based mutual authentication and key agreement protocol usable in multi-server environment. Wirel. Personal Commun. 84(1), 439–462 (2015)

    Article  Google Scholar 

  11. Guo, D.; Wen, F.: Analysis and improvement of a robust smart card basedauthentication scheme for multi-server architecture. Wirel. Personal Commun. 78(1), 475–490 (2014)

    Article  Google Scholar 

  12. Tsai, J.L.; Lo, N.W.; Wu, T.C.: A new password-based multi-server authentication scheme robust to password guessing attacks. Wirel. Personal Commun. 71(3), 1977–1988 (2013)

    Article  Google Scholar 

  13. Chang, C.C.; Cheng, T.F.; Hsueh, W.Y.: A robust and efficient dynamic identitybased multiserver authentication scheme using smart cards. Int. J. Commun. Syst. 29(2), 290–306 (2016)

    Article  Google Scholar 

  14. Chen, C.T.; Lee, C.C.: A two-factor authentication scheme with anonymity for multiserver environments. Secur. Commun. Netw. 8(8), 1608–1625 (2015)

    Article  Google Scholar 

  15. Tsai, J.L.; Lo, N.W.: Secure chaotic mapsbased authenticated key agreement protocol without smartcard for multiserver environments. Secur. Commun. Netw. 8(11), 1971–1978 (2015)

    Article  Google Scholar 

  16. Ford, W.; Jr.; B. S. K.: Server-assisted generation of a strong secret from a password. In: Proceedings of the 9th IEEE International Workshops on Enabling Technologies, pp. 176–180 (2000)

  17. Jablon, D.P.: Password authentication using multiple servers. In: Proceedings of the RSA security conference, LNCS 2020, 344–360 (2001)

  18. Liao, Y.P.; Hsiao, C.M.: A novel multi-server remote user authentication scheme using self-certified public keys for mobile clients. Future Gener. Comput. Syst. 29(3), 886–900 (2013)

    Article  Google Scholar 

  19. Hsiang, H.C.; Shih, W.K.: Improvement of the secure dynamic ID based remote user authentication scheme for multi-server environment. Comput. Stand. Interfaces 31(6), 1118–1123 (2009)

    Article  Google Scholar 

  20. Sood, S.K.; Sarje, A.K.; Singh, K.: A secure dynamic identity based authentication protocol for multi-server architecture. J. Netw. Comput. Appl. 34(2), 609–618 (2011)

    Article  Google Scholar 

  21. Li, X.; Xiong, Y.; Ma, J.; Wang, W.: An efficient and security dynamic identity based authentication protocol for multi-server architecture using smart cards. J. Netw. Comput. Appl. 35(2), 763–769 (2012)

    Article  Google Scholar 

  22. Mishra, D.; Das, A.K.; Mukhopadhyay, S.: A secure user anonymity-preserving biometric-based multi-server authenticated key agreement scheme using smart cards. Expert Syst. Appl. 41(18), 8129–8143 (2014)

    Article  Google Scholar 

  23. Lu, Y.; Li, L.; Peng, H.; Yang, Y.: A biometrics and smart cardsbased authentication scheme for multiserver environments. Secur. Commun. Netw. 8(17), 3219–3228 (2015)

    Article  Google Scholar 

  24. Lu, Y.; Li, L.; Yang, X.; Yang, Y.: Robust biometrics based authentication and key agreement scheme for multi-server environments using smart cards. 10(5) (2015). doi:10.1371/journal.pone.0126323 PMID:25978373

  25. Chaudhry, S. A.; Naqvi, H.; Farash, M. S.; Shon, T.; Sher, M.: An improved and robust biometrics-based three factor authentication scheme for multiserver environments. J. Super Comput. 1–17 (2015). doi:10.1007/s11227-015-1601-y

  26. Chaudhry, S. A.: A secure biometric based multi-server authentication scheme for social multimedia networks. Multimed. Tools Appl. 75(20), 12705–12725 (2016). doi:10.1007/s11042-015-3194-0

  27. Das, A.K.: Analysis and improvement on an efficient biometric-based remote user authentication scheme using smart cards. IET Inf. Secur. 5(3), 145–151 (2011)

    Article  Google Scholar 

  28. An, Y.: Security Analysis and Enhancements of an Effective Biometric-Based Remote User Authentication Scheme Using Smart Cards. J. Biomed. Biotechnol. 16, 1–6 (2012). doi:10.1155/2012/519723. Article ID 519723

  29. Khan, M.K.; Kumari, S.: An improved biometrics-based remote user authentication scheme with user anonymity. BioMed. Res. Int. 19 (2013). doi:10.1155/2013/491289. Article ID 491289

  30. Wen, F.; Susilo, W.; Yang, G.: Analysis and improvement on a biometric-based remote user authentication scheme using smart cards. Wirel. Personal Commun. 80(4), 1747–1760 (2015)

    Article  Google Scholar 

  31. Mishra, D.; Das, A.K.; Mukhopadhyay, S.: A secure and efficient ECC-based user anonymity-preserving session initiation authentication protocol using smart card. Peer-to-Peer Netw. Appl. 9(1), 171–192 (2016)

    Article  Google Scholar 

  32. Giri, D.; Sherratt, R.S.; Maitra, T.; Amin, R.: Efficient biometric and password based mutual authentication for consumer usb mass storage devices. IEEE Trans. Consum. Electron. 61(4), 491499 (2015)

    Article  Google Scholar 

  33. Amin, R.; Biswas, G.P.; Khan, M.K.; Leng, L.; Kumar, N.: Design of an anonymity- preserving, three- factor authenticated key exchange protocol for wireless sensor networks. Comput. Netw. 101, 42–62 (2015)

    Article  Google Scholar 

  34. Kocher, P.; Jaffe, J.; Jun, B.: Differential power analysis. In: Advances in Cryptology CRYPTO 99, Lecture Notes in Computer Science. 1666, 388397 (1999)

  35. Messerges, T.S.; Dabbish, E.A.; Sloan, R.H.: Examining smart-card security under the threat of power analysis attacks. IEEE Trans. Comput. 51(5), 541–552 (2002)

    Article  MathSciNet  Google Scholar 

  36. Burrows, M.; Abadi, M.; Needham, R.: A logic of authentication. ACM Trans. Comput. Syst. 8(1), 1836 (1990). doi:10.1145/77648.77649

    Article  MATH  Google Scholar 

  37. AVISPA: Automated validation of internet security protocols and applications. http://www.avispaproject.org/. Accessed Oct 2015

  38. Tool, A. W.: http://www.avispa-project.org/web-interface/expert.php/ use on September (2015)

  39. Dolev, D.; Yao, A.C.: On the security of public key protocols. IEEE Trans. Inf. Theory 29(2), 198208 (1983)

    Article  MathSciNet  MATH  Google Scholar 

  40. Jiang, Qi; Ma, J.; Yang, G.L.L.: An efficient ticket based authentication protocol with unlinkability for wireless access networks. Wirel. Personal Commun. 77(2), 1489–1506 (2014)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of CSE, IIT(ISM), Dhanbad, Jharkhand, 826004, India

    Preeti Chandrakar & Hari Om

Authors
  1. Preeti Chandrakar
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Hari Om
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Preeti Chandrakar.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Chandrakar, P., Om, H. Cryptanalysis and Extended Three-Factor Remote User Authentication Scheme in Multi-Server Environment. Arab J Sci Eng 42, 765–786 (2017). https://doi.org/10.1007/s13369-016-2341-x

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s13369-016-2341-x

Keywords

Search

Navigation