Abstract
In this paper, we investigate Chen et al. biometrics-based remote user authentication scheme and find that it cannot validate the correctness of the password, complete the storage and verification of the password, and vulnerable to anonymity attacks, smart card stolen attacks and forgery attacks. To remedy these flaws, we propose an improved three-factor remote authentication scheme based on smart cards. It can implement mutual authentication and generate session keys to effectively improve security in multi-server environments. The proposed scheme can resist smart card attack, anonymity attack, forgery attack and other attacks. In addition, the proposed scheme costs \(5T_{h}\) more compare to Chen et al. work and less computation complexity compared with other schemes.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Jiang, Q., Khan, M.K., Lu, X., et al.: A privacy preserving three-factor authentication protocol for e-Health clouds. Journal of Supercomputing 72(10), 3826–3849 (2016)
Wei, F., Wei, Y., Ma, C.: Attack on an ID-based authenticated group key exchange protocol with identifying malicious participants. International Journal of Network Security 18(2), 393–396 (2016)
Jangirala, S., Mukhopadhyay, S., Das, A.K.: A Multi-server Environment with Secure and Efficient Remote User Authentication Scheme Based on Dynamic ID Using Smart Cards. Wireless Personal Communications 95(3), 1–33 (2017)
Baruah, K.C., Banerjee, S., Dutta, M.H.P., et al.: An Improved Biometric-based Multi-server Authentication Scheme Using Smart Card. International Journal of Security & Its Applications 9(1), 397–408 (2016)
Li, L., Lin, I., Hwang, M.: A remote password authentication scheme for multi-server architecture using neural networks. IEEE Trans. Neural Network 12(6), 1498–1504 (2001)
Tsaur, W.-J., Wu, C.-C., Lee, W.-B.: A smart card-based remote scheme for password authentication in multi-server Internet services. Computer Standards & Interfaces 27(1), 39–51 (2004)
Juang, W.-S.: Efficient multi-server password authenticated key agreement using smart cards. IEEE Transaction on Consumer Electronics 50(1), 251–255 (2004)
Chang C C, Lee J S. An efficient and secure multi-server password authentication scheme using smart cards, International Conference on Cyberworlds. IEEE Computer Society 417–422 (2004)
Tsai, J.-L.: Efficient multi-server authentication scheme based on one-way hash function without verification table. Computers & Security 27(3–4), 115–121 (2008)
Tsaur, W.J., Li, J.H., Lee, W.B.: An efficient and secure multi-server authentication scheme with key agreement. Journal of Systems & Software 85(4), 876–882 (2012)
Wang, R.-C., Juang, W.-S., Lei, C.-L.: User authentication scheme with privacy-preservation for multi-server environment. IEEE Commun Lett 13(2), 157–159 (2009)
Chen, T.-Y., Lee, C.-C., Hwang, M.-S., Jan, J.-K.: Towards secure and efficient user authentication scheme using smart card for multi-server environments. The Journal of Supercomputing 66(2), 1008–1032 (2013)
Hsiang, H.-C., Shih, W.-K.: Improvement of the secure dynamic ID based remote user authentication scheme for multi-server environment. Computer Standards & Interfaces 31(6), 1118–1123 (2009)
Liao, Y.-P., Wang, S.-S.: A secure dynamic ID based remote user authentication scheme for multi-server environment. Computer Standards & Interfaces 31(1), 24–29 (2009)
Li, X., Xiong, Y.-P., Ma, J., Wang, W.-D.: An efficient and security dynamic identity based authentication protocol for multi-server architecture using smart cards. Journal of Network and Computer Applications 35(2), 763–769 (2012)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer Nature Switzerland AG
About this paper
Cite this paper
Cui, J., Chen, C., Zhang, X., Liu, Y., Cao, N. (2018). A Three-Factor Remote Authentication Scheme for Multi-server Environment. In: Sun, X., Pan, Z., Bertino, E. (eds) Cloud Computing and Security. ICCCS 2018. Lecture Notes in Computer Science(), vol 11066. Springer, Cham. https://doi.org/10.1007/978-3-030-00015-8_60
Download citation
DOI: https://doi.org/10.1007/978-3-030-00015-8_60
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-00014-1
Online ISBN: 978-3-030-00015-8
eBook Packages: Computer ScienceComputer Science (R0)