Abstract
Because of increasing mobile devices and networks, people who wanted mobile service can access network at anywhere and anytime. User authentication using smartcard is a one of the widely-spread using technique in which server checks the legitimacy of a user between public channel. Currently, the number of user and server is increasing rapidly, user authentication scheme for multi-server environments have been proposed. User authentication scheme for multi-server environments is built more secure and efficient. As schemes are proposed continuously. In 2016, Amin et al. improved both Sood and Li et al.’s schemes and asserted that their scheme is a more secure and efficient for multi-server environment user authentication scheme. However, we discovered that Amin et al.’s scheme still insecure and not suitable to apply real-life application. In this paper, we demonstrate that their scheme is not able to resist several security threats. Finally, we show that our proposed scheme is more secure and provides for more security features.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Moon, J., et al.: An improvement of robust biometrics-based authentication and key agreement scheme for multi-server environments using smart cards. PloS one 10(12), e0145263 (2015)
Choi, Y., et al.: Security enhanced anonymous multiserver authenticated key agreement scheme using smart cards and biometrics. Sci. World J. 2014, 1–15 (2014)
Moon, J., et al.: Improvement of biometrics and smart cards-based authentication scheme for multi-server environments. In: Proceedings of the 10th International Conference on Ubiquitous Information Management and Communication. ACM (2016)
Jeon, W., Lee, Y., Won, D.: An efficient user authentication scheme with smart cards for wireless communications. Int. J. Secur. Appl. 7(4), 1–5 (2013)
Kyungho, S., DongGuk, H., Dongho, W.: A privacy-protecting authentication scheme for roaming services with smart cards. IEICE Trans. Commun. 95(5), 1819–1821 (2012)
Jung, J., et al.: Cryptanalysis and improvement of efficient password-based user authentication scheme using hash function. In: Proceedings of the 10th International Conference on Ubiquitous Information Management and Communication. ACM (2016)
Ford, W., Kaliski Jr., B.S.: Server-assisted generation of a strong secret from a password. In: Proceedings of the IEEE 9th International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises, (WET ICE 2000). IEEE (2000)
Jablon, D.P.: Password authentication using multiple servers. In: Naccache, D. (ed.) CT-RSA 2001. LNCS, vol. 2020, pp. 344–360. Springer, Heidelberg (2001)
Lin, I.-C., Hwang, M.-S., Li, L.-H.: A new remote user authentication scheme for multi-server architecture. Future Gener. Comput. Syst. 19(1), 13–22 (2003)
Hu, L., Niu, X., Yang, Y.: An efficient multi-server password authenticated key agreement scheme using smart cards. In: International Conference on Multimedia and Ubiquitous Engineering, MUE 2007. IEEE (2007)
Tsai, J.-L.: Efficient multi-server authentication scheme based on one-way hash function without verification table. Comput. Secur. 27(3), 115–121 (2008)
Liao, Y.-P., Wang, S.-S.: A secure dynamic ID based remote user authentication scheme for multi-server environment. Comput. Stand. Interfaces 31(1), 24–29 (2009)
Li, X., et al.: A novel smart card and dynamic ID based remote user authentication scheme for multi-server environments. Math. Comput. Model. 58(1), 85–95 (2013)
Xue, K., Hong, P., Ma, C.: A lightweight dynamic pseudonym identity based authentication and key agreement protocol without verification tables for multi-server architecture. J. Comput. Syst. Sci. 80(1), 195–206 (2014)
Lu, Y., et al.: A lightweight ID based authentication, key agreement protocol for multiserver architecture. Int. J. Distrib. Sens. Netw. 2015, 16 (2015)
Amin, R.: Cryptanalysis, efficient dynamic ID based remote user authentication scheme in multi-server environment using smart card. Int. J. Netw. Secur. 18(1), 172–181
Sood, S.K.: Dynamic identity based authentication protocol for two-server architecture. J. Inf. Secur. 3(04), 326 (2012)
Li, C.-T., Weng, C.Y., Fan, C.I.: Two-factor user authentication in multi-server networks. Int. J. Secur. Appl. 6(2), 261–267 (2012)
Kocher, P.C., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999)
Messerges, T.S., Dabbish, E.A., Sloan, R.H.: Examining smart-card security under the threat of power analysis attacks. IEEE Trans. Comput. 51(5), 541–552 (2002)
Acknowledgments
This work was supported by Institute for Information and communications Technology Promotion(IITP)grant funded by the Korea government(MSIP)(No.R0126-15-1111, The Development of Risk-based Authentication Access Control Platform and Compliance Technique for Cloud Security).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing Switzerland
About this paper
Cite this paper
Kang, D., Moon, J., Lee, D., Won, D. (2016). Cryptanalysis and Improvement User Authentication Scheme for Multi-server Environment. In: Gervasi, O., et al. Computational Science and Its Applications – ICCSA 2016. ICCSA 2016. Lecture Notes in Computer Science(), vol 9790. Springer, Cham. https://doi.org/10.1007/978-3-319-42092-9_8
Download citation
DOI: https://doi.org/10.1007/978-3-319-42092-9_8
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-42091-2
Online ISBN: 978-3-319-42092-9
eBook Packages: Computer ScienceComputer Science (R0)