Abstract
Recent technological advances in almost all critical systems’ domains have led to an explosive growth of multimedia big data. Those advances encompass the ever increasing innovative digital and remote mobile devices being operated on the users’ end. Due to the openness of critical system, the service providers in such networks are facing security challenges to authenticate those mobile devices on the field, and delivering services. In this scenario, the Multi-server authentication (MSA) framework seems to be a promising solution that enables its subscribers to avail services from different servers without getting registered to each server individually. In last few years many MSA protocols depending on RC-Offline authentication during mutual authentication, have been presented. However, to date, there is no efficient MSA scheme to our knowledge that is free of all three weaknesses, simultaneously. That is, 1) free from storage of server-based parameters (public keys or other values) in smart card by registration authority, 2) free from the assumption of publishing of server-based public keys publicly and 3) free from a single secret sharing with all servers so that it could avoid server masquerading (insider) attack. Considering these limitations, we present a multi-server authentication protocol that withstands above drawbacks using lightweight cryptographic operations. The rationale of the proposed work was to present an efficient RC-Offline MSA scheme. Our scheme is also backed by formal security analysis based on GNY logic and automated security verification using ProVerif tool.
Similar content being viewed by others
References
Abadi M, Blanchet B (2003) Computer-Assisted Verification of a Protocol for Certified Email. 10th International Symposium on Static Analysis (SAS’03), LNCS vol. 2694. p 316–335
Alcaide A, Abdallah AE, Gonzalez-Tablas AI, de Fuentes JM (2011) L-PEP: A logic to reason about privacy-enhancing cryptography protocols. In Data privacy management and autonomous spontaneous security, lecture notes in computer science, vol. 6514. p 108–122
Amin R, Islam SH, Biswas GP, Khan MK, Kumar N (2015) An efficient and practical smart card based anonymity preserving user authentication scheme for TMIS using elliptic curve cryptography. J Med Syst 39(11):1–18
Babak A, Esmael SP, Mohammad Hussein S (2014) Axiomatic agent based architecture for agile decision making in strategic information systems. J Ambient Intell Humaniz Comput 5:93–104
Bellare M, Pointcheval D, Rogaway P (2000) Authenticated key exchange secure against dictionary attacks, advances in cryptology (EUROCRYPT 2000), 1807. Springer Verlag, New York, pp 139–155
Blanchet B, Cheval V, Allamigeon X, Smyth B (2017) ProVerif: Cryptographic protocol verifier in the formal model. http://prosecco.gforge.inria.fr/personal/bblanche/proverif/
Burrows M, Abadi M, Needham R (1990) A logic of authentication. ACM Trans Comput Syst 8(1):18–36
Cao X, Zhong S (2006) Breaking a remote user authentication scheme for multi-server architecture. IEEE Commun Lett 10(8):580–581
Certicom Research Standard for efficient cryptography, SEC 1 (2000) EC Cryptography, Ver. 1.0
Chang, C. C., & Lee, J. S. (2004, November). An efficient and secure multi-server password authentication scheme using smart cards. In: Proceedings of the third international conference on cyberworlds, p 417–422
Chang CC, Wu TC (1991) Remote password authentication with smart cards. IEE Proc E: Comput Digit Tech 138:165–168
Chang C-C, Cheng T-F, Hsueh W-Y (2014) A robust and efficient dynamic identity-based multi-server authentication scheme using smart cards. Int J Commun Syst 29(2):290–306
Chaudhry SA (2015) A secure biometric based multi-server authentication scheme for social multimedia networks. Multimed Tools Appl 75:1–21. doi:10.1007/s11042-015-3194-0
Chaudhry SA, Farash MS, Naqvi H, Islam SH, Shon T, Sher M (2015) A robust and efficient privacy aware handover authentication scheme for wireless networks. Wirel Pers Commun. doi:10.1007/s11277-015-3139-y
Chen C-T, Lee C-C (2015) A two-factor authentication scheme with anonymity for multiserver environments. Secur Commun Netw 8(8):1608–1625
Chen CP, Zhang CY (2014) Data-intensive applications, challenges, techniques and technologies: a survey on big data. Inf Sci 275:314–347
Chou JS, Chen Y, Huang CH, Huang YS (2012) Comments on four multi-server authentication protocols using smart card. IACR Cryptology ePrint Archive, 2012/406
Chuang M, Chen M (2014) An anonymous multi-server authenticated key agreement scheme based on trust computing using smart cards and biometrics. Expert Syst Appl 41:1411–1418
ElGamal T, (1985) A public key cryptosystem and a signature scheme based on discrete logarithms. IEEE Trans. Inf. Theory, 31(4):469–472
Gong L, Needham R, Yahalom R (1990) Reasoning about belief in cryptographic protocols. In: Proceedings of research in security and privacy, IEEE Comp Soc Symp. 234–248 May 1990
He DB (2011) Security flaws in a biometrics-based multi-server authentication with key agreement scheme. IACR Cryptology ePrint Archive, 2011/365
He DB, Hu H (2012) Cryptanalysis of a smart card-based user authentication scheme for multi-server environments. IEICE Trans Commun E95–B(9):3052–3054
Hsiang HC, Shih WK (2009) Improvement of the secure dynamic ID based remote user authentication scheme for multi-server environment. Comput Stand Interfaces 31(6):1118–1123
Hsu CL (2004) Security of Chien et al.’s remote user authentication scheme using smart cards. Comput Stand Interfaces 26(3):167–169
Hwang MS, Li LH (2000) A new remote user authenticationscheme using smart cards. IEEE Trans Consum Electron 46(1):28–30
Irshad A, Sher M, Rehman E, Ashraf Ch S, Hassan MU, Ghani A (2013) A single round-trip SIP authentication scheme for voice over internet protocol using smart card. Multimed Tools Appl. doi:10.1007/s11042-013-1807-z
Irshad A, Sher M, Faisal MS, Ghani A, Ul Hassan M, Ashraf Ch S (2014) A secure authentication scheme for session initiation protocol by using ECC on the basis of the tang and Liu scheme. Secur Commun Netw 7(8):1210–1218
Irshad A, Sher M, Ch SA, Naqvi H, Farash MS (2016) An efficient and anonymous multi-server authenticated key agreement based on chaotic map without engaging registration Centre. J Supercomput 72:1–22
Jiang P, Wen Q, Li W, Jin Z, Zhang H (2015) An anonymous and efficient remote biometrics user authentication scheme in a multi server environment. Front Comp Sci 9(1):142–156
Jin ATB, Ling DNC, Goh A (2004) Bio-hashing: two factor authentication featuring fingerprint data and tokenised random number. Pattern Recogn 37(11):2245–2255
Juang WS (2004) Efficient multi-server password authenticated key agreement using smart cards. IEEE Trans Consum Electron 50(1):251–255
Koblitz N (1987) Elliptic curve cryptosystems. Math Comput 48:203–209
Lamport L (1981) Password authentication with insecure communication. Commun ACM 24(11):770–772
Lee CC, Lin TH, Chang RX (2011) A secure dynamic ID based remote user authentication scheme for multi-server environment using smart cards. Expert Syst Appl 38(11):13863–13870
Lee YS, Kim E, Seok SJ, Jung MS (2012) A smart card-based user authentication scheme to ensure the PFS in multi-server environments. IEICE Trans Commun E95–B(2):619–622
Li LH, Lin IC, Hwang MS (2001) A remote password authentication scheme for multiserver architecture using neural networks. IEEE Trans Neural Netw 12(6):1498–1504
Li X, Xiong YP, Ma J, Wang WD (2012) An efficient and security dynamic identity based authentication protocol for multi-server architecture using smart cards. J Netw Comput Appl 35(2):763–769
Li X, Niu J, Kumari S, Islam SH, Wu F, Khan MK, Das AK (2016) A novel chaotic maps-based user authentication and key agreement protocol for multi-server environments with provable security. Wirel Pers Commun 89:1–29
Liao YP, Hsiao CM (2013) A novel multi-server remote user authentication scheme using self certified public keys for mobile clients. Futur Gener Comput Syst 29(3):886–900
Liao YP, Wang SS (2009) A secure dynamic ID based remote user authentication scheme for multi-server environment. Comput Stand Interfaces 31(1):24–29
Lin IC, Hwang MS, Li LH (2003) A new remote user authentication scheme for multi-server architecture. Futur Gener Comput Syst 1(19):13–22
Lin H, Wen F, Du C (2015) An improved anonymous multi-server authenticated key agreement scheme using smart cards and biometrics. Wirel Pers Commun 84(4):2351–2362
Lu Y et al (2015) Robust biometrics based authentication and key agreement scheme for multi-server environments using smart cards. PLoS One 10:e0126323
Lumini A, Loris N (2007) An improved bio-hashing for human authentication. Pattern Recogn 40(3):1057–1065
Menezes AJ, Oorschot PC, Vanstone SA (1997) Handbook of applied cryptograph. CRC Press, New York
Miller V (1986) Uses of elliptic curves in cryptography. In: Advances in Cryptology CRYPTO’85, Lecture Notes in Computer Science, vol. 218, Springer-Verlag, p 417–426
Mishra D (2016) Design and analysis of a provably secure multi-server authentication scheme. Wirel Pers Commun 86(3):1095–1119
Mishra D, Das A, Mukhopadhyay S (2014) A secure user anonymity-preserving biometric-based multi-server authenticated key agreement scheme using smart cards. Expert Syst Appl 41(18):8129–8143
Moon J, Choi Y, Jung J, Won D (2015) An improvement of robust biometrics-based authentication and key agreement scheme for multi-server environments using smart cards. PLoS One 10(12):e0145263
Nessett DM (1990) A critique of the burrows, Abadi, and Needham logic. Oper Syst Rev 24(2):35–38
Pippal RS, Jaidhar CD, Tapaswi S (2013) Robust smart card authentication scheme for multi-server architecture. Wirel Pers Commun 72(1):729–745
Rubin AD, Honeyman P (1994) Nonmonotonic cryptographic protocols. In Computer Security Foundations Workshop VII, 1994, IEEE 100–116 June 1994
Shen H, Gao C, He D, Wu L (2015) New biometrics-based authentication scheme for multi-server environment in critical systems. J Ambient Intell Humaniz Comput 6(6):825–834
Sood SK, Sarje AK, Singh K (2011) A secure dynamic identity based authentication protocol for multi-server architecture. J Netw Comput Appl 34(2):609–618
Sutcu Y, Sencar HT, Memon N (2005) A secure biometric authentication scheme based on robust hashing. In Proceedings of the 7th workshop on Multimedia and security, ACM 111-116 August 2005
Tsai JL (2008) Efficient multi-server authentication scheme based on one-way hash function without verification table. Comput Secur 27(3–4):115–121
Tsai JL, Lo NW (2015) A chaotic map-based anonymous multi-server authenticated key agreement protocol using smart card. Int J Commun Syst 28(13):1955–1963
Tsaur WJ, Wu CC, Lee WB (2004) A smart card-based remote scheme for password authentication in multi-server internet services. Comput Stand Interfaces 27(1):39–51
Tsaur WJ, Wu CC, Lee WB (2005) An enhanced user authentication scheme for multi-server internet services. Appl Math Comput 170(1):258–266
Wang C, Zhang X, Zheng Z (2016) Cryptanalysis and improvement of a biometric-based multi-server authentication and key agreement scheme. PLoS One 11(2):e0149173
Xie Q, Hu B, Dong N, Wong DS (2014) Anonymous three-party password-authenticated key exchange scheme for telecare medical information systems. PLoS One 9(7):e102,747
Yeh K-H (2014) A provably secure multi-server based authentication scheme. Wirel Pers Commun 79(3):1621–1634
Yoon EJ, Young YK (2013) Robust biometrics-based multi-server authentication with key agreement scheme for smart cards on elliptic curve cryptosystem. J Supercomput 63(1):235–255
Zhu H (2015) Flexible and password-authenticated key agreement scheme based on chaotic maps for multiple servers to server architecture. Wirel Pers Commun 82(3):1697–1718
Acknowledgements
This work was supported by the National Natural Science Foundation of China under Grant Nos. 61300220, and the Scientific Research Fund of Hunan Provincial Education Department under Grant No. 16B089.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Irshad, A., Sher, M., Chaudhry, S.A. et al. A secure mutual authenticated key agreement of user with multiple servers for critical systems. Multimed Tools Appl 77, 11067–11099 (2018). https://doi.org/10.1007/s11042-017-5078-y
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11042-017-5078-y