Skip to main content
SpringerLink
Log in

A secure mutual authenticated key agreement of user with multiple servers for critical systems

  • Published:
Multimedia Tools and Applications Aims and scope Submit manuscript

Abstract

Recent technological advances in almost all critical systems’ domains have led to an explosive growth of multimedia big data. Those advances encompass the ever increasing innovative digital and remote mobile devices being operated on the users’ end. Due to the openness of critical system, the service providers in such networks are facing security challenges to authenticate those mobile devices on the field, and delivering services. In this scenario, the Multi-server authentication (MSA) framework seems to be a promising solution that enables its subscribers to avail services from different servers without getting registered to each server individually. In last few years many MSA protocols depending on RC-Offline authentication during mutual authentication, have been presented. However, to date, there is no efficient MSA scheme to our knowledge that is free of all three weaknesses, simultaneously. That is, 1) free from storage of server-based parameters (public keys or other values) in smart card by registration authority, 2) free from the assumption of publishing of server-based public keys publicly and 3) free from a single secret sharing with all servers so that it could avoid server masquerading (insider) attack. Considering these limitations, we present a multi-server authentication protocol that withstands above drawbacks using lightweight cryptographic operations. The rationale of the proposed work was to present an efficient RC-Offline MSA scheme. Our scheme is also backed by formal security analysis based on GNY logic and automated security verification using ProVerif tool.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3

Similar content being viewed by others

References

  1. Abadi M, Blanchet B (2003) Computer-Assisted Verification of a Protocol for Certified Email. 10th International Symposium on Static Analysis (SAS’03), LNCS vol. 2694. p 316–335

  2. Alcaide A, Abdallah AE, Gonzalez-Tablas AI, de Fuentes JM (2011) L-PEP: A logic to reason about privacy-enhancing cryptography protocols. In Data privacy management and autonomous spontaneous security, lecture notes in computer science, vol. 6514. p 108–122

  3. Amin R, Islam SH, Biswas GP, Khan MK, Kumar N (2015) An efficient and practical smart card based anonymity preserving user authentication scheme for TMIS using elliptic curve cryptography. J Med Syst 39(11):1–18

    Google Scholar 

  4. Babak A, Esmael SP, Mohammad Hussein S (2014) Axiomatic agent based architecture for agile decision making in strategic information systems. J Ambient Intell Humaniz Comput 5:93–104

    Article  Google Scholar 

  5. Bellare M, Pointcheval D, Rogaway P (2000) Authenticated key exchange secure against dictionary attacks, advances in cryptology (EUROCRYPT 2000), 1807. Springer Verlag, New York, pp 139–155

    MATH  Google Scholar 

  6. Blanchet B, Cheval V, Allamigeon X, Smyth B (2017) ProVerif: Cryptographic protocol verifier in the formal model. http://prosecco.gforge.inria.fr/personal/bblanche/proverif/

  7. Burrows M, Abadi M, Needham R (1990) A logic of authentication. ACM Trans Comput Syst 8(1):18–36

    Article  MATH  Google Scholar 

  8. Cao X, Zhong S (2006) Breaking a remote user authentication scheme for multi-server architecture. IEEE Commun Lett 10(8):580–581

    Article  Google Scholar 

  9. Certicom Research Standard for efficient cryptography, SEC 1 (2000) EC Cryptography, Ver. 1.0

  10. Chang, C. C., & Lee, J. S. (2004, November). An efficient and secure multi-server password authentication scheme using smart cards. In: Proceedings of the third international conference on cyberworlds, p 417–422

  11. Chang CC, Wu TC (1991) Remote password authentication with smart cards. IEE Proc E: Comput Digit Tech 138:165–168

    Article  Google Scholar 

  12. Chang C-C, Cheng T-F, Hsueh W-Y (2014) A robust and efficient dynamic identity-based multi-server authentication scheme using smart cards. Int J Commun Syst 29(2):290–306

    Article  Google Scholar 

  13. Chaudhry SA (2015) A secure biometric based multi-server authentication scheme for social multimedia networks. Multimed Tools Appl 75:1–21. doi:10.1007/s11042-015-3194-0

    Google Scholar 

  14. Chaudhry SA, Farash MS, Naqvi H, Islam SH, Shon T, Sher M (2015) A robust and efficient privacy aware handover authentication scheme for wireless networks. Wirel Pers Commun. doi:10.1007/s11277-015-3139-y

  15. Chen C-T, Lee C-C (2015) A two-factor authentication scheme with anonymity for multiserver environments. Secur Commun Netw 8(8):1608–1625

    Article  Google Scholar 

  16. Chen CP, Zhang CY (2014) Data-intensive applications, challenges, techniques and technologies: a survey on big data. Inf Sci 275:314–347

    Article  Google Scholar 

  17. Chou JS, Chen Y, Huang CH, Huang YS (2012) Comments on four multi-server authentication protocols using smart card. IACR Cryptology ePrint Archive, 2012/406

  18. Chuang M, Chen M (2014) An anonymous multi-server authenticated key agreement scheme based on trust computing using smart cards and biometrics. Expert Syst Appl 41:1411–1418

    Article  Google Scholar 

  19. ElGamal T, (1985) A public key cryptosystem and a signature scheme based on discrete logarithms. IEEE Trans. Inf. Theory, 31(4):469–472

  20. Gong L, Needham R, Yahalom R (1990) Reasoning about belief in cryptographic protocols. In: Proceedings of research in security and privacy, IEEE Comp Soc Symp. 234–248 May 1990

  21. He DB (2011) Security flaws in a biometrics-based multi-server authentication with key agreement scheme. IACR Cryptology ePrint Archive, 2011/365

  22. He DB, Hu H (2012) Cryptanalysis of a smart card-based user authentication scheme for multi-server environments. IEICE Trans Commun E95–B(9):3052–3054

    Article  Google Scholar 

  23. Hsiang HC, Shih WK (2009) Improvement of the secure dynamic ID based remote user authentication scheme for multi-server environment. Comput Stand Interfaces 31(6):1118–1123

    Article  Google Scholar 

  24. Hsu CL (2004) Security of Chien et al.’s remote user authentication scheme using smart cards. Comput Stand Interfaces 26(3):167–169

    Article  Google Scholar 

  25. Hwang MS, Li LH (2000) A new remote user authenticationscheme using smart cards. IEEE Trans Consum Electron 46(1):28–30

    Article  Google Scholar 

  26. Irshad A, Sher M, Rehman E, Ashraf Ch S, Hassan MU, Ghani A (2013) A single round-trip SIP authentication scheme for voice over internet protocol using smart card. Multimed Tools Appl. doi:10.1007/s11042-013-1807-z

  27. Irshad A, Sher M, Faisal MS, Ghani A, Ul Hassan M, Ashraf Ch S (2014) A secure authentication scheme for session initiation protocol by using ECC on the basis of the tang and Liu scheme. Secur Commun Netw 7(8):1210–1218

    Article  Google Scholar 

  28. Irshad A, Sher M, Ch SA, Naqvi H, Farash MS (2016) An efficient and anonymous multi-server authenticated key agreement based on chaotic map without engaging registration Centre. J Supercomput 72:1–22

    Article  Google Scholar 

  29. Jiang P, Wen Q, Li W, Jin Z, Zhang H (2015) An anonymous and efficient remote biometrics user authentication scheme in a multi server environment. Front Comp Sci 9(1):142–156

    Article  MathSciNet  Google Scholar 

  30. Jin ATB, Ling DNC, Goh A (2004) Bio-hashing: two factor authentication featuring fingerprint data and tokenised random number. Pattern Recogn 37(11):2245–2255

    Article  Google Scholar 

  31. Juang WS (2004) Efficient multi-server password authenticated key agreement using smart cards. IEEE Trans Consum Electron 50(1):251–255

    Article  Google Scholar 

  32. Koblitz N (1987) Elliptic curve cryptosystems. Math Comput 48:203–209

    Article  MathSciNet  MATH  Google Scholar 

  33. Lamport L (1981) Password authentication with insecure communication. Commun ACM 24(11):770–772

    Article  MathSciNet  Google Scholar 

  34. Lee CC, Lin TH, Chang RX (2011) A secure dynamic ID based remote user authentication scheme for multi-server environment using smart cards. Expert Syst Appl 38(11):13863–13870

    Google Scholar 

  35. Lee YS, Kim E, Seok SJ, Jung MS (2012) A smart card-based user authentication scheme to ensure the PFS in multi-server environments. IEICE Trans Commun E95–B(2):619–622

    Article  Google Scholar 

  36. Li LH, Lin IC, Hwang MS (2001) A remote password authentication scheme for multiserver architecture using neural networks. IEEE Trans Neural Netw 12(6):1498–1504

    Article  Google Scholar 

  37. Li X, Xiong YP, Ma J, Wang WD (2012) An efficient and security dynamic identity based authentication protocol for multi-server architecture using smart cards. J Netw Comput Appl 35(2):763–769

    Article  Google Scholar 

  38. Li X, Niu J, Kumari S, Islam SH, Wu F, Khan MK, Das AK (2016) A novel chaotic maps-based user authentication and key agreement protocol for multi-server environments with provable security. Wirel Pers Commun 89:1–29

    Article  Google Scholar 

  39. Liao YP, Hsiao CM (2013) A novel multi-server remote user authentication scheme using self certified public keys for mobile clients. Futur Gener Comput Syst 29(3):886–900

    Article  Google Scholar 

  40. Liao YP, Wang SS (2009) A secure dynamic ID based remote user authentication scheme for multi-server environment. Comput Stand Interfaces 31(1):24–29

    Article  Google Scholar 

  41. Lin IC, Hwang MS, Li LH (2003) A new remote user authentication scheme for multi-server architecture. Futur Gener Comput Syst 1(19):13–22

    Article  MATH  Google Scholar 

  42. Lin H, Wen F, Du C (2015) An improved anonymous multi-server authenticated key agreement scheme using smart cards and biometrics. Wirel Pers Commun 84(4):2351–2362

    Article  Google Scholar 

  43. Lu Y et al (2015) Robust biometrics based authentication and key agreement scheme for multi-server environments using smart cards. PLoS One 10:e0126323

    Article  Google Scholar 

  44. Lumini A, Loris N (2007) An improved bio-hashing for human authentication. Pattern Recogn 40(3):1057–1065

    Article  MATH  Google Scholar 

  45. Menezes AJ, Oorschot PC, Vanstone SA (1997) Handbook of applied cryptograph. CRC Press, New York

    MATH  Google Scholar 

  46. Miller V (1986) Uses of elliptic curves in cryptography. In: Advances in Cryptology CRYPTO’85, Lecture Notes in Computer Science, vol. 218, Springer-Verlag, p 417–426

  47. Mishra D (2016) Design and analysis of a provably secure multi-server authentication scheme. Wirel Pers Commun 86(3):1095–1119

    Article  Google Scholar 

  48. Mishra D, Das A, Mukhopadhyay S (2014) A secure user anonymity-preserving biometric-based multi-server authenticated key agreement scheme using smart cards. Expert Syst Appl 41(18):8129–8143

    Article  Google Scholar 

  49. Moon J, Choi Y, Jung J, Won D (2015) An improvement of robust biometrics-based authentication and key agreement scheme for multi-server environments using smart cards. PLoS One 10(12):e0145263

    Article  Google Scholar 

  50. Nessett DM (1990) A critique of the burrows, Abadi, and Needham logic. Oper Syst Rev 24(2):35–38

    Article  Google Scholar 

  51. Pippal RS, Jaidhar CD, Tapaswi S (2013) Robust smart card authentication scheme for multi-server architecture. Wirel Pers Commun 72(1):729–745

    Article  Google Scholar 

  52. Rubin AD, Honeyman P (1994) Nonmonotonic cryptographic protocols. In Computer Security Foundations Workshop VII, 1994, IEEE 100–116 June 1994

  53. Shen H, Gao C, He D, Wu L (2015) New biometrics-based authentication scheme for multi-server environment in critical systems. J Ambient Intell Humaniz Comput 6(6):825–834

    Article  Google Scholar 

  54. Sood SK, Sarje AK, Singh K (2011) A secure dynamic identity based authentication protocol for multi-server architecture. J Netw Comput Appl 34(2):609–618

    Article  Google Scholar 

  55. Sutcu Y, Sencar HT, Memon N (2005) A secure biometric authentication scheme based on robust hashing. In Proceedings of the 7th workshop on Multimedia and security, ACM 111-116 August 2005

  56. Tsai JL (2008) Efficient multi-server authentication scheme based on one-way hash function without verification table. Comput Secur 27(3–4):115–121

    Article  Google Scholar 

  57. Tsai JL, Lo NW (2015) A chaotic map-based anonymous multi-server authenticated key agreement protocol using smart card. Int J Commun Syst 28(13):1955–1963

    Article  Google Scholar 

  58. Tsaur WJ, Wu CC, Lee WB (2004) A smart card-based remote scheme for password authentication in multi-server internet services. Comput Stand Interfaces 27(1):39–51

    Article  Google Scholar 

  59. Tsaur WJ, Wu CC, Lee WB (2005) An enhanced user authentication scheme for multi-server internet services. Appl Math Comput 170(1):258–266

    MathSciNet  MATH  Google Scholar 

  60. Wang C, Zhang X, Zheng Z (2016) Cryptanalysis and improvement of a biometric-based multi-server authentication and key agreement scheme. PLoS One 11(2):e0149173

    Article  Google Scholar 

  61. Xie Q, Hu B, Dong N, Wong DS (2014) Anonymous three-party password-authenticated key exchange scheme for telecare medical information systems. PLoS One 9(7):e102,747

    Article  Google Scholar 

  62. Yeh K-H (2014) A provably secure multi-server based authentication scheme. Wirel Pers Commun 79(3):1621–1634

    Article  Google Scholar 

  63. Yoon EJ, Young YK (2013) Robust biometrics-based multi-server authentication with key agreement scheme for smart cards on elliptic curve cryptosystem. J Supercomput 63(1):235–255

    Article  Google Scholar 

  64. Zhu H (2015) Flexible and password-authenticated key agreement scheme based on chaotic maps for multiple servers to server architecture. Wirel Pers Commun 82(3):1697–1718

    Article  Google Scholar 

Download references

Acknowledgements

This work was supported by the National Natural Science Foundation of China under Grant Nos. 61300220, and the Scientific Research Fund of Hunan Provincial Education Department under Grant No. 16B089.

Author information

Authors and Affiliations

  1. Department of Computer Science and Software Engineering, International Islamic University, Islamabad, Pakistan

    Azeem Irshad, Muhammad Sher & Shehzad Ashraf Chaudhry

  2. Chaudhary Charan Singh University, Meerut, Uttar Pradesh, 250004, India

    Saru Kumari

  3. School of Computing Science and Engineering, VIT University, Vellore, Tamil Nadu, India

    Arun Kumar Sangaiah

  4. Hunan University of Science and Technology, Xiangtan, China

    Xiong Li

  5. Xiamen Institute of Technology, Xiamen, China

    Fan Wu

Authors
  1. Azeem Irshad
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Muhammad Sher
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Shehzad Ashraf Chaudhry
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Saru Kumari
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Arun Kumar Sangaiah
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Xiong Li
    View author publications

    You can also search for this author in PubMed Google Scholar

  7. Fan Wu
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Saru Kumari.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Irshad, A., Sher, M., Chaudhry, S.A. et al. A secure mutual authenticated key agreement of user with multiple servers for critical systems. Multimed Tools Appl 77, 11067–11099 (2018). https://doi.org/10.1007/s11042-017-5078-y

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11042-017-5078-y

Keywords

Search

Navigation