Skip to main content
SpringerLink
Log in

Towards secure and efficient user authentication scheme using smart card for multi-server environments

  • Published:
The Journal of Supercomputing Aims and scope Submit manuscript

Abstract

Two user authentication schemes for multi-server environments have been proposed by Tsai and Wang et al., respectively. However, there are some flaws existing in both schemes. Therefore, a new scheme for improving these drawbacks is proposed in this paper. The proposed scheme has the following benefits: (1) it complies with all the requirements for multi-server environments; (2) it can withstand all the well-known attacks at the present time; (3) it is equipped with a more secure key agreement procedure; and (4) it is quite efficient in terms of the cost of computation and transmission. In addition, the analysis and comparisons show that the proposed scheme outperforms the other related schemes in various aspects.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3

Similar content being viewed by others

References

  1. Burrows M, Abadi M, Needham R (1990) A logic of authentication. ACM Trans Comput Syst 8(1):18–36

    Article  Google Scholar 

  2. Chang CC, Kuo JY (2005) An efficient multi-server password authenticated key agreement scheme using smart cards with access control. In: 19th IEEE int conf advanced information networking and applications (AINA2005), Taipei, Taiwan, March 2005, vol 2, pp 257–260

    Google Scholar 

  3. Chien HY, Jan JK, Tseng YM (2002) An efficient and practical solution to remote authentication: smart card. Comput Secur 21(4):372–375

    Article  Google Scholar 

  4. He D (2012) An efficient remote user authentication and key exchange protocol for mobile client-server environment from pairings. Ad Hoc Netw 10(6):1009–1016

    Article  Google Scholar 

  5. He D, Chen J, Hu J (2012) An ID-based client authentication with key agreement protocol for mobile client-server environment on ECC with provable security. Inf Fusion 13(3):223–230

    Article  Google Scholar 

  6. He D, Chen J, Hu J (2012) Improvement on a smart card based password authentication scheme. J Internet Technol 13(3):405–410

    Google Scholar 

  7. He D, Chen J, Zhang R (2012) A more secure authentication scheme for telecare medicine information systems. J Med Syst 36(3):1989–1995

    Article  Google Scholar 

  8. Hsiang HC, Shih WK (2009) Improvement of the secure dynamic ID based remote user authentication scheme for multi-server environment. Comput Stand Interfaces 31(6):1118–1123

    Article  Google Scholar 

  9. Hwang MS, Li LH (2000) A new remote user authentication scheme using smart cards. IEEE Trans Consum Electron 46(1):28–30

    Article  Google Scholar 

  10. Hwang RJ, Shiau SH (2007) Provably efficient authenticated key agreement protocol for multi-servers. Comput J 50(5):602–615

    Article  Google Scholar 

  11. Hwang MS, Lee CC, Tang YL (2002) A simple remote user authentication scheme. Math Comput Model 36(1):103–107

    Article  MathSciNet  MATH  Google Scholar 

  12. Juang WS (2004) Efficient multi-server password authenticated key agreement using smart cards. IEEE Trans Consum Electron 50(1):251–255

    Article  Google Scholar 

  13. Kim S, Lim S, Won D (2002) Cryptanalysis of flexible remote password authentication scheme of ICN01. Electron Lett 38(24):1519–1520

    Article  Google Scholar 

  14. Kim HS, Lee SW, Yoo KY (2003) ID-based password authentication scheme using smart cards and fingerprints. Oper Syst Rev 37(4):32–41

    Article  MathSciNet  Google Scholar 

  15. Ku WC (2005) Weaknesses and drawbacks of a password authentication scheme using neural networks for multiserver architecture. IEEE Trans Neural Netw 16(4):1002–1005

    Article  MathSciNet  Google Scholar 

  16. Ku WC, Chang ST, Chiang MH (2005) Weaknesses of a remote user authentication scheme using smart cards for multi-server architecture. IEICE Trans Commun E88-B(8):3451–3454

    Article  Google Scholar 

  17. Ku WC, Chuang HM, Chiang MH (2005) Cryptanalysis of a multi-server password authenticated key agreement scheme using smart cards. IEICE Trans Fundam Electron Commun Comput Sci E88-A(11):3235–3238

    Article  Google Scholar 

  18. Lamport L (1981) Password authentication with insecure communication. Commun ACM 24:77–772

    Google Scholar 

  19. Lee CC (2009) On security of an efficient nonce-based authentication scheme for SIP. Int J Netw Secur 9(3):201–203

    Google Scholar 

  20. Lee WB, Chang CC (2000) User identification and key distribution maintaining anonymity for distributed computer network. Comput Syst Sci Eng 15(4):211–214

    MathSciNet  Google Scholar 

  21. Lee CC, Hwang MS, Yang WP (2002) A flexible remote user authentication scheme using smart cards. Oper Syst Rev 36(3):46–52

    Article  Google Scholar 

  22. Lee JK, Ryu SR, Yoo KY (2002) Fingerprint-based remote user authentication scheme using smart cards. Electron Lett 38(12):554–555

    Article  Google Scholar 

  23. Lee CC, Chung PS, Hwang MS (2013) A survey on attribute-based encryption schemes of access control in cloud environments. Int J Netw Secur 15(4):231–240

    Google Scholar 

  24. Li LH, Lin IC, Hwang MS (2001) A remote password authentication scheme for multi-server architecture using neural networks. IEEE Trans Neural Netw 12(6):1498–1504

    Article  Google Scholar 

  25. Liao YP, Wang SS (2009) A secure dynamic ID based remote user authentication scheme for multi-server environment. Comput Stand Interfaces 31(1):24–29

    Article  Google Scholar 

  26. Lin IC (2008) A neural network system for authenticating remote users in multi-server architecture. Int J Commun Syst 21:435–445

    Article  Google Scholar 

  27. Lin CH, Lai YY (2004) A flexible biometrics remote user authentication scheme. Comput Stand Interfaces 27(1):19–23

    Article  Google Scholar 

  28. Lin IC, Hwang MS, Li LH (2003) A new remote user authentication scheme for multi-server architecture. Future Gener Comput Syst 19:13–22

    Article  MATH  Google Scholar 

  29. Liu Y, Gao W, Yao H, Yu X (2007) Elliptic curve cryptography based wireless authentication protocol. Int J Netw Secur 5(3):327–337

    Google Scholar 

  30. Sun HM (2000) An efficient remote user authentication scheme using smart cards. IEEE Trans Consum Electron 46(4):958–961

    Article  Google Scholar 

  31. Tsai JL (2008) Efficient multi-server authentication scheme based on one-way hash function without verification table. Comput Secur 27:115–121

    Article  Google Scholar 

  32. Tsai CS, Lee CC, Hwang MS (2006) Password authentication schemes: current status and key issues. Int J Netw Secur 3(2):101–115

    Google Scholar 

  33. Tsaur WJ (2001) A flexible user authentication scheme for multi-server Internet services. In: Networking-ICN. LNCS, vol 2093. Springer, Berlin, pp 174–183

    Google Scholar 

  34. Tsaur WJ, Wu CC, Lee WB (2004) A smart card-based remote scheme for password authentication in multi-server Internet services. Comput Stand Interfaces 27:39–51

    Article  Google Scholar 

  35. Tsaur WJ, Wu CC, Lee WB (2005) An enhanced user authentication scheme for multi-server Internet services. Appl Math Comput 170:258–266

    Article  MathSciNet  MATH  Google Scholar 

  36. Tseng YM, Wu TY, Wu JD (2008) A pairing-based user authentication scheme for wireless clients with smart cards. Informatica 19(2):285–302

    Google Scholar 

  37. Wang S, Cao Z, Bao H (2008) Efficient certificateless authentication and key agreement (CL-AK) for grid computing. Int J Netw Secur 7(3):342–347

    Google Scholar 

  38. Wang RC, Juang WS, Lei CL (2009) User authentication scheme with privacy-preservation for multi-server environment. IEEE Commun Lett 13(2):157–159

    Article  MATH  Google Scholar 

  39. Yang SP, Li X (2007) Defect in protocol analysis with BAN logic on man-in-the-middle attacks. Appl Res Comput 24(3):149–151

    Google Scholar 

Download references

Acknowledgements

This research was partially supported by the National Science Council, Taiwan, R.O.C., under contract no.: NSC101-2221-E-030-018 and NSC101-2221-E-164-017.

Author information

Authors and Affiliations

  1. National Tainan Institute of Nursing, 78, Sect. 2, Minzu Rd., Tainan City, 700, Taiwan, ROC

    Te-Yu Chen

  2. Department of Library and Information Science, Fu Jen Catholic University, No. 510, Zhongzheng Rd., Xinzhuang Dist., New Taipei City, 24205, Taiwan, ROC

    Cheng-Chi Lee

  3. Department of Photonics & Communication Engineering, Asia University, 500 Lioufeng Road, Taichung, 41354, Taiwan, ROC

    Cheng-Chi Lee

  4. Department of Computer Science and Information Engineering, Asia University, 500 Liufeng Road, Wufeng, Taichung, 402, Taiwan, ROC

    Min-Shiang Hwang

  5. Department of Computer Science and Engineering, National Chung Hsing University, 250 Kuo Kuang Road, Taichung, 402, Taiwan, ROC

    Jinn-Ke Jan

Authors
  1. Te-Yu Chen
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Cheng-Chi Lee
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Min-Shiang Hwang
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Jinn-Ke Jan
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Cheng-Chi Lee.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Chen, TY., Lee, CC., Hwang, MS. et al. Towards secure and efficient user authentication scheme using smart card for multi-server environments. J Supercomput 66, 1008–1032 (2013). https://doi.org/10.1007/s11227-013-0966-z

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11227-013-0966-z

Keywords

Search

Navigation