Abstract
For authentication schemes based on smart card in multi-server environment, there is a common problem—the parameters stored in a user’s smart card linearly increase with the number of the registered servers without involving registration center in helping with authentication process. Therefore, in order to save storage cost and raise efficiency, an authentication scheme based on smart card is proposed in multi-server environment. In the proposed scheme, a user only needs one time registration, and keeps a password to realize the authentication with different servers without involving the registration center in helping with authentication process. The server is unnecessary to store any users information to achieve authentication between the users and the server. Moreover, the security of the proposed scheme is proved by Burrows–Abadi–Needham logic. The security analysis and the performance analysis show the proposed scheme is secured against various well known attacks, and has lower communication cost, computation cost and storage cost compared with several related schemes.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
He, D., & Wang, D. (2015). Robust biometrics-based authentication scheme for multiserver environment. IEEE Systems Journal, 9(3), 816–823.
Odelu, V., Das, A. K., & Goswami, A. (2015). A secure biometrics-based multi-server authentication protocol using smart cards. IEEE Transactions on Information Forensics and Security, 10(9), 1953–1966.
Shen, H., Gao, C. Z., He, D. D., & Wu, L. B. (2015). New biometrics-based authentication scheme for multi-server environment in critical systems. Journal of Ambient Intelligence and Humanized Computing, 6(6), 825–834.
Li, X., Wang, K., & Shen, J. (2016). An enhanced biometrics-based user authentication scheme for multi-server environments in critical systems. Journal of Ambient Intelligence and Humanized Computing, 7(3), 427–443.
Chang, C. C., Hsueh, W. Y., & Cheng, T. F. (2016). An advanced anonymous and biometrics-based multi-server authentication scheme using smart cards. International Journal of Network Security, 18(6), 1010–1021.
Kumari, S., Li, X., Wu, F., Das, A. K., Choo, K. K. R., & Shen, J. (2017). Design of a provably secure biometrics-based multi-cloud-server authentication scheme. Future Generation Computer Systems, 68, 320–330.
Quan, C., Lee, H., Kang, D., Kim, J., Cho, S., & Won, D. (2017). Cryptanalysis and improvement of an advanced anonymous and biometrics-based multi-server authentication scheme using smart cards. In Proceeding of international conference on applied human factors and ergonomics (pp. 62–71).
Feng, Q., He, D., Zeadally, S., & Wang, H. (2018). An anonymous biometrics-based authentication scheme with key distribution for mobile multi-server environment. Future Generation Computer Systems, 84, 239–251.
Wang, B., & Ma, M. (2013). A smart card based efficient and secured multi-server authentication scheme. Wireless Personal Communications, 68(2), 361–378.
Pippal, R. S., Jaidhar, C. D., & Tapaswi, S. (2013). Robust smart card authentication scheme for multi-server architecture. Wireless Personal Communications, 72(1), 729–745.
Guo, D., & Wen, F. (2014). Analysis and improvement of a robust smart card based-authentication scheme for multi-server architecture. Wireless Personal Communications, 78(1), 475–490.
Chuang, M. C., & Chen, M. C. (2014). An anonymous multi-server authenticated key agreement scheme based on trust computing using smart cards and biometrics. Expert Systems with Applications, 41(4), 1411–1418.
Lin, H., Wen, F., & Du, C. (2015). An improved anonymous multi-server authenticated key agreement scheme using smart cards and biometrics. Wireless Personal Communications, 84(4), 2351–2362.
Wan, T., Liu, Z. X., & Ma, J. F. (2016). Authentication and key agreement protocol for multi-server. Architecture, 53(11), 2446–2453.
Nimmy, K. (2016). Novel multi-server authentication protocol using secret sharing. In Proceeding of international conference on data mining and advanced computing (SAPIENCE) (pp. 214–219).
Reddy, A. G., Das, A. K., & Odelu, V. (2016). An enhanced biometric based authentication with key-agreement protocol for multi-server architecture based on elliptic curve cryp tography. PLoS ONE, 11(5), e0154308.
Sarvabhatla, M., Reddy, M. C. M., Narayana, K. L., et al. (2016). A robust user anonymity preserving biometric based multi-server authenticated key agreement scheme. In M. Senthilkumar, V. Ramasamy, S. Sheen, C. Veeramani, A. Bonato, L. Batten (Eds.), Computational intelligence, cyber security and computational models. Advances in intelligent systems and computing, vol 412 (pp. 325–333). Singapore: Springer.
Chaturvedi, A., Das, A. K., & Mishra, D. (2016). Design of a secure smart card-based multi-server authentication scheme. Journal of Information Security and Applications, 30, 64–80.
Gu, Y., & Li, S. (2018). Cryptanalysis and improvement of a biometrics-based multi-server authentication protocol. In Proceeding of international conference on computing, networking and communications (pp. 16–20).
Wang, M., & Wang, X. M. (2016). Multi-server anonymous authentication scheme based on smart card. Computer Engineering, 42(5), 156–162.
Wang, C., Xu, G., & Li, W. (2018). A secure and anonymous two-factor authentication protocol in multiserver environment. Security and Communication Networks, 2018(1), 1–15.
Chaturvedi, A., Mishra, D., Jangirala, S., & Mukhopadhyay, S. (2017). A privacy preserving biometric-based three factor remote user authenticated key agreement scheme. Journal of Information Security and Applications, 32, 15–26.
Bae, W. I., & Kwak, J. (2017). Smart card-based secure authentication protocol in multi-server IoT environment. Multimedia Tools and Applications, 2017, 1–19.
Amin, R., Islam, S. K., Obaidat, M. S., Biswas, G. P., & Hsiao, K. F. (2017). An anonymous and robust multi-server authentication protocol using multiple registration servers. International Journal of Communication Systems, 30(18), 1–14.
Kumar, A., & Om, H. (2018). An improved and secure multi-server authentication scheme based on biometrics and smartcard. Digital Communications and Networks, 4(1), 27–38.
Jo, H. J., Paik, J. H., & Lee, D. H. (2014). Efficient privacy-preserving authentication in wireless mobile networks. IEEE Transactions on Mobile Computing, 13(7), 1469–1481.
Burrows, M., Abadi, M., & Needham, R. M. (1989). A logic of authentication. Proceedings of the Royal Society of London A: Mathematical, Physical and Engineering Sciences. The Royal Society, 426(1871), 233–271.
Acknowledgements
This work was supported in part by National Science Foundation of China under Grant (61070164, 61272415), and supported by the Zhuhai Top Discipline-Information Security.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Zhou, S., Gan, Q. & Wang, X. Authentication scheme based on smart card in multi-server environment. Wireless Netw 26, 855–863 (2020). https://doi.org/10.1007/s11276-018-1828-7
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11276-018-1828-7