Skip to main content
SpringerLink
Log in

Cryptanalysis and Improvement of a Robust Smart Card Authentication Scheme for Multi-server Architecture

  • Published:
Wireless Personal Communications Aims and scope Submit manuscript

Abstract

A multi-server authentication scheme enables a remote user to access the services provided by multiple servers after registering with the registration center. Recently, Pippal et al. (Wirel Pers Commun 2013, doi:10.1007/s11277-013-1039-6) introduced a robust smart card authentication scheme for multi-server architecture. They also illustrated that their scheme could be free from potential network attacks, and validated the scheme by using BAN logic. In this paper, by presenting concrete attacks, we demonstrate that Pippal et al.’s scheme can not withstand off-line password guessing attacks, impersonation attacks and privileged insider attacks. Furthermore, to overcome these attacks, we propose an improved authentication scheme for multi-server architecture using smart card and password. Security and efficiency analysis indicates that our scheme not only actually achieves intended security goals (e.g., two-factor authentication, perfect forward secrecy etc.), but also is efficient enough to be implemented for practical applications.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4

Similar content being viewed by others

References

  1. Lamport, L. (1981). Password authentication with insecure communication. Communications of the ACM, 24(11), 770–772.

    Article  MathSciNet  Google Scholar 

  2. Liao, E., Lee, C. C., & Hwang, M. S. (2006). A password authentication scheme over insecure networks. Journal of Computer and System Science, 72(4), 727–740.

    Article  MATH  MathSciNet  Google Scholar 

  3. Hwang, M., & Li, L. (2000). A new remote user authentication scheme using smart cards. IEEE Transactions on Consumer Electronics, 46(1), 28–30.

    Article  Google Scholar 

  4. Lee, N. Y., & Chiu, Y. C. (2005). Improved remote authentication scheme with smart card. Computer Standards & Interfaces, 27(2), 177–180.

    Article  Google Scholar 

  5. Xu, J., Zhu, W. T., & Feng, D. G. (2009). An improved smart card based password authentication scheme with provable security. Computer Standards & Interfaces, 31(4), 723–728.

    Article  Google Scholar 

  6. Wang, R. C., Juang, W. S., & Lei, C. L. (2011). Provably secure and efficient identification and key agreement protocol with user anonymity. Journal of Computer and System Sciences, 77(4), 790–798.

    Article  MATH  MathSciNet  Google Scholar 

  7. Chang, C. C., Le, H. D., & Chang, C. H. (2013). Novel untraceable authenticated key agreement protocol suitable for mobile communication. Wireless Personal Communications, 71(1), 425–437.

    Article  Google Scholar 

  8. Sood, S. K., Sarje, A. K., & Singh, K. (2011). A secure dynamic identity based authentication protocol for multi-server architecture. Journal of Network and Computer Applications, 34(2), 609–618.

    Article  Google Scholar 

  9. Hsiang, C., & Shih, W. K. (2009). Improvement of the secure dynamic ID based remote user authentication scheme for multi-server environment. Computer Standards & Interfaces, 31(6), 1118–1123.

    Article  Google Scholar 

  10. Li, X., Xiong, Y., Ma, J., & Wang, W. (2012). An efficient and security dynamic identity based authentication protocol for multi-server architecture using smart cards. Journal of Network and Computer Applications, 35(2), 763–769.

    Article  Google Scholar 

  11. Wang, B., & Ma, M. (2013). A smart card based efficient and secured multi-server authentication scheme. Wireless Personal Communications, 68(2), 361–378.

    Article  Google Scholar 

  12. He, D., & Wu, S. (2013). Security flaws in a smart card based authentication scheme for multi-server environment. Wireless Personal Communications, 70(1), 323–329.

    Article  Google Scholar 

  13. Pippal, R. S., Jaidhar, C. D., & Tapaswi, S. (2013). Robust smart card authentication scheme for multi-server architecture. Wireless Personal Communications. doi:10.1007/s11277-013-1039-6.

  14. Kocher, P., Jaffe, J., & Jun, B. (1999). Differential power analysis. In Proceedings of advances in cryptology (pp. 388–397).

  15. Messerges, T. S., Dabbish, E. A., & Sloan, R. H. (2002). Examining smart-card security under the threat of power analysis attacks. IEEE Transactions on Computers, 51(5), 541–552.

    Article  MathSciNet  Google Scholar 

  16. Lee, C. C., Lin, T. H., & Chang, R. X. (2011). A secure dynamic ID based remote user authentication scheme for multi-server environment using smart cards. Expert Systems with Applications, 38(11), 13863–13870.

    Google Scholar 

Download references

Acknowledgments

This research was supported by the National Basic Research Program of China under Grants 2012CB315905 and 2012CB315901.

Author information

Authors and Affiliations

  1. State Key Laboratory of Mathematical Engineering and Advanced Computing, Zhengzhou, 450002, Henan, China

    Jianghong Wei, Wenfen Liu & Xuexian Hu

Authors
  1. Jianghong Wei
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Wenfen Liu
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Xuexian Hu
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Jianghong Wei.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Wei, J., Liu, W. & Hu, X. Cryptanalysis and Improvement of a Robust Smart Card Authentication Scheme for Multi-server Architecture. Wireless Pers Commun 77, 2255–2269 (2014). https://doi.org/10.1007/s11277-014-1636-z

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11277-014-1636-z

Keywords

Search

Navigation