Abstract
Clint–server based communication mechanism provides climbable environment for online services, where a user can obtain several services at any time and from anywhere via Internet. As Internet is an insecure communication medium, to achieve security and accountability in data transmission, authentication and key agreement protocols are being adopted. Majority of the existing protocols for mutual authentication are designed for single-server environment, which do not present scalable solution for multi-server environment as multiple registrations are required to perform by the user. Additionally, user must maintain multiple secret keys to access multiple application servers. On the contrary, multi-server authentication (MSA) mechanism presents a user-friendly solution to multiple-registration problem. Unfortunately, many MAS schemes consider trusted server environment, whereas some server may be semi-trusted. To address this issue, Kalra and Sood recently proposed MAS scheme, where all servers need not be entrusted. Kalra and Sood’s scheme is feasible for semi-trusted environment. By seeing its importance, we have thoroughly analyzed its security. Unfortunately, we have identified some security flaws in their scheme. Our aim is to overcome the flaws of Kalra and Sood’s scheme, and present privacy protected mutual authentication mechanism for multi-server communication. In this paper, we first pointed out the security failures of Kalra and Sood’s scheme and then proposed an improved MSA scheme to fix those vulnerabilities of existing MSA schemes. Our design is suitable for semi-trusted environment and protects anonymity. Moreover, the performance of the proposed protocol is comparable with the existing protocols.
Similar content being viewed by others
References
Alomari, A. (2015). Mutual authentication and updating the authentication key in manets. Wireless Personal Communications, 81(3), 1031–1043.
Kawada, E. (2002). Authentication services in mobile networks. Wireless Personal Communications, 22(2), 237–243.
Ojanperä, T., & Mononen, R. (2002). Security and authentication in the mobile world. Wireless Personal Communications, 22(2), 229–235.
Vorugunti, C. S., Mishra, B., Amin, R., Badoni, R. P., Sarvabhatla, M., & Mishra, D. (2017). Improving security of lightweight authentication technique for heterogeneous wireless sensor networks. Wireless Personal Communications, 95(3), 3141–3166.
Mishra, D., Das, A. K., Mukhopadhyay, S., & Wazid, M. (2016). A secure and robust smartcard-based authentication scheme for session initiation protocol using elliptic curve cryptography. Wireless Personal Communications, 91(3), 1361–1391.
Lamport, L. (1981). Password authentication with insecure communication. Communications of the ACM, 24(11), 770–772.
Mishra,D., & Mukhopadhyay, S. (2013). Cryptanalysis of pairing-free identity-based authenticated key agreement protocols. In Information systems security (pp. 247–254). Springer.
Mishra, D., Chaturvedi, A., & Mukhopadhyay, S. (2015). Design of a lightweight two-factor authentication scheme with smart card revocation. Journal of Information Security and Applications, 23, 44–53.
Li, L.-H., Lin, L.-C., & Hwang, M.-S. (2001). A remote password authentication scheme for multiserver architecture using neural networks. IEEE Transactions on Neural Networks, 12(6), 1498–1504.
Lin, I.-C., Hwang, M.-S., & Li, L.-H. (2003). A new remote user authentication scheme for multi-server architecture. Future Generation Computer Systems, 19(1), 13–22.
Juang, W.-S. (2004). Efficient multi-server password authenticated key agreement using smart cards. IEEE Transactions on Consumer Electronics, 50(1), 251–255.
Chang, C.-C., & Lee, J.-S. (2004). An efficient and secure multi-server password authentication scheme using smart cards. In 2004 international conference on cyberworlds (pp. 417–422). IEEE.
Tsai, J.-L. (2008). Efficient multi-server authentication scheme based on one-way hash function without verification table. Computers and Security, 27(3), 115–121.
Tsaur, W.-J., Li, J.-H., & Lee, W.-B. (2012). An efficient and secure multi-server authentication scheme with key agreement. Journal of Systems and Software, 85(4), 876–882.
Liao, Y.-P., & Wang, S.-S. (2009). A secure dynamic id based remote user authentication scheme for multi-server environment. Computer Standards and Interfaces, 31(1), 24–29.
Hsiang, H.-C., & Shih, W.-K. (2009). Improvement of the secure dynamic id based remote user authentication scheme for multi-server environment. Computer Standards and Interfaces, 31(6), 1118–1123.
Sood, S. K., Sarje, A. K., & Singh, K. (2011). A secure dynamic identity based authentication protocol for multi-server architecture. Journal of Network and Computer Applications, 34(2), 609–618.
Li, X., Xiong, Y., Ma, J., & Wang, W. (2012). An efficient and security dynamic identity based authentication protocol for multi-server architecture using smart cards. Journal of Network and Computer Applications, 35(2), 763–769.
Xue, K., Hong, P., & Ma, C. (2014). A lightweight dynamic pseudonym identity based authentication and key agreement protocol without verification tables for multi-server architecture. Journal of Computer and System Sciences, 80(1), 195–206.
Lu, Y., Li, L., Peng, H., Yang, X., & Yang, Y. (2015). A lightweight id based authentication and key agreement protocol for multiserver architecture. International Journal of Distributed Sensor Networks, 2015, 1–16.
Kalra, S., & Sood, S. (2013). Advanced remote user authentication protocol for multi-server architecture based on ecc. Journal of Information Security and Applications, 18(2), 98–107.
He, D., Kumar, N., Chen, J., Lee, C.-C., Chilamkurti, N., & Yeo, S.-S. (2013). Robust anonymous authentication protocol for health-care applications using wireless medical sensor networks. Multimedia Systems, 21(1), 49–60.
Wang, B., & Ma, M. (2013). A smart card based efficient and secured multi-server authentication scheme. Wireless Personal Communications, 68(2), 361–378.
He, D., & Wu, S. (2013). Security flaws in a smart card based authentication scheme for multi-server environment. Wireless Personal Communications, 72(1), 729–745.
Mishra, D., Das, A. K., & Mukhopadhyay, S. (2014). A secure user anonymity-preserving biometric-based multi-server authenticated key agreement scheme using smart cards. Expert Systems with Applications, 41(18), 8129–8143.
Pippal, R. S., Jaidhar, C., & Tapaswi, S. (2013). Robust smart card authentication scheme for multi-server architecture. Wireless Personal Communications, 71(1), 729–745.
Kocher, P., Jaffe, J., & Jun, B. (1999). Differential power analysis. In Proceedings of advances in cryptology—CRYPTO’99 (pp. 388–397), Vol. 1666, LNCS.
Messerges, T. S., Dabbish, E. A., & Sloan, R. H. (2002). Examining smart-card security under the threat of power analysis attacks. IEEE Transactions on Computers, 51(5), 541–552.
Avoine, G. (2005). Radio frequency identification: adversary model and attacks on existing protocols. Tech. rep.
Xu, J., Zhu, W.-T., & Feng, D.-G. (2009). An improved smart card based password authentication scheme with provable security. Computer Standards and Interfaces, 31(4), 723–728.
Acknowledgements
First author (Dr. Dheerendra Mishra) research was partially funded by Science and Engineering Research Board under the Grant Number: ECR/2015/000243.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Mishra, D., Dhal, S. Privacy Preserving Password-Based Multi-server Authenticated Key Agreement Protocol Using Smart Card. Wireless Pers Commun 99, 1–21 (2018). https://doi.org/10.1007/s11277-017-5033-2
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11277-017-5033-2