Skip to main content
SpringerLink
Log in

A secure and efficient authentication protocol for wireless applications in multi-server environment

  • Published:
Peer-to-Peer Networking and Applications Aims and scope Submit manuscript

Abstract

User authentication over a public channel is an indispensable requirement in preventing any untrusted third party from accessing the services. Recently, Haq et al. (in JNCA, vol. 161, 2020) have discussed a user authentication protocol for Multi-Server Environment (MSE). Unfortunately, their construction cannot withstand the impersonation attack (both for user and server), privileged insider attack, man-in-the-middle attack and replay attack. In this paper, we propose a secure and efficient authentication protocol for wireless applications in multi-server environment to overcome these vulnerabilities. We utilize the basic operations of Elliptic Curve Cryptography (ECC) in order to achieve low computation and communication overheads. It also encompasses a secure session key update mechanism to provide the confidentiality of the session key for a long session between a user and the server. The Real-Or-Random (ROR) oracle model is used for its formal analysis and the AVISPA tool based automated simulation to validate its security under the Dolev-Yao threat model. Finally, the performance analysis proves its compatibility for the resource-constraint mobile devices.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7

Similar content being viewed by others

References

  1. He D, Zeadally S, Kumar N, Wu W (2016) Efficient and anonymous mobile user authentication protocol using self-certified public key cryptography for multi-server architectures. IEEE Trans Inf Forensics Secur 11(9):2052–2064

    Article  Google Scholar 

  2. Wu TY, Lee Z, Obaidat MS, Kumari S, Kumar S, Chen CM (2020) An authenticated key exchange protocol for multi-server architecture in 5g networks. IEEE Access 8:28096–28108

    Article  Google Scholar 

  3. Haq Iu, Wang J, Zhu Y (2020) Secure two-factor lightweight authentication protocol using self-certified public key cryptography for multi-server 5g networks. J Netw Comput Appl 102660

  4. Ying B, Nayak A (2019) Lightweight remote user authentication protocol for multi-server 5g networks using self-certified public key cryptography. J Netw Comput Appl 131:66–74

    Article  Google Scholar 

  5. Wu F, Li X, Xu L, Sangaiah AK, Rodrigues JJ (2018) Authentication protocol for distributed cloud computing: An explanation of the security situations for internet-of-things-enabled devices. IEEE Consumer Electronics Magazine 7(6), 38–44

    Article  Google Scholar 

  6. Choi KY, Hwang JY, Lee DH, Seo IS (2005) Id-based authenticated key agreement for low-power mobile devices. In: Australasian Conference on Information Security and Privacy, Springer, pp 494–505

  7. Chuang YH, Tseng YM (2012) Towards generalized id-based user authentication for mobile multi-server environment. Int J Commun Syst 25(4):447–460

    Article  Google Scholar 

  8. Dolev D, Yao A (1983) On the security of public key protocols. IEEE Transactions on information theory 29(2):198–208

    Article  MathSciNet  Google Scholar 

  9. IjazAhmad ML, Shahabuddin S, Ylianttila M, Gurtov A (2018) Design principles for 5g security. A Comprehensive Guide to 5G Security p 75

  10. Boyd C, Mathuria A, Stebila D (2003) Protocols for authentication and key establishment, vol 1. Springer

    Book  Google Scholar 

  11. Samfat D, Molva R, Asokan N (1995) Untraceability in mobile networks. In: Proceedings of the 1st annual international conference on Mobile computing and networking, pp 26–36

  12. Steinbrecher S, Köpsell S (2003) Modelling unlinkability. In: International Workshop on Privacy Enhancing Technologies, Springer, pp 32–47

  13. Lee B, Kim K (2002) Receipt-free electronic voting scheme with a tamper-resistant randomizer. In: International Conference on Information Security and Cryptology, Springer, pp 389–406

  14. Kocher P, Jaffe J, Jun B (1999) Differential power analysis. In: Annual International Cryptology Conference, Springer, pp 388–397

  15. Roy PK, Bhattacharya A (2021) Desynchronization resistant privacy preserving user authentication protocol for location based services. Peer-to-Peer Networking and Applications. https://doi.org/10.1007/s12083-021-01194-3

  16. Rahman MG, Imai H (2002) Security in wireless communication. Wireless personal communications 22(2):213–228

    Article  Google Scholar 

  17. Lee CC, Lin TH, Chang RX (2011) A secure dynamic id based remote user authentication scheme for multi-server environment using smart cards. Expert Systems with Applications 38(11), 13863–13870

    Google Scholar 

  18. Menezes AJ, Van Oorschot PC, Vanstone SA (2018) Handbook of applied cryptography. CRC Press

    Book  Google Scholar 

  19. Li LH, Lin LC, Hwang MS (2001) A remote password authentication scheme for multiserver architecture using neural networks. IEEE Transactions on Neural Networks 12(6), 1498–1504

    Article  Google Scholar 

  20. Lin IC, Hwang MS, Li LH (2003) A new remote user authentication scheme for multi-server architecture. Futur Gener Comput Syst 19(1):13–22

    Article  Google Scholar 

  21. Juang WS (2004) Efficient multi-server password authenticated key agreement using smart cards. IEEE Trans Consum Electron 50(1):251–255

    Article  Google Scholar 

  22. Chang CC, Lee JS (2004) An efficient and secure multi-server password authentication scheme using smart cards. In: 2004 international conference on cyberworlds, IEEE, pp 417–422

  23. Tsai JL (2008) Efficient multi-server authentication scheme based on one-way hash function without verification table. Computers & Security 27(3–4), 115–121

    Article  Google Scholar 

  24. Liao YP, Wang SS (2009) A secure dynamic id based remote user authentication scheme for multi-server environment. Computer Standards & Interfaces 31(1), 24–29

    Article  Google Scholar 

  25. Hsiang HC, Shih WK (2009) Improvement of the secure dynamic id based remote user authentication scheme for multi-server environment. Computer Standards & Interfaces 31(6), 1118–1123

    Article  Google Scholar 

  26. Sood SK, Sarje AK, Singh K (2011) A secure dynamic identity based authentication protocol for multi-server architecture. J Netw Comput Appl 34(2):609–618

    Article  Google Scholar 

  27. Li X, Ma J, Wang W, Xiong Y, Zhang J (2013) A novel smart card and dynamic id based remote user authentication scheme for multi-server environments. Math Comput Model 58(1–2):85–95

    Article  Google Scholar 

  28. Liao YP, Hsiao CM (2013) A novel multi-server remote user authentication scheme using self-certified public keys for mobile clients. Futur Gener Comput Syst 29(3):886–900

    Article  Google Scholar 

  29. Hsieh WB, Leu JS (2014) An anonymous mobile user authentication protocol using self-certified public keys based on multi-server architectures. J Supercomput 70(1):133–148

    Article  Google Scholar 

  30. Amin R, Biswas G (2015) Design and analysis of bilinear pairing based mutual authentication and key agreement protocol usable in multi-server environment. Wirel Pers Commun 84(1):439–462

    Article  Google Scholar 

  31. Wazid M, Das AK, Odelu V, Kumar N, Susilo W (2017) Secure remote user authenticated key establishment protocol for smart home environment. IEEE Trans Dependable Secure Comput 17(2):391–406

    Article  Google Scholar 

  32. Roy PK, Bhattacharya A (2019) Secure and efficient anonymous authentication protocol for global roaming services. In: 2019 11th International Conference on Communication Systems & Networks (COMSNETS), IEEE, pp 9–14

  33. Canetti R, Krawczyk H (2001) Analysis of key-exchange protocols and their use for building secure channels. In: International Conference on the Theory and Applications of Cryptographic Techniques, Springer, pp 453–474

  34. Canetti R, Krawczyk H (2002) Universally composable notions of key exchange and secure channels. In: International Conference on the Theory and Applications of Cryptographic Techniques, Springer, pp 337–351

  35. Wang D, Cheng H, Wang P, Huang X, Jian G (2017) Zipf’s law in passwords. IEEE Trans Inf Forensics Secur 12(11):2776–2791

    Article  Google Scholar 

  36. Abbasinezhad-Mood D, Nikooghadam M (2018) Efficient anonymous password-authenticated key exchange protocol to read isolated smart meters by utilization of extended chebyshev chaotic maps. IEEE Trans Ind Inf 14(11):4815–4828

    Google Scholar 

  37. Bonneau J (2012) The science of guessing: analyzing an anonymized corpus of 70 million passwords. In: 2012 IEEE Symposium on Security and Privacy, IEEE, pp 538–552

  38. Wang D, Zhang Z, Wang P, Yan J, Huang X (2016) Targeted online password guessing: An underestimated threat. In: Proceedings of the 2016 ACM SIGSAC conference on computer and communications security, pp 1242–1254

  39. Rogaway P, Shrimpton T (2004) Cryptographic hash-function basics: Definitions, implications, and separations for preimage resistance, second-preimage resistance, and collision resistance. In: International workshop on fast software encryption, Springer, pp 371–388

  40. Odelu V, Banerjee S, Das AK, Chattopadhyay S, Kumari S, Li X, Goswami A (2017) A secure anonymity preserving authentication scheme for roaming service in global mobility networks. Wireless Personal Communications 96(2), 2351–2387

    Article  Google Scholar 

  41. Armando A, Basin D, Boichut Y, Chevalier Y, Compagna L, Cuéllar J, Drielsma PH, Héam PC, Kouchnarenko O, Mantovani J et al (2005) The avispa tool for the automated validation of internet security protocols and applications. In: International conference on computer aided verification, Springer, pp 281–285

  42. Suárez-Albela M, Fernández-Caramés TM, Fraga-Lamas P, Castedo L (2018) A practical performance comparison of ecc and rsa for resource-constrained iot devices. In: 2018 Global Internet of Things Summit (GIoTS), IEEE, pp 1–6

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science & Engineering, Indian Institute of Technology (Indian School of Mines), Dhanbad, Jharkhand, 826004, India

    Pankaj Kumar & Hari Om

Authors
  1. Pankaj Kumar
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Hari Om
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Pankaj Kumar.

Ethics declarations

Conflicts of interests/Competing interests

The authors have no Conflicts of interests/Competing interests to disclose.

Additional information

Publisher’s Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Kumar, P., Om, H. A secure and efficient authentication protocol for wireless applications in multi-server environment. Peer-to-Peer Netw. Appl. 15, 1939–1952 (2022). https://doi.org/10.1007/s12083-022-01323-6

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s12083-022-01323-6

Keywords

Search

Navigation