Abstract
Significant developments in wireless communication technologies have resulted in the increased popularity of mobile devices and mobile services. However, excessive service requests reduce the efficiency of traditional single-server architectures, which consist of one server and many users. To overcome this limitation, a multi-server architecture was proposed. Additionally, password-based or smart-card-based authentication schemes cannot support some important security properties in multi-server environments. Consequently, biometrics are widely used as a third factor, in addition to passwords and smart cards, to make authentication schemes more secure. Reddy et al. recently designed a three-factor (i.e., password, smart card and biometrics) authentication scheme for multi-server environments. However, we found that their scheme lacks untraceability and is vulnerable to privileged insider attacks. To address these deficiencies, we propose a security-enhanced three-factor authentication scheme for multi-server environments based on elliptic curve cryptography (ECC). We prove that the proposed scheme is secure using the random oracle model. Moreover, an informal security analysis shows that the proposed scheme fulfills all the security requirements of the multi-server architecture. Finally, the results from performance analyses indicate that our proposed scheme achieves a significant improvement in security with minimal impact on performance.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
Explore related subjects
Discover the latest articles, news and stories from top researchers in related subjects.References
Amin R, Islam S, Khan MK, Karati A, Giri D, Kumari S (2017) A two-factor rsa-based robust authentication system for multiserver environments. Secur Commun Netw 2017(13):1–15
Brick (2017) Mobile marketing. https://www.brickandmobile.com/mobile-stats/
Cao X, Zhong S (2006) Breaking a remote user authentication scheme for multi-server architecture. IEEE Commun Lett 10(8):580–581
Chuang MC, Chen MC (2014) An anonymous multi-server authenticated key agreement scheme based on trust computing using smart cards and biometrics. Expert Syst Appl 41(4):1411–1418
Dodis Y, Reyzin L, Smith A (2004) Fuzzy extractors: How to generate strong keys from biometrics and other noisy data. International conference on the theory and applications of cryptographic techniques. Springer, New York, pp 523–540
Dolev D, Yao AC (1981) On the security of public key protocols. In: Foundations of Computer Science, 1981. Sfcs ’81. Symposium on, pp 350–357
Eisenbarth T, Kasper T, Moradi A, Paar C, Salmasizadeh M, Shalmani MT (2008) On the power of power analysis in the real world: a complete break of the keeloq code hopping scheme. In: Conference on cryptology: advances in cryptology. Springer, Berlin, Heidelberg, pp 203–220
Gope P, Hwang T (2016) A realistic lightweight anonymous authentication protocol for securing real-time application data access in wireless sensor networks. IEEE Trans Industr Electron 63(11):7124–7132
Gope P, Lee J, Quek T (2017) Resilience of dos attacks in designing anonymous user authentication protocol for wireless sensor networks. IEEE Sensors J 99:1
He D (2011) Security flaws in a biometrics-based multi-server authentication with key agreement scheme. Iacr Cryptology Eprint Archive
He D, Wang D (2015) Robust biometrics-based authentication scheme for multiserver environment. IEEE Syst J 9(3):816–823
Huang Z, Liu S, Mao X, Chen K, Li J (2017) Insight of the protection for data security under selective opening attacks. Inform Sci 412413:223–241
Islam SH (2014) A provably secure id-based mutual authentication and key agreement scheme for mobile multi-server environment without esl attack. Wireless Pers Commun 79(3):1975–1991
Jiang P, Wen Q, Li W, Jin Z, Zhang H (2015) An anonymous and efficient remote biometrics user authentication scheme in a multi server environment. Front Comput Sci 9(1):142–156
Jiang Q, Khan MK, Lu X, Ma J, He D (2016) A privacy preserving three-factor authentication protocol for e-health clouds. J Supercomput 72(10):3826–3849
Jiang Q, Chen Z, Li B, Shen J, Yang L, Ma J (2017a) Security analysis and improvement of bio-hashing based three-factor authentication scheme for telecare medical information systems. J Ambient Intell Hum Comput 5:1–13
Jiang Q, Zeadally S, Ma J, He D (2017b) Lightweight three-factor authentication and key agreement protocol for internet-integrated wireless sensor networks. IEEE Access 5:3376–3392
Kaufman C (2005) Internet key exchange (ikev2) protocol. RFC 4306
Khan MK, Kim SK, Alghathbar K (2011) Cryptanalysis and security enhancement of a more efficient & secure dynamic id-based remote user authentication scheme. Comput Commun 34(3):305–309
Kim H, Jeon W, Lee K, Lee Y, Won D (2012) Cryptanalysis and improvement of a biometrics-based multi-server authentication with key agreement scheme. In: International conference on computational science and its applications. Springer, pp 391–406
Koblitz N (1987) Elliptic curve cryptosystems. Math Comput 48(177):203–209
Li J, Chen X, Li M, Li J, Lee PPC, Lou W (2014) Secure deduplication with efficient and reliable convergent key management. IEEE Trans Parallel Distrib Syst 25(6):1615–1625
Li J, Li J, Chen X, Jia C, Lou W (2015a) Identity-based encryption with outsourced revocation in cloud computing. IEEE Trans Comput 64(2):425–437
Li J, Li YK, Chen X, Lee PPC, Lou W (2015b) A hybrid cloud approach for secure authorized deduplication. Parallel Distrib Syst IEEE Trans 26(5):1206–1216
Li X, Niu J, Kumari S, Islam SH, Wu F, Khan MK, Das AK (2016) A novel chaotic maps-based user authentication and key agreement protocol for multi-server environments with provable security. Wireless Pers Commun 89(2):569–597
Lin H, Wen F, Du C (2015) An improved anonymous multi-server authenticated key agreement scheme using smart cards and biometrics. Wireless Pers Commun 84(4):2351–2362
Lu Y, Li L, Yang X, Yang Y (2015) Robust biometrics based authentication and key agreement scheme for multi-server environments using smart cards. PLoS One 10(5):e0126,323
Ma C, Wang D, Zhao S (2015) Security flaws in two improved remote user authentication schemes using smart cards. Int J Commun Syst 27(10):2215–2227
Maitra T, Islam S, Amin R, Giri D, Khan MK, Kumar N (2016) An enhanced multi-server authentication protocol using password and smart-card: cryptanalysis and design. Security Commun Netw 9(17):4615–4638
Mishra D, Das AK, Mukhopadhyay S (2014) A secure user anonymity-preserving biometric-based multi-server authenticated key agreement scheme using smart cards. Expert Syst Appl 41(18):8129–8143
Odelu V, Das AK, Goswami A (2015) A secure biometrics-based multi-server authentication protocol using smart cards. IEEE Trans Inf Forensics Secur 10(9):1953–1966
Reddy AG, Yoon EJ, Das AK, Odelu V, Yoo KY (2017) Design of mutually authenticated key agreement protocol resistant to impersonation attacks for multi-server environment. IEEE Access 5(99):3622–3639
Wang C, Zhang X, Zheng Z (2016) Cryptanalysis and improvement of a biometric-based multi-server authentication and key agreement scheme. PLoS One 11(2):e0149,173
Wang D, Wang P (2014) Understanding security failures of two-factor authentication schemes for real-time applications in hierarchical wireless sensor networks. Ad Hoc Netw 20(2):1–15
Xie Q, Wong DS, Wang G, Tan X, Chen K, Fang L (2017) Provably secure dynamic id-based anonymous two-factor authenticated key exchange protocol with extended security model. IEEE Trans Inf Forensics Secur 12(6):1382–1392
Yang D, Yang B (2010) A biometric password-based multi-server authentication scheme with smart card. In: International conference on computer design and applications. IEEE, pp V5–554–V5–559
Yoon EJ, Yoo KY (2013) Robust biometrics-based multi-server authentication with key agreement scheme for smart cards on elliptic curve cryptosystem. J Supercomput 63(1):235–255
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Xu, D., Chen, J. & Liu, Q. Provably secure anonymous three-factor authentication scheme for multi-server environments. J Ambient Intell Human Comput 10, 611–627 (2019). https://doi.org/10.1007/s12652-018-0710-x
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s12652-018-0710-x