Skip to main content
SpringerLink
Log in

An enhanced and provably secure authentication protocol using Chebyshev chaotic maps for multi-server environment

  • Published:
Multimedia Tools and Applications Aims and scope Submit manuscript

Abstract

Multiserver authentication requires users to have only one-time registration for accessing different permissible services securely from various servers over an insecure network. To date, many multiserver authentication protocols have been presented in the literature. Most of them require the registration server’s participation at the time of authentication, leading to increased communication overhead and bandwidth overload of the registration server. Recently, Lee et al. introduced a multiserver authentication protocol using extended chaotic maps that permits registered users and servers to authenticate with each other directly. In this paper, we revisit Lee et al.’s protocol and find that it is insecure against user impersonation and session-specific temporary information attacks. Additionally, the protocol uses timestamps, which may cause serious time synchronization problems. The weaknesses of Lee et al.’s protocol prompted us to propose another protocol based on extended chaotic maps, which is free from serious time synchronization problems, more efficient in terms of computation and communication overheads, and more robust against all known attacks. Furthermore, our protocol adds extra functionality features such as considering the users’ registration expiration, server scalability, and inclusion of two new phases: a deregistration phase and a registration renewal phase for a registered user. Our protocol’s security has been validated using the automated tool ProVerif and proven through formal and informal analyses. With better security protection, fewer complexities, and additional features, the proposed protocol is more suitable for practical use than other related protocols.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7

Similar content being viewed by others

References

  1. Abadi M, Blanchet B, Comon-Lundh H (2009) Models and proofs of protocol security: A progress report. In: International conference on computer aided verification. Springer, pp 35–49

  2. Abadi M, Fournet C (2001) Mobile values, new names, and secure communication. In: ACM Sigplan Notices, vol 36, pp 104–115

  3. Abdalla M, Fouque P. -A., Pointcheval D (2005) Password-based authenticated key exchange in the three-party setting. In: International workshop on public key cryptography. Springer, pp 65–84

  4. Ali Z, Hussain S, Rehman RHU, Munshi A, Liaqat M, Kumar N, Chaudhry SA (2020) ITSSAKA-MS: An improved three-factor symmetric-key based secure AKA scheme for multi-server environments. IEEE Access 8:107993–108003

    Article  Google Scholar 

  5. Amin R (2016) Cryptanalysis and efficient dynamic id based remote user authentication scheme in multi-server environment using smart card. IJ Network Security 18(1):172–181

    Google Scholar 

  6. Amin R, Biswas GP (2015) Design and analysis of bilinear pairing based mutual authentication and key agreement protocol usable in multi-server environment. Wirel Pers Commun 84(1):439–462

    Article  Google Scholar 

  7. Amin R, Islam SK, Khan MK, Karati A, Giri D, Kumari S (2017) A two-factor RSA-based robust authentication system for multiserver environments. Secur Commun Netw

  8. Baptista MS (1998) Cryptography with chaos. Phys Lett A 240 (1-2):50–54

    Article  MathSciNet  MATH  Google Scholar 

  9. Bergamo P, D’Arco P, Santis AD, Kocarev L (2005) Security of public-key cryptosystems based on Chebyshev polynomials. IEEE Trans Circuits Sys 52:1382–1393

    Article  MathSciNet  MATH  Google Scholar 

  10. Canetti R, Krawczyk H (2001) Analysis of key-exchange protocols and their use for building secure channels. In: Advances in cryptology – Eurocrypt, Lecture notes in computer science, vol 2045. Springer, pp 453–474. http://eprint.iacr.org/2001/040.ps.gz

  11. Chang CC, Cheng TF, Hsueh WY (2016) A robust and efficient dynamic identity-based multi-server authentication scheme using smart cards. Int J Commun Syst 29(2):290–306

    Article  Google Scholar 

  12. Chatterjee S, Roy S, Das AK, Chattopadhyay S, Kumar N, Vasilakos AV (2016) Secure biometric-based authentication scheme using Chebyshev chaotic map for multi-server environment. IEEE Trans Dependable Secure Comput 15 (5):824–839

    Article  Google Scholar 

  13. Chen CT, Lee CC (2015) A two-factor authentication scheme with anonymity for multi-server environments. Secur Commun Netw 8(8):1608–1625

    Article  Google Scholar 

  14. Dolev D, Yao A (1983) On the security of public key protocols. IEEE Trans Inf Theory 29(2):198–208

    Article  MathSciNet  MATH  Google Scholar 

  15. Gupta PC, Dhar J (2016) Hash based multi-server key exchange protocol using smart card. Wirel Pers Commun 87(1):225–244

    Article  Google Scholar 

  16. Hassan A, Omala AA, Ali M, Jin C, Li F (2019) Identity-based user authenticated key agreement protocol for multi-server environment with anonymity. Mobile Netw Appl 24(3):890–902

    Article  Google Scholar 

  17. Hsieh WB, Leu JS (2014) An anonymous mobile user authentication protocol using selfcertified public keys based on multi-server architectures. J Supercomput 70(1):133–148

    Article  Google Scholar 

  18. Irshad A, Chaudhry SA, Xie Q, Li X, Farash MS, Kumari S, Wu F (2018) An enhanced and provably secure chaotic map-based authenticated key agreement in multi-server architecture. Arab J Sci Eng 43(2):811–828

    Article  Google Scholar 

  19. Irshad A, Sher M, Ashraf MU, Alzahrani BA, Wu F, Xie Q, Kumari S (2017) An improved and secure chaotic-map based multi-server authentication protocol based on Lu et al. and Tsai and Lo” Scheme. Wirel Pers Commun 95 (3):3185–3208

    Article  Google Scholar 

  20. Irshad A, Sher M, Chaudhary SA, Naqvi H, Farash MS (2016) An efficient and anonymous multi-server authenticated key agreement based on chaotic map without engaging Registration Centre. J Supercomput 72(4):1623–1644

    Article  Google Scholar 

  21. Irshad A, Sher M, Chaudhry SA, Xie Q, Kumari S, Wu F (2018) An improved and secure chaotic map based authenticated key agreement in multi-server architecture. Multimed Tools Appl 77(1):1167–1204

    Article  Google Scholar 

  22. Islam SH (2014) A provably secure ID-based mutual authentication and key agreement scheme for mobile multi-server environment without ESL attack. Wirel Pers Commun 79(3):1975–1991

    Article  Google Scholar 

  23. Jangirala S, Mukhopadhyay S, Das AK (2017) A multi-server environment with secure and efficient remote user authentication scheme based on dynamic ID using smart cards. Wirel Pers Commun 95(3):2735–2767

    Article  Google Scholar 

  24. Jina ATB, Linga DNC, Goh A (2004) Biohashing: Two factor authentication featuring fingerprint data and tokenised random number. Pattern Recogn 37(11):2245–2255

    Article  Google Scholar 

  25. Kocher P, Jaffe J, Jun B (1999) Differential power analysis. In: Proceedings of advances in cryptology - CRYPTO ’99, LNCS, Santa Barbara, California, USA, vol 1666, pp 388–397

  26. Kumar A, Om H (2018) An improved and secure multiserver authentication scheme based on biometrics and smartcard. Digital Commun Netw 4 (1):27–38

    Article  Google Scholar 

  27. Lee TF, Diao YY, Hsieh YP (2019) A ticket-based multi-server biometric authentication scheme using extended chaotic maps for telecare medical information systems. Multimed Tools Appl 78(22):31649–31672

    Article  Google Scholar 

  28. Lee CC, Lou DC, Li CT, Hsu CW (2014) An extended chaotic-maps-based protocol with key agreement for multiserver environments. Nonlinear Dynamics 76(1):853–866

    Article  MathSciNet  MATH  Google Scholar 

  29. Li CT (2016) A secure chaotic maps-based privacy-protection scheme for multi-server environments. Secur Commun Netw 9(14):2276–2290

    Article  Google Scholar 

  30. Li LH, Lin IC, Hwang MS (2001) A remote password authentication scheme for multi-server architecture using neural networks. IEEE Trans Neural Netw 12(6):1498–1504

    Article  Google Scholar 

  31. Li X, Niu J, Kumari S, Islam SH, Wu F, Khan MK, Das AK (2016) A novel chaotic maps-based user authentication and key agreement protocol for multi-server environments with provable security. Wirel Pers Commun 89 (2):569–597

    Article  Google Scholar 

  32. Lin IC, Hwang MS, Li LH (2003) A new remote user authentication scheme for multi-server architecture. Futur Gener Comput Syst 19(1):13–22

    Article  MATH  Google Scholar 

  33. Lu Y, Li L, Peng H, Yang Y (2016) Cryptanalysis and improvement of a chaotic maps-based anonymous authenticated key agreement protocol for multiserver architecture. Secur Commun Netw 9(11):1321–1330

    Article  Google Scholar 

  34. Maitra T, Islam SH, Amin R, Giri D, Khan MK, Kumar N (2016) An enhanced multi-server authentication protocol using password and smart-card: Cryptanalysis and design. Secur Commun Netw 9(17):4615–4638

    Article  Google Scholar 

  35. Messerges TS, Dabbish EA, Sloan RH (2002) Examining smart-card security under the threat of power analysis attacks. IEEE Trans Comput 51(5):541–552

    Article  MathSciNet  MATH  Google Scholar 

  36. Moon J, Choi Y, Jung J, Won D (2015) An improvement of robust biometrics-based authentication and key agreement scheme for multi-server environments using smart cards. PloS one 10(12):e0145263

    Article  Google Scholar 

  37. Pointcheval D, Zimmer S (2008) Multi-factor authenticated key exchange. In: International conference on applied cryptography and network security. Springer, New York, pp 277–295

  38. Qi M, Chen J (2019) Anonymous biometrics-based authentication with key agreement scheme for multi-server environment using ECC. Multimed Tools Appl 78(19):27553–27568

    Article  Google Scholar 

  39. Reddy AG, Yoon EJ, Das AK, Odelu V, Yoo KY (2017) Design of mutually authenticated key agreement protocol resistant to impersonation attacks for multi-server environment. IEEE access 5:3622–3639

    Article  Google Scholar 

  40. Sahoo SS, Mohanty S, Majhi B (2018) An improved and secure two-factor dynamic id based authenticated key agreement scheme for multiserver environment. Wirel Pers Commun 101(3):1307–1333

    Article  Google Scholar 

  41. Stallings W (2003) Cryptography and network security: Principles and practices, 3rd edn. Englewood Cliffs, Prentice Hall

    Google Scholar 

  42. Sudhakar T, Natarajan V (2019) A new three-factor authentication and key agreement protocol for multi-server environment. Wirel Netw 1–12

  43. Suresh kumar V, Amin R, Anitha R (2017) An enhanced bilinear pairing based authenticated key agreement protocol for multiserver environment. Int J Commun Syst 30(17):e3358

    Article  Google Scholar 

  44. Tan Z (2016) A privacy-preserving multi-server authenticated key-agreement scheme based on Chebyshev chaotic maps. Secur Commun Netw 9(11):1384–1397

    Article  Google Scholar 

  45. Tsai JL, Lo NW (2015) A chaotic map-based anonymous multi-server authenticated key agreement protocol using smart card. Int J Commun Syst 28(13):1955–1963

    Article  Google Scholar 

  46. Wang B, Ma M (2013) A smart card based efficient and secured multi-server authentication scheme. Wirel Pers Commun 68(2):361–378

    Article  Google Scholar 

  47. Xie Q, Wong DS, Wang G, Tan X, Chen K, Fang L (2017) Provably secure dynamic ID-based anonymous two-factor authenticated key exchange protocol with extended security model. IEEE Trans Inf Forensics Secur 12(6):1382–1392

    Article  Google Scholar 

  48. Xu Z, He D, Huang X (2017) Secure and efficient two-factor authentication protocol using RSA signature for multi-server environments. In: International conference on information and communications security. Springer, Cham, pp 595–605

  49. Yoon E, Yoo K (2013) Robust biometrics-based multi-server authentication with key agreement scheme for smart cards on elliptic curve cryptosystem. J Supercomput 63(1):235–255

    Article  Google Scholar 

  50. Zhang L (2008) Cryptanalysis of the public key encryption based on multiple chaotic systems. Chaos Solitons Fractals 37:669–674

    Article  MathSciNet  MATH  Google Scholar 

  51. Zhu H (2015) A provable privacy-protection system for multi-server environment. Nonlinear Dynamics 82(1-2):835–849

    Article  MathSciNet  MATH  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science and Engineering, Indian Institute of Technology (ISM), Dhanbad, Jharkhand, 826004, India

    Ashish Kumar & Hari Om

Authors
  1. Ashish Kumar
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Hari Om
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Ashish Kumar.

Additional information

Publisher’s note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Electronic supplementary material

Below is the link to the electronic supplementary material.

(PDF 230 KB)

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Kumar, A., Om, H. An enhanced and provably secure authentication protocol using Chebyshev chaotic maps for multi-server environment. Multimed Tools Appl 80, 14163–14189 (2021). https://doi.org/10.1007/s11042-020-10320-x

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11042-020-10320-x

Keywords

Search

Navigation