Abstract
Multiserver authentication requires users to have only one-time registration for accessing different permissible services securely from various servers over an insecure network. To date, many multiserver authentication protocols have been presented in the literature. Most of them require the registration server’s participation at the time of authentication, leading to increased communication overhead and bandwidth overload of the registration server. Recently, Lee et al. introduced a multiserver authentication protocol using extended chaotic maps that permits registered users and servers to authenticate with each other directly. In this paper, we revisit Lee et al.’s protocol and find that it is insecure against user impersonation and session-specific temporary information attacks. Additionally, the protocol uses timestamps, which may cause serious time synchronization problems. The weaknesses of Lee et al.’s protocol prompted us to propose another protocol based on extended chaotic maps, which is free from serious time synchronization problems, more efficient in terms of computation and communication overheads, and more robust against all known attacks. Furthermore, our protocol adds extra functionality features such as considering the users’ registration expiration, server scalability, and inclusion of two new phases: a deregistration phase and a registration renewal phase for a registered user. Our protocol’s security has been validated using the automated tool ProVerif and proven through formal and informal analyses. With better security protection, fewer complexities, and additional features, the proposed protocol is more suitable for practical use than other related protocols.
Similar content being viewed by others
References
Abadi M, Blanchet B, Comon-Lundh H (2009) Models and proofs of protocol security: A progress report. In: International conference on computer aided verification. Springer, pp 35–49
Abadi M, Fournet C (2001) Mobile values, new names, and secure communication. In: ACM Sigplan Notices, vol 36, pp 104–115
Abdalla M, Fouque P. -A., Pointcheval D (2005) Password-based authenticated key exchange in the three-party setting. In: International workshop on public key cryptography. Springer, pp 65–84
Ali Z, Hussain S, Rehman RHU, Munshi A, Liaqat M, Kumar N, Chaudhry SA (2020) ITSSAKA-MS: An improved three-factor symmetric-key based secure AKA scheme for multi-server environments. IEEE Access 8:107993–108003
Amin R (2016) Cryptanalysis and efficient dynamic id based remote user authentication scheme in multi-server environment using smart card. IJ Network Security 18(1):172–181
Amin R, Biswas GP (2015) Design and analysis of bilinear pairing based mutual authentication and key agreement protocol usable in multi-server environment. Wirel Pers Commun 84(1):439–462
Amin R, Islam SK, Khan MK, Karati A, Giri D, Kumari S (2017) A two-factor RSA-based robust authentication system for multiserver environments. Secur Commun Netw
Baptista MS (1998) Cryptography with chaos. Phys Lett A 240 (1-2):50–54
Bergamo P, D’Arco P, Santis AD, Kocarev L (2005) Security of public-key cryptosystems based on Chebyshev polynomials. IEEE Trans Circuits Sys 52:1382–1393
Canetti R, Krawczyk H (2001) Analysis of key-exchange protocols and their use for building secure channels. In: Advances in cryptology – Eurocrypt, Lecture notes in computer science, vol 2045. Springer, pp 453–474. http://eprint.iacr.org/2001/040.ps.gz
Chang CC, Cheng TF, Hsueh WY (2016) A robust and efficient dynamic identity-based multi-server authentication scheme using smart cards. Int J Commun Syst 29(2):290–306
Chatterjee S, Roy S, Das AK, Chattopadhyay S, Kumar N, Vasilakos AV (2016) Secure biometric-based authentication scheme using Chebyshev chaotic map for multi-server environment. IEEE Trans Dependable Secure Comput 15 (5):824–839
Chen CT, Lee CC (2015) A two-factor authentication scheme with anonymity for multi-server environments. Secur Commun Netw 8(8):1608–1625
Dolev D, Yao A (1983) On the security of public key protocols. IEEE Trans Inf Theory 29(2):198–208
Gupta PC, Dhar J (2016) Hash based multi-server key exchange protocol using smart card. Wirel Pers Commun 87(1):225–244
Hassan A, Omala AA, Ali M, Jin C, Li F (2019) Identity-based user authenticated key agreement protocol for multi-server environment with anonymity. Mobile Netw Appl 24(3):890–902
Hsieh WB, Leu JS (2014) An anonymous mobile user authentication protocol using selfcertified public keys based on multi-server architectures. J Supercomput 70(1):133–148
Irshad A, Chaudhry SA, Xie Q, Li X, Farash MS, Kumari S, Wu F (2018) An enhanced and provably secure chaotic map-based authenticated key agreement in multi-server architecture. Arab J Sci Eng 43(2):811–828
Irshad A, Sher M, Ashraf MU, Alzahrani BA, Wu F, Xie Q, Kumari S (2017) An improved and secure chaotic-map based multi-server authentication protocol based on Lu et al. and Tsai and Lo” Scheme. Wirel Pers Commun 95 (3):3185–3208
Irshad A, Sher M, Chaudhary SA, Naqvi H, Farash MS (2016) An efficient and anonymous multi-server authenticated key agreement based on chaotic map without engaging Registration Centre. J Supercomput 72(4):1623–1644
Irshad A, Sher M, Chaudhry SA, Xie Q, Kumari S, Wu F (2018) An improved and secure chaotic map based authenticated key agreement in multi-server architecture. Multimed Tools Appl 77(1):1167–1204
Islam SH (2014) A provably secure ID-based mutual authentication and key agreement scheme for mobile multi-server environment without ESL attack. Wirel Pers Commun 79(3):1975–1991
Jangirala S, Mukhopadhyay S, Das AK (2017) A multi-server environment with secure and efficient remote user authentication scheme based on dynamic ID using smart cards. Wirel Pers Commun 95(3):2735–2767
Jina ATB, Linga DNC, Goh A (2004) Biohashing: Two factor authentication featuring fingerprint data and tokenised random number. Pattern Recogn 37(11):2245–2255
Kocher P, Jaffe J, Jun B (1999) Differential power analysis. In: Proceedings of advances in cryptology - CRYPTO ’99, LNCS, Santa Barbara, California, USA, vol 1666, pp 388–397
Kumar A, Om H (2018) An improved and secure multiserver authentication scheme based on biometrics and smartcard. Digital Commun Netw 4 (1):27–38
Lee TF, Diao YY, Hsieh YP (2019) A ticket-based multi-server biometric authentication scheme using extended chaotic maps for telecare medical information systems. Multimed Tools Appl 78(22):31649–31672
Lee CC, Lou DC, Li CT, Hsu CW (2014) An extended chaotic-maps-based protocol with key agreement for multiserver environments. Nonlinear Dynamics 76(1):853–866
Li CT (2016) A secure chaotic maps-based privacy-protection scheme for multi-server environments. Secur Commun Netw 9(14):2276–2290
Li LH, Lin IC, Hwang MS (2001) A remote password authentication scheme for multi-server architecture using neural networks. IEEE Trans Neural Netw 12(6):1498–1504
Li X, Niu J, Kumari S, Islam SH, Wu F, Khan MK, Das AK (2016) A novel chaotic maps-based user authentication and key agreement protocol for multi-server environments with provable security. Wirel Pers Commun 89 (2):569–597
Lin IC, Hwang MS, Li LH (2003) A new remote user authentication scheme for multi-server architecture. Futur Gener Comput Syst 19(1):13–22
Lu Y, Li L, Peng H, Yang Y (2016) Cryptanalysis and improvement of a chaotic maps-based anonymous authenticated key agreement protocol for multiserver architecture. Secur Commun Netw 9(11):1321–1330
Maitra T, Islam SH, Amin R, Giri D, Khan MK, Kumar N (2016) An enhanced multi-server authentication protocol using password and smart-card: Cryptanalysis and design. Secur Commun Netw 9(17):4615–4638
Messerges TS, Dabbish EA, Sloan RH (2002) Examining smart-card security under the threat of power analysis attacks. IEEE Trans Comput 51(5):541–552
Moon J, Choi Y, Jung J, Won D (2015) An improvement of robust biometrics-based authentication and key agreement scheme for multi-server environments using smart cards. PloS one 10(12):e0145263
Pointcheval D, Zimmer S (2008) Multi-factor authenticated key exchange. In: International conference on applied cryptography and network security. Springer, New York, pp 277–295
Qi M, Chen J (2019) Anonymous biometrics-based authentication with key agreement scheme for multi-server environment using ECC. Multimed Tools Appl 78(19):27553–27568
Reddy AG, Yoon EJ, Das AK, Odelu V, Yoo KY (2017) Design of mutually authenticated key agreement protocol resistant to impersonation attacks for multi-server environment. IEEE access 5:3622–3639
Sahoo SS, Mohanty S, Majhi B (2018) An improved and secure two-factor dynamic id based authenticated key agreement scheme for multiserver environment. Wirel Pers Commun 101(3):1307–1333
Stallings W (2003) Cryptography and network security: Principles and practices, 3rd edn. Englewood Cliffs, Prentice Hall
Sudhakar T, Natarajan V (2019) A new three-factor authentication and key agreement protocol for multi-server environment. Wirel Netw 1–12
Suresh kumar V, Amin R, Anitha R (2017) An enhanced bilinear pairing based authenticated key agreement protocol for multiserver environment. Int J Commun Syst 30(17):e3358
Tan Z (2016) A privacy-preserving multi-server authenticated key-agreement scheme based on Chebyshev chaotic maps. Secur Commun Netw 9(11):1384–1397
Tsai JL, Lo NW (2015) A chaotic map-based anonymous multi-server authenticated key agreement protocol using smart card. Int J Commun Syst 28(13):1955–1963
Wang B, Ma M (2013) A smart card based efficient and secured multi-server authentication scheme. Wirel Pers Commun 68(2):361–378
Xie Q, Wong DS, Wang G, Tan X, Chen K, Fang L (2017) Provably secure dynamic ID-based anonymous two-factor authenticated key exchange protocol with extended security model. IEEE Trans Inf Forensics Secur 12(6):1382–1392
Xu Z, He D, Huang X (2017) Secure and efficient two-factor authentication protocol using RSA signature for multi-server environments. In: International conference on information and communications security. Springer, Cham, pp 595–605
Yoon E, Yoo K (2013) Robust biometrics-based multi-server authentication with key agreement scheme for smart cards on elliptic curve cryptosystem. J Supercomput 63(1):235–255
Zhang L (2008) Cryptanalysis of the public key encryption based on multiple chaotic systems. Chaos Solitons Fractals 37:669–674
Zhu H (2015) A provable privacy-protection system for multi-server environment. Nonlinear Dynamics 82(1-2):835–849
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher’s note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Electronic supplementary material
Below is the link to the electronic supplementary material.
Rights and permissions
About this article
Cite this article
Kumar, A., Om, H. An enhanced and provably secure authentication protocol using Chebyshev chaotic maps for multi-server environment. Multimed Tools Appl 80, 14163–14189 (2021). https://doi.org/10.1007/s11042-020-10320-x
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11042-020-10320-x