Skip to main content
Log in

An anonymous mobile user authentication protocol using self-certified public keys based on multi-server architectures

  • Published:
The Journal of Supercomputing Aims and scope Submit manuscript

Abstract

As a smart phone becomes a daily necessity, mobile services are springing up. A mobile user should be authenticated and authorized before accessing these mobile services. Generally, mobile user authentication is a method which is used to validate the legitimacy of a mobile login user. As the rapid booming of computer networks, multi-server architecture has been pervasive in many network environments. Much recent research has been focused on proposing password-based remote user authentication protocols using smart cards for multi-server environments. To protect the privacy of users, many dynamic identity based remote user authentication protocols were proposed. In 2009, Hsiang and Shih claimed their protocol is efficient, secure, and suitable for the practical application environment. However, Sood et al. pointed out Hsiang et al.’s protocol is susceptible to replay attack, impersonation attack and stolen smart card attack. Moreover, the password change phase of Hsiang et al.’s protocol is incorrect. Thus, Sood et al. proposed an improved protocol claimed to be practical and computationally efficient. Nevertheless, Li et al. found that Sood et al.’s protocol is still vulnerable to leak-of-verifier attack, stolen smart card attack and impersonation attack and consequently proposed an improvement to remove the aforementioned weaknesses. In 2012, Liao et al. proposed a novel pairing-based remote user authentication protocol for multi-server environment, the scheme based on elliptic curve cryptosystem is more secure and efficient. However, through careful analyses, we find that Liao et al.’s protocol is still susceptible to the trace attack. Besides, Liao et al.’s protocol is inefficient since each service server has to update its ID table periodically. In this paper, we propose an improved protocol to solve these weaknesses. By enhancing the security, the improved protocol is well suited for the practical environment.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2

Similar content being viewed by others

References

  1. Sklavos N, Zhang X (2007) Wireless security and cryptography: specifications and implementations. CRC-Press, A Taylor and Francis Group, ISBN: 084938771X

  2. Lamport L (1981) Password authentication with insecure communication. Commun ACM 24(11):770–772

    Article  MathSciNet  Google Scholar 

  3. Hwang M-S, Li L-H (2000) A new remote user authentication scheme using smart cards. IEEE Trans Consum Electron 46(1):28–30

    Article  Google Scholar 

  4. ElGamal T (1985) A public key cryptosystem and a signature scheme based on discrete logarithms. IEEE Trans Inf Theory 32(4):469–72

    Google Scholar 

  5. Hwang T, Ku WC (1995) Reparable key distribution protocols for Internet environments. IEEE Trans Consum Electron 43(5):1947–1949

    Google Scholar 

  6. Sun HM (2000) An efficient remote user authentication scheme using smart cards. IEEE Trans Consum Electron 46(4):958–961

    Article  Google Scholar 

  7. Shen JJ, Lin CW, Hwang MS (2003) A modified remote user authentication scheme using smart cards. IEEE Trans Consum Electron 49(2):414–416

    Article  Google Scholar 

  8. Amit K, Awashti S (2004) An enhanced remote user authentication scheme using smart cards. IEEE Trans Consum Electron 50(2):583–586

    Article  Google Scholar 

  9. Chang C, Hwang KF (2003) Some forgery attacks on a remote user authentication scheme using smart cards. Informatics 14(3):289–294

    MathSciNet  MATH  Google Scholar 

  10. Das ML, Saxena A, Gulati VP (2004) A dynamic ID-based remote user authentication scheme. IEEE Trans Consum Electron 50(2):629–631

    Article  Google Scholar 

  11. Ku WC, Chang ST (2005) Impersonation attack on a dynamic ID-based remote user authentication scheme using smart cards. IEICE Trans Commun 5:2165–2167

    Article  Google Scholar 

  12. Hwang MS, Lee CC, Tang YL (2002) A simple remote user authentication scheme. Math Comput Model 36(1–2):103–107

    Article  MathSciNet  MATH  Google Scholar 

  13. Lee WB, Chang CC (2000) User identification and key distribution maintaining anonymity for distributed computer network. Comput Syst Sci 15(4):211–214

    MathSciNet  Google Scholar 

  14. Tsuar WJ, Wu CC, Lee WB (2001) A flexible user authentication for multi-server internet services. Networking-JCN2001LNCS, vol. 2093, Springer, Berlin, pp 174–183

  15. Li L, Lin I, Hwang M (2001) A remote password authentication scheme for multi-server architecture using neural networks. IEEE Trans Neural Netw 12(6):1498–1504

    Article  Google Scholar 

  16. Lin C, Hwang MS, Li LH (2003) A new remote user authentication scheme for multiserver architecture. Future Gener Comput Syst 1(19):13–22

    Article  Google Scholar 

  17. Tsuar WJ (2005) An enhanced user authentication scheme for multi-server internet services. Appl Math Comput 170:258–266

    Article  MathSciNet  Google Scholar 

  18. Wu TS, Hsu CL (2004) Efficient user identification scheme with key distribution preserving anonymity for distributed computer networks. Comput Secur 23:120–125

    Article  Google Scholar 

  19. Yang Y, Wang S, Bao F, Wang J, Deng R (2004) New efficient user identification and key distribution scheme providing enhanced security. Comput Secur 23(8):697–704

    Article  Google Scholar 

  20. Juang WS (2004) Efficient multi-server password authenticated key agreement using smart cards. IEEE Trans Consum Electron 50(1):251–255

    Article  Google Scholar 

  21. Chang C, Lee JS (2004) An efficient and secure multi-server password authentication scheme using smart cards. In: IEEE proceeding of the international conference on cyberworlds

  22. Tsai J (2008) Efficient multi-server authentication scheme based on one-way hash function without verification table. Comput Secur 27(4):115–121

    Article  Google Scholar 

  23. Liao Y-P, Wang S-S (2009) A secure dynamic ID based remote user authentication scheme for multi-server environment. Comput Stand Interf 31(1):24–29

    Article  Google Scholar 

  24. Hsiang H-C, Shih W-K (2009) Improvement of the secure dynamic ID based remote user authentication scheme for rmulti-server environment. Comput Stand Interf 31(6):1118–1123

    Google Scholar 

  25. Sood S-K, Sarje A-K, Singh K (2011) A secure dynamic identity based authentication protocol for multi-server architecture. J Netw Comput Appl 34(2):609–618

    Article  Google Scholar 

  26. Li Xiong, Xiong Yongping, Ma Jian, Wang Wendong (2012) An efficient and security dynamic identity based authentication protocol for multi-server architecture using smart cards. J Netw Comput Appl 35(2):763–769

    Article  Google Scholar 

  27. Yi-Pin L, Chih-Ming H (2012) A novel multi-server remote user authentication scheme using self-certified public keys for mobile clients. Future Gener Comput Syst. Available online 11 April 2012, ISSN 0167–739X. doi:10.1016/j.future.2012.03.017

  28. Girault M (1991) Self-certified public keys. In: Advances in cryptology, Eurocrypt’91. Springer, Berlin, pp 491–497

  29. Petersen H, Horster P (1997) Self-certified keys concepts and applications. In: Proceedings of the 3rd conference of communications and multimedia security, Athens, September, pp 22–23

  30. Miller V (2004) The Weil pairing and its efficient calculation. J Cryptol 17:235–261

    MATH  Google Scholar 

  31. Daojing H, Maode M, Yan Z, Chun C, Jiajun B (2011) A strong user authentication scheme with smart cards for wireless communications, Comput Commun, vol 34, Issue 3, pp 367–374, 15 March 2011

  32. Scott M, Costigan N, Abdulwahab W (2006) Implementing cryptographic pairings on smartcards. In: Cryptographic hardware and embedded systems—CHES 2006, LNCS, vol 4249. Springer, Berlin, pp 134–147

  33. Sklavos N (2010) On the hardware implementation cost of crypto-processors architectures. information systems security. Off J (ISC)2. A Taylor & Francis Group Publication 19(2):53–60

    Google Scholar 

Download references

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Wen-Bin Hsieh.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Hsieh, WB., Leu, JS. An anonymous mobile user authentication protocol using self-certified public keys based on multi-server architectures. J Supercomput 70, 133–148 (2014). https://doi.org/10.1007/s11227-014-1135-8

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11227-014-1135-8

Keywords

Navigation