Skip to main content
SpringerLink
Log in

An improved and robust biometrics-based three factor authentication scheme for multiserver environments

  • Published:
The Journal of Supercomputing Aims and scope Submit manuscript

Abstract

The rapid advancement in communication technologies enables remote users to acquire a number of online services. All such online services are provided remotely facilitating the users to freely move any where with out disruption of the services. In order to ensure seamless and secure services to the remote user such services espouse authentication protocols. A number of authentication protocols are readily available to achieve security and privacy in remote client server architecture. Most of these schemes are tailored for single server architecture. In such scenario, if a user wants to attain the services provided by more than one servers he has to register with each server. In recent times, multiserver authentication has got much attention, where a user can register once and then can acquire services provided by multiple servers. Very recently, Lu et al. proposed a biometric, smart card and password-based three factor authentication scheme usable for multiserver environments. Furthermore, Lu et al. identified their scheme to resist known attacks. However, the analysis in this paper ascertains that Lu et al.’s scheme is vulnerable to impersonation attack. An adversary registered to the system just after knowing the public identity of a user can impersonate himself as the latter. Then we propose an improvement over Lu et al.’s scheme. Our improvement is more robust than the existing schemes. The security of proposed scheme is substantiated formally along with informal security discussion, while same is also validated using a popular automated tool ProVerif. The analysis confirms that proposed scheme achieves mutual authentication and is robust against known attacks. In addition, the proposed scheme does not incur any extra computation as compared with Lu et al.’s scheme.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4

Similar content being viewed by others

References

  1. Lamport L (1981) Password authentication with insecure communication. Commun ACM 24(11):770–772

    Article  Google Scholar 

  2. He D (2012) An efficient remote user authentication and key agreement protocol for mobile client–server environment from pairings. Ad Hoc Netw 10(6):1009–1016

    Article  Google Scholar 

  3. Farash MS, Attari MA (2014) A secure and efficient identity-based authenticated key exchange protocol for mobile client-server networks. J Supercomput 69(1):395–411

    Article  Google Scholar 

  4. Farash MS, Attari MA (2014) An anonymous and untraceable password-based authentication scheme for session initiation protocol using smart cards. Int J Commun Syst. doi:10.1002/dac.2848

    Google Scholar 

  5. Farash MS, Attari MA (2014) Cryptanalysis and improvement of a chaotic map-based key agreement protocol using Chebyshev sequence membership testing. Nonlinear Dyn 76(2):1203–1213

    Article  MathSciNet  MATH  Google Scholar 

  6. Irshad A, Sher M, Faisal MS, Ghani A, Ul Hassan M, Ch SA (2013) A secure authentication scheme for session initiation protocol by using ECC on the basis of the Tang and Liu scheme. Secur Commun Netw 7(8):1210–1218. doi:10.1002/sec.834

  7. Irshad A, Sher M, Rehman E, Ch SA, Hassan MU, Ghani A (2013) A single round-trip sip authentication scheme for voice over internet protocol using smart card. Multimed Tools Appl 74(11):3967–3984. doi:10.1007/s11042-013-1807-z

  8. Islam S, Khan M (2014) Cryptanalysis and improvement of authentication and key agreement protocols for telecare medicine information systems. J Med Syst. doi:10.1007/s10916-014-0135-9

    Google Scholar 

  9. Chaudhry S, Naqvi H, Shon T, Sher M, Farash M (2015) Cryptanalysis and improvement of an improved two factor authentication protocol for telecare medical information systems. J Med Syst. doi:10.1007/s10916-015-0244-0

    Google Scholar 

  10. Jiang Q, Ma J, Tian Y (2014) Cryptanalysis of smart-card-based password authenticated key agreement protocol for session initiationprotocol of zhang et al. Int J Commun Syst. doi:10.1002/dac.2767

  11. Zhang L, Tang S, Cai Z (2014) Robust and efficient password authenticated key agreement with user anonymity for session initiation protocol-based communications. IET Commun 8(1):83–91

    Article  Google Scholar 

  12. He D, Kumar N, Chen J, Lee C-C, Chilamkurti N, Yeo S-S (2015) Robust anonymous authentication protocol for health-care applications using wireless medical sensor networks. Multimedia Syst 21(1):49–60. doi:10.1007/s00530-013-0346-9

    Article  Google Scholar 

  13. He D, Kumar N, Chilamkurti N (2015) A secure temporal-credential-based mutual authentication and key agreement scheme with pseudo identity for wireless sensor networks. Inf Sci 321:263–274. doi:10.1016/j.ins.2015.02.010

  14. He D, Zeadally S (2015) Authentication protocol for an ambient assisted living system. Commun Mag IEEE 53(1):71–77

    Article  Google Scholar 

  15. Farash MS, Chaudhry SA, Heydari M, Sajad Sadough SM, Kumari S, Khan MK (2015) A lightweight anonymous authentication scheme for consumer roaming in ubiquitous networks with provable security. Int J Commun Syst. doi:10.1002/dac.3019

    Google Scholar 

  16. Mehmood Z, Uddin N, Ch SA, Nasar W, Ghani A (2012) An efficient key agreement with rekeying for secured body sensor networks. In: 2012 second international conference on digital information processing and communications (ICDIPC). IEEE, pp 164–167

  17. Chaudhry SA, Farash MS, Naqvi H, Islam SH, Shon T, Sher M (2015) A robust and efficient privacy aware handover authentication scheme for wireless networks. Wirel Pers Commun. doi:10.1007/s11277-015-3139-y

    Google Scholar 

  18. Heydari M, Sadough S, Farash M, Chaudhry S, Mahmood K (2015) An efficient password-based authenticated key exchange protocol with provable security for mobile client–client networks. Wirel Pers Commun. doi:10.1007/s11277-015-3123-6

  19. Guo P, Wang J, Geng XH, Kim CS, Kim J-U (2014) A variable threshold-value authentication architecture for wireless mesh networks. J Internet Technol 15(6):929–935. doi:10.6138/JIT.2014.15.6.05

    Google Scholar 

  20. Amin R, Biswas G (2015) A novel user authentication and key agreement protocol for accessing multi-medical server usable in TMIS. J Med Syst 39(3):1–17

    Article  Google Scholar 

  21. Amin R, Islam SH, Biswas G, Khan MK, Kumar N (2015) An efficient and practical smart card based anonymity preserving user authentication scheme for TMIS using elliptic curve cryptography. J Med Syst 39(11):1–18

    Google Scholar 

  22. Lu Y, Li L, Peng H, Yang Y (2015) An enhanced biometric-based authentication scheme for telecare medicine information systems using elliptic curve cryptosystem. J Med Syst 39(3):1–8

    Article  Google Scholar 

  23. Awasthi AK, Srivastava K (2013) A biometric authentication scheme for telecare medicine information systems with nonce. J Med Syst 37(5):1–4

    Article  Google Scholar 

  24. Li X, Niu J, Khan MK, Liao J, Zhao X (2014) Robust three-factor remote user authentication scheme with key agreement for multimedia systems. Secur Commun Netw. doi:10.1002/sec.961

    Google Scholar 

  25. Zhang M, Zhang J, Zhang Y (2015) Remote three-factor authentication scheme based on fuzzy extractors. Secur Commun Netw 8(4):682–693. doi:10.1002/sec.1016

    Article  Google Scholar 

  26. Mishra D, Kumari S, Khan MK, Mukhopadhyay S (2015) An anonymous biometric-based remote user-authenticated key agreement scheme for multimedia systems. Int J Commun Syst. doi:10.1002/dac.2946

    Google Scholar 

  27. Das AK (2015) A secure and effective biometric-based user authentication scheme for wireless sensor networks using smart card and fuzzy extractor. Int J Commun Syst. doi:10.1002/dac.2933

    Google Scholar 

  28. Li X, Khan M, Kumari S, Liao J, Liang W (2014) Cryptanalysis of a robust smart card authentication scheme for multi-server architecture. In: 2014 international symposium on biometrics and security technologies (ISBAST), pp 120–123. doi:10.1109/ISBAST.2014.7013106

  29. He D, Kumar N, Lee J-H, Sherratt R (2014) Enhanced three-factor security protocol for consumer USB mass storage devices. IEEE Trans Consum Electron 60(1):30–37. doi:10.1109/TCE.2014.6780922

    Article  Google Scholar 

  30. Yoon E-J, Yoo K-Y (2013) Robust biometrics-based multi-server authentication with key agreement scheme for smart cards on elliptic curve cryptosystem. J Supercomput 63(1):235–255

    Article  Google Scholar 

  31. He D, Wang D (2014) Robust biometrics-based authentication scheme for multiserver environment. IEEE Syst J 99:1–9. doi:10.1109/JSYST.2014.2301517

    Google Scholar 

  32. Chuang M-C, Chen MC (2014) An anonymous multi-server authenticated key agreement scheme based on trust computing using smart cards and biometrics. Expert Syst Appl 41(4):1411–1418

    Article  Google Scholar 

  33. Mishra D, Das AK, Mukhopadhyay S (2014) A secure user anonymity-preserving biometric-based multi-server authenticated key agreement scheme using smart cards. Expert Syst Appl 41(18):8129–8143

    Article  Google Scholar 

  34. Lu Y, Li L, Peng H, Yang Y (2015) A biometrics and smart cards-based authentication scheme for multi-server environments. Secur Commun Netw. doi:10.1002/sec.1246

    Google Scholar 

  35. Jin ATB, Ling DNC, Goh A (2004) Biohashing: two factor authentication featuring fingerprint data and tokenised random number. Pattern Recognit 37(11):2245–2255

    Article  Google Scholar 

  36. Lumini A, Nanni L (2007) An improved biohashing for human authentication. Pattern Recognit 40(3):1057–1065

    Article  MATH  Google Scholar 

  37. Belguechi R, Rosenberger C, Ait-Aoudia S (2010) Biohashing for securing minutiae template. In: 2010 20th international conference on pattern recognition (ICPR). IEEE, pp 1168–1171

  38. Eisenbarth T, Kasper T, Moradi A, Paar C, Salmasizadeh M, Shalmani M (2008) On the power of power analysis in the real world: a complete break of the KeeLoq code hopping scheme. In: Wagner D (ed) Advances in cryptology, CRYPTO 2008, vol 5157 of lecture notes in computer science. Springer, Berlin, pp 203–220. doi:10.1007/978-3-540-85174-5_12

  39. Dolev D, Yao AC (1983) On the security of public key protocols. IEEE Trans Inf Theory 29(2):198–208. doi:10.1109/TIT.1983.1056650

    Article  MathSciNet  MATH  Google Scholar 

  40. Cao X, Zhong S (2006) Breaking a remote user authentication scheme for multi-server architecture. IEEE Commun Lett 10(8):580–581. doi:10.1109/LCOMM.2006.1665116

    Article  Google Scholar 

  41. Kocher P, Jaffe J, Jun B (1999) Differential power analysis. In: Advances in cryptology CRYPTO 99. Springer, pp 388–397

  42. Messerges TS, Dabbish EA, Sloan RH (2002) Examining smart-card security under the threat of power analysis attacks. IEEE Trans Comput 51(5):541–552

    Article  MathSciNet  MATH  Google Scholar 

  43. Xie Q, Dong N, Wong DS, Hu B (2014) Cryptanalysis and security enhancement of a robust two-factor authentication and key agreement protocol. Int J Commun Syst. doi:10.1002/dac.2858

    Google Scholar 

  44. Chaudhry SA, Mahmood K, Naqvi H, Khan MK (2015) An improved and secure biometric authentication scheme for telecare medicine information systems based on elliptic curve cryptography. J Med Syst. doi:10.1007/s10916-015-0335-y

    Google Scholar 

  45. Kumari S, Chaudhry SA, Wu F, Li X, Farash MS, Khan MK (2015) An improved smart card based authentication scheme for session initiation protocol. Peer-to-Peer Netw Appl. doi:10.1007/s12083-015-0409-0

    Google Scholar 

  46. Chaudhry SA, Naqvi H, Sher M, Farash MS, Hassan Mu (2015) An improved and provably secure privacy preserving authentication protocol for sip. Peer-to-Peer Netw Appl. doi:10.1002/ppna.1299

    Google Scholar 

  47. Chaudhry SA, Farash MS, Naqvi H, Kumari S, Khan MK (2015) An enhanced privacy preserving remote user authentication scheme with provable security. Netw Secur Commun. doi:10.1002/sec.1299

    Google Scholar 

  48. Chaudhry SA, Farash M, Naqvi H, Sher M (2015) A secure and efficient authenticated encryption for electronic payment systems using elliptic curve cryptography. Electron Commer Res. doi:10.1007/s10660-015-9192-5

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science and Software Engineering, International Islamic University, Islamabad, Pakistan

    Shehzad Ashraf Chaudhry, Husnain Naqvi & Muhammad Sher

  2. Kharazmi University, Tehran, Iran

    Mohammad Sabzinejad Farash

  3. Division of Information and Computer Engineering, College of Information Technology, Ajou University, San 5, Woncheon-Dong, Yeongtong-Gu, Suwon, 443-749, Korea

    Taeshik Shon

Authors
  1. Shehzad Ashraf Chaudhry
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Husnain Naqvi
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Mohammad Sabzinejad Farash
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Taeshik Shon
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Muhammad Sher
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Shehzad Ashraf Chaudhry.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Chaudhry, S.A., Naqvi, H., Farash, M.S. et al. An improved and robust biometrics-based three factor authentication scheme for multiserver environments. J Supercomput 74, 3504–3520 (2018). https://doi.org/10.1007/s11227-015-1601-y

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11227-015-1601-y

Keywords

Search

Navigation