Skip to main content
SpringerLink
Log in

An efficient and secure design of multi-server authenticated key agreement protocol

  • Published:
The Journal of Supercomputing Aims and scope Submit manuscript

Abstract

Multi-server authentication, being a crucial component of remote communication, provides the ease of one-time registration to users from a centralized registration authority. Therefore, the users could avail the offered services after getting authenticated of any service provider using the same registration credentials. In recent years, many multi-server authentication protocols have been demonstrated. Nonetheless, the existing schemes do not meet the security and efficiency requirements of the time. Recently, Chuang et al. presented a multi-server biometric authentication protocol which was later crypt-analysed and improved by Lin et al. with the identification of few attacks. Later, we discover that Lin et al.’s protocol is still prone to replay attack, privileged insider attack, trace attack, de-synchronization attack and key-compromise impersonation attacks. In this study, we present a multi-server authentication protocol which is not only comparable with Lin et al.’s scheme but also efficient than other state-of-the-art multi-server protocols. The security properties of our scheme are proved using formal analysis and evaluated with automated verification tool based on ProVerif.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8

Similar content being viewed by others

References

  1. Lamport L (1981) Password authentication with insecure communication. Commun ACM 24(11):770–772

    Article  Google Scholar 

  2. Sun HM (2000) An efficient remote user authentication scheme using smart cards. IEEE Trans Consum Electron 46(4):958–961

    Article  Google Scholar 

  3. Awashti AK, Sunder L (2004) An enhanced remote user authentication scheme using smartcards. IEEE Trans Consum Electron 50(2):583–586

    Article  Google Scholar 

  4. Khan MK (2009) Fingerprint biometric-based self and deniable authentication schemes for the electronic world. IETE Tech Rev 26(3):191–195

    Article  Google Scholar 

  5. Liao YP, Wang SS (2009) A secure dynamic ID based remote user authentication scheme for multi-server environment. Comput Stand Interfaces 31(1):24–29

    Article  Google Scholar 

  6. Wen FT, Li XL (2011) An improved dynamic ID-based remote user authentication with key agreement scheme. Comput Electr Eng 38(2):381–387

    Article  MathSciNet  Google Scholar 

  7. Hsiang HC, Shih WK (2009) Improvement of the secure dynamic ID based remote user authentication scheme for multi-server environment. Comput Stand Interfaces 31(6):1118–1123

    Article  Google Scholar 

  8. Lee CC, Lin TH, Chang RX (2011) A secure dynamic ID based remote user authentication scheme for multi-server environment using smart cards. Expert Syst Appl 38(11):13863–13870

    Google Scholar 

  9. Guo DL, Wen FT (2014) Analysis and improvement of a robust smart card based-authentication scheme for multi-server architecture. Wirel Pers Commun 78(1):475–490

    Article  Google Scholar 

  10. Wen FT, Susilo W, Yang GM (2013) A robust smart card based anonymous user authentication protocol for wireless communications. Secur Commun Netw 7(6):987–993

    Article  Google Scholar 

  11. Sood SK, Sarje AK, Singh K (2011) A secure dynamic identity based authentication protocol for multi-server architecture. J Netw Comput Appl 34(2):609–618

    Article  Google Scholar 

  12. Li X, Xiong YP, Ma J, Wang WD (2012) An efficient and security dynamic identity based authentication protocol for multi-server architecture using smart cards. J Netw Comput Appl 35(2):763–769

    Article  Google Scholar 

  13. Xue KP, Hong PL, Ma CS (2014) A lightweight dynamic pseudonym identity based authentication and key agreement protocol without verification tables for multi-server architecture. J Comput Syst Sci 80(1):195–206

    Article  MathSciNet  MATH  Google Scholar 

  14. Li CT, Hwang MS (2010) An efficient biometrics-based remote user authentication scheme using smart cards. J Netw Comput Appl 33(1):1–5

    Article  Google Scholar 

  15. Khan MK, Zhang J (2007) Improving the security of a flexible biometrics remote user authentication scheme. Comput Stand Interfaces 29(1):82–85

    Article  Google Scholar 

  16. Kim HS, Lee JK, Yoo KY (2003) ID-based password authentication scheme using smart cards and fingerprints. ACM SIGOPS Oper Syst Rev 37(4):32–41

    Article  Google Scholar 

  17. Lee JK, Ryu SR, Yoo KY (2002) Finger print-based remote user authentication scheme using smart cards. Electron Lett 38(12):554–555

    Article  Google Scholar 

  18. Chuang MC, Chen MC (2014) An anonymous multi-server authenticated key agreement scheme based on trust computing using smart cards and biometrics. Expert Syst Appl 41(4):1411–1418

    Article  Google Scholar 

  19. Lin H, Fengtong W, Chunxia D (2015) An improved anonymous multi-server authenticated key agreement scheme using smart cards and biometrics. Wirel Pers Commun 84:2351–2362

    Article  Google Scholar 

  20. Kocher P, Jaffe J, Jun B (1999) Differential power analysis. Adv Cryptol CRYPTO’99 1666(16):388–397

    MATH  Google Scholar 

  21. Messerges TS, Dabbish EA, Sloan RH (2002) Examining smart-card security under the threat of power analysis attacks. IEEE Trans Comput 51(5):541–552

    Article  MathSciNet  MATH  Google Scholar 

  22. Chatterjee S, Roy S, Das AK, Chattopadhyay S, Kumar N, Vasilakos AV (2016) Secure biometric-based authentication scheme using Chebyshev chaotic map for multi-server environment. IEEE Trans Dependable Secure Comput. https://doi.org/10.1109/TDSC.2016.2616876

  23. Reddy AG, Yoon EJ, Das AK, Odelu V, Yoo KY (2017) Design of mutually authenticated key agreement protocol resistant to impersonation attacks for multi-server environment. IEEE Access 5:3622–3639

    Article  Google Scholar 

  24. Odelu V, Das AK, Goswami A (2015) A secure biometrics-based multi-server authentication protocol using smart cards. IEEE Trans Inf Forensics Secur 10(9):1953–1966

    Article  Google Scholar 

  25. Irshad A, Chaudhry SA, Kumari S, Usman M, Mahmood K, Faisal MS (2017) An improved lightweight multiserver authentication scheme. Int J Commun Syst 30(17). https://doi.org/10.1002/dac.3351

  26. Kumari S, Das AK, Li X, Wu F, Khan MK, Jiang Q, Islam SH (2018) A provably secure biometrics-based authenticated key agreement scheme for multi-server environments. Multimed Tools Appl 77(2):2359–2389

    Article  Google Scholar 

  27. Jangirala S, Mukhopadhyay S, Das AK (2017) A multi-server environment with secure and efficient remote user authentication scheme based on dynamic ID using smart cards. Wirel Pers Commun 95:2735–2767

    Article  Google Scholar 

  28. Reddy AG, Das AK, Yoon EJ, Yoo KY (2016) An anonymous authentication with key-agreement protocol for multi-server architecture based on biometrics and smartcards. KSII Trans Internet Inf Syst 10(7):3371–3396

    Google Scholar 

  29. Reddy AG, Das AK, Odelu V, Yoo KY (2016) An enhanced biometric based authentication with key-agreement protocol for multi-server architecture based on elliptic curve cryptography. PLoS ONE 11(5):e0154308

    Article  Google Scholar 

  30. Irshad A, Kumari S, Li X, Wu F, Chaudhry SA, Arshad H (2017) An improved SIP authentication scheme based on server-oriented biometric verification. Wirel Pers Commun 97(2):2145–2166

    Article  Google Scholar 

  31. He D, Wang D (2015) Robust biometrics-based authentication scheme for multiserver environment. IEEE Syst J 9(3):816–823

    Article  Google Scholar 

  32. Li X, Niu J, Kumari S, Islam SH, Wu F, Khan MK, Das AK (2016) A novel chaotic maps-based user authentication and key agreement protocol for multi-server environments with provable security. Wirel Pers Commun 89(2):569–597

    Article  Google Scholar 

  33. Jiang Qi, Ma Jianfeng, Wei Fushan (2016) On the security of a privacy-aware authentication scheme for distributed mobile cloud computing services. IEEE Syst J. https://doi.org/10.1109/JSYST.2016.2574719

    Google Scholar 

  34. He D, Zeadally S, Kumar N, Wu W (2016) Efficient and anonymous mobile user authentication protocol using self-certified public key cryptography for multi-server architectures. IEEE Trans Inf Forensics Secur 11(9):2052–2064

    Article  Google Scholar 

  35. Li X, Ma J, Wang W, Xiong Y, Zhang J (2013) A novel smart card and dynamic ID based remote user authentication scheme for multi-server environments. Math Comput Model 58(1):85–95

    Article  Google Scholar 

  36. Irshad A, Sher M, Chaudhary SA, Naqvi H, Farash MS (2016) An efficient and anonymous multi-server authenticated key agreement based on chaotic map without engaging Registration Centre. J Supercomput 72(4):1623–1644

    Article  Google Scholar 

  37. Jiang Qi, Ma Jianfeng, Li Guangsong, Li Xinghua (2015) Improvement of robust smart-card-based password authentication scheme. Int J Commun Syst 28(2):383–393

    Article  Google Scholar 

  38. Li X, Xiong Y, Ma J, Wang W (2012) An efficient and security dynamic identity based authentication protocol for multi-server architecture using smart cards. J Netw Comput Appl 35(2):763–769

    Article  Google Scholar 

  39. Irshad A, Sher M, Ahmad HF, Alzahrani BA, Chaudhry SA, Kumar R (2016) An improved multi-server authentication scheme for distributed mobile cloud computing services. KSII Trans Internet Inf Syst (TIIS) 10(12):5529–5552

    Google Scholar 

  40. Chaudhry SA, Naqvi H, Farash MS, Shon T, Sher M (2015) An improved and robust biometrics-based three factor authentication scheme for multiserver environments. J Supercomput. https://doi.org/10.1007/s11227-015-1601-y

    Google Scholar 

  41. Jiang Qi, Ma Jianfeng, Xiang Lu, Tian Youliang (2015) An efficient two-factor user authentication scheme with unlinkability for wireless sensor networks. Peer-to-Peer Netw Appl 8(6):1070–1081. https://doi.org/10.1007/s12083-014-0285-z

    Article  Google Scholar 

  42. Irshad A, Sher M, Nawaz O, Chaudhry SA, Khan I, Kumari S (2017) A secure and provable multi-server authenticated key agreement for TMIS based on Amin et al. scheme. Multimed Tools Appl 76(15):16463–16489

    Article  Google Scholar 

  43. Jiang P, Wen Q, Li W, Jin Z, Zhang H (2015) An anonymous and efficient remote biometrics user authentication scheme in a multi server environment. Front Comput Sci 9(1):142–156

    Article  MathSciNet  Google Scholar 

  44. Irshad A, Sher M, Chaudhry SA, Xie Q, Kumari S, Wu F (2018) An improved and secure chaotic map based authenticated key agreement in multi-server architecture. Multimed Tools Appl 77(1):1167–1204

    Article  Google Scholar 

  45. Chaudhry SA (2016) A secure biometric based multi-server authentication scheme for social multimedia networks. Multimed Tools Appl 75(20):12705–12725

    Article  Google Scholar 

  46. Jiang Qi, Wei Fushan, Shuai Fu, Ma Jianfeng, Li Guangsong, Alelaiwi Abdulhameed (2016) Robust extended chaotic maps-based three-factor authentication scheme preserving biometric template privacy. Nonlinear Dyn 83(4):2085–2101

    Article  MathSciNet  MATH  Google Scholar 

  47. Irshad A, Ahmad HF, Alzahrani BA, Sher M, Chaudhry SA (2016) An efficient and anonymous chaotic map based authenticated key agreement for multi-server architecture. KSII Trans Internet Inf Syst (TIIS) 10(12):5572–5595

    Google Scholar 

  48. Li X, Niu J, Khan MK, Liao J (2013) An enhanced smart card based remote user password authentication scheme. J Netw Comput Appl 36(5):1365–1371

    Article  Google Scholar 

  49. Kumari S, Li X, Wu F, Das AK, Arshad H, Khan MK (2016) A user friendly mutual authentication and key agreement scheme for wireless sensor networks using chaotic maps. Future Gener Comput Syst 63:56–75

    Article  Google Scholar 

  50. Chaudhry SA, Farash MS, Naqvi H, Kumari S, Khan MK (2015) An enhanced privacy preserving remote user authentication scheme with provable security. Secur Commun Netw 8(18):3782–3795

    Article  Google Scholar 

  51. Blanchet B, Cheval V, Allamigeon X, Smyth B ProVerif: cryptographic protocol verifier in the formal model. http://prosecco.gforge.inria.fr/personal/bblanche/proverif/. Accessed 10 Mar 2018

  52. Burrows M, Abadi M, Needham R (1990) A logic of authentication. ACM Trans Comput Syst 8(1):18–36. https://doi.org/10.1145/77648.77649

    Article  MATH  Google Scholar 

  53. Burrows M, Abadi M, Needham RM (1871) A logic of authentication. Proc R Soc Lond A Math Phys Sci 1989(426):233–271

    MATH  Google Scholar 

  54. Kumari S, Li X, Wu F, Das AK, Choo KKR, Shen J (2017) Design of a provably secure biometrics-based multi-cloud-server authentication scheme. Future Gener Comput Syst 68:320–330

    Article  Google Scholar 

  55. Li X, Wang K, Shen J, Kumari S, Wu F, Hu Y (2016) An enhanced biometrics-based user authentication scheme for multi-server environments in critical systems. J Ambient Intell Humaniz Comput 7(3):427–443

    Article  Google Scholar 

  56. Amin R, Islam SH, Biswas GP, Khan MK, Kumar N (2015) An efficient and practical smart card based anonymity preserving user authentication scheme for TMIS using elliptic curve cryptography. J Med Syst 39(11):180

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science and Software Engineering, International Islamic University, Islamabad, Pakistan

    Azeem Irshad, Husnain Naqvi & Shehzad Ashraf Chaudhry

  2. Computer Science Department, Federal Urdu University, Islamabad, Pakistan

    Shouket Raheem

  3. Department of Mathematics, Chaudhary Charan Singh University, Meerut, Uttar Pradesh, 250004, India

    Saru Kumari

  4. Computer Science Department, Bahria University, Islamabad, Pakistan

    Ambrina Kanwal

  5. Department of Computer Sciences, Quaid-e-Azam University, Islamabad, Pakistan

    Muhammad Usman

Authors
  1. Azeem Irshad
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Husnain Naqvi
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Shehzad Ashraf Chaudhry
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Shouket Raheem
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Saru Kumari
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Ambrina Kanwal
    View author publications

    You can also search for this author in PubMed Google Scholar

  7. Muhammad Usman
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Shehzad Ashraf Chaudhry.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Irshad, A., Naqvi, H., Chaudhry, S.A. et al. An efficient and secure design of multi-server authenticated key agreement protocol. J Supercomput 74, 4771–4797 (2018). https://doi.org/10.1007/s11227-018-2467-6

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11227-018-2467-6

Keywords

Search

Navigation