Skip to main content
SpringerLink
Log in

Robust Smart Card Authentication Scheme for Multi-server Architecture

  • Published:
Wireless Personal Communications Aims and scope Submit manuscript

Abstract

In a traditional single server smart card authentication scheme, one server is responsible for providing services to all the registered remote users. Though if a user wishes to access network services from different servers, he or she has to register with these servers separately. To handle this issue, multi-server authentication scheme has been proposed. However, almost all these schemes available in the literature are exposed to one or the other potential attack. This paper proposes robust multi-server authentication scheme using smart cards. It eliminates the use of verification table and permits the registered remote users to access multiple servers without separate registration. Moreover, users can choose and change the password securely without any assistance from the server or registration center, supports mutual authentication and session key agreement between user and the server. Furthermore, the proposed scheme withstands present potential network attacks. Besides, our scheme is validated by using BAN logic. Comparative analysis of existing schemes with our proposed scheme is also presented in terms of various security features provided and computational complexity.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5

Similar content being viewed by others

References

  1. Lamport, L. (1981). Password authentication with insecure communication. Communications of the ACM, 24(11), 770–772.

    Article  MathSciNet  Google Scholar 

  2. Chang, C. C., & Wu, T. C. (1991). Remote password authentication with smart cards. IEE Proceedings E: Computers and Digital Techniques, 138, 165–168.

    Article  Google Scholar 

  3. http://en.wikipedia.org/wiki/Smart_card.

  4. Hu, J., Chen, H. H., & Hou, T. W. (2010). A hybrid public key infrastructure solution (HPKI) for HIPAA privacy/security regulations. Computer Standards & Interfaces, 32(5–6), 274–280.

    Article  Google Scholar 

  5. Pippal, R. S., Jaidhar, C. D., & Tapaswi, S. (2012). Secure key exchange scheme for IPTV broadcasting. Informatica, 36(1), 47–52.

    Google Scholar 

  6. Jiang, Q., Ma, J., Li, G., & Yang, L. (2012). An enhanced authentication scheme with privacy preservation for roaming service in global mobility networks. Wireless Personal Communications. doi: 10.1007/s11277-012-0535-4.

  7. Hao, Z., Zhong, S., & Yu, N. (2011). A time-bound ticket-based mutual authentication scheme for cloud computing. International Journal of Computers, Communications and Control, 6(2), 227–235.

    Google Scholar 

  8. Fan, R., He, D., Pan, X., & Ping, L. (2011). An efficient and DoS-resistant user authentication scheme for two-tiered wireless sensor networks. Journal of Zhejiang University-SCIENCE C (Computers and Electronics), 12(7), 550–560.

    Article  Google Scholar 

  9. Burrows, M., Abadi, M., & Needham, R. (1990). A logic of authentication. ACM Transactions on Computer Systems, 8(1), 18–36.

    Article  Google Scholar 

  10. Li, L. H., Lin, I. C., & Hwang, M. S. (2001). A remote password authentication scheme for multi-server architecture using neural networks. IEEE Transactions on Neural Networks, 12(6), 1498–1504.

    Article  Google Scholar 

  11. Lin, I. C., Hwang, M. S., & Li, L. H. (2003). A new remote user authentication scheme for multi-server architecture. Future Generation Computer Systems, 19(1), 13–22.

    Article  MATH  Google Scholar 

  12. Cao, X., & Zhong, S. (2006). Breaking a remote user authentication scheme for multiserver architecture. IEEE Communications Letters, 10(8), 580–581.

    Article  Google Scholar 

  13. Juang, W. S. (2004). Efficient multi-server password authenticated key agreement using smart cards. IEEE Transactions on Consumer Electronics, 50(1), 251–255.

    Article  Google Scholar 

  14. Ku, W. C., Chuang, H. M., Chiang, M. H., & Chang, K. T. (2005). Weaknesses of a multi-server password authenticated key agreement scheme. In Proceedings of 2005 national computer symposium (pp. 1–5).

  15. Chang, C. C., & Lee, J. S. (2004). An efficient and secure multi-server password authentication scheme using smart cards. In Proceedings of the international conference on cyberworlds (pp. 417–422).

  16. Liao, Y. P., & Wang, S. S. (2009). A secure dynamic ID based remote user authentication scheme for multi-server environment. Computer Standards & Interfaces, 31(1), 24–29.

    Article  Google Scholar 

  17. Chen, T. Y., Hwang, M. S., Lee, C. C., & Jan, J. K. (2009). Cryptanalysis of a secure dynamic ID based remote user authentication scheme for multi-server environment. In Proceedings of the 2009 fourth international conference on innovative computing, information and control (pp. 725–728).

  18. Hsiang, C., & Shih, W. K. (2009). Improvement of the secure dynamic ID based remote user authentication scheme for multi-server environment. Computer Standards & Interfaces, 31(6), 1118–1123.

    Article  Google Scholar 

  19. Lee, Y., Kim, J., & Won, D. (2011). Cryptanalysis to a remote user authentication scheme using smart cards for multi-server environment. In Proceedings of the 2011 international conference on human interface and the management of information-volume Part I (pp. 321–329).

  20. He, D., & Huang, Y. (2012). Weaknesses in a dynamic ID-based remote user authentication scheme for multi-server environment. International Journal of Electronic Security and Digital Forensics, 4(1), 43–53.

    Article  MathSciNet  Google Scholar 

  21. Lee, C. C., Lin, T. H., & Chang, R. X. (2011). A secure dynamic ID based remote user authentication scheme for multi-server environment using smart cards. Expert Systems with Applications, 38(11), 13863–13870.

    Google Scholar 

  22. He, D. (2011). Comments on a secure dynamic ID-based remote user authentication scheme for multi-server environment using smart cards. eprint.iacr.org/2011/234.pdf.

  23. Sood, S. K., Sarje, A. K., & Singh, K. (2011). A secure dynamic identity based authentication protocol for multi-server architecture. Journal of Network and Computer Applications, 34(2), 609–618.

    Article  Google Scholar 

  24. Chen, B. L., Kuo, W. C., & Wuu, L. C. (2012). Cryptanalysis of Sood et al’.s dynamic identity based authentication protocol for multi-server architecture. International Journal of Digital Content Technology and its Applications (JDCTA), 6(4), 180–187.

    Article  Google Scholar 

  25. Li, X., Xiong, Y., Ma, J., & Wang, W. (2012). An efficient and security dynamic identity based authentication protocol for multi-server architecture using smart cards. Journal of Network and Computer Applications, 35(2), 763–769.

    Article  Google Scholar 

  26. Wang, B., & Ma, M. (2012). A smart card based efficient and secured multi-server authentication scheme. Wireless Personal Communications. doi: 10.1007/s11277-011-0456-7.

  27. He, D., & Wu, S. (2012). Security flaws in a smart card based authentication scheme for multi-server environment. Wireless Personal Communications. doi: 10.1007/s11277-012-0696-1.

Download references

Acknowledgments

The authors would like to thank ABV-Indian Institute of Information Technology and Management, Gwalior, India for providing the academic support.

Author information

Authors and Affiliations

  1. ABV-Indian Institute of Information Technology and Management, Gwalior, India

    Ravi Singh Pippal & Shashikala Tapaswi

  2. Defence Institute of Advanced Technology, Girinagar, Pune, India

    C. D. Jaidhar

Authors
  1. Ravi Singh Pippal
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. C. D. Jaidhar
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Shashikala Tapaswi
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Ravi Singh Pippal.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Pippal, R.S., Jaidhar, C.D. & Tapaswi, S. Robust Smart Card Authentication Scheme for Multi-server Architecture. Wireless Pers Commun 72, 729–745 (2013). https://doi.org/10.1007/s11277-013-1039-6

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11277-013-1039-6

Keywords

Search

Navigation