Abstract
In a traditional single server smart card authentication scheme, one server is responsible for providing services to all the registered remote users. Though if a user wishes to access network services from different servers, he or she has to register with these servers separately. To handle this issue, multi-server authentication scheme has been proposed. However, almost all these schemes available in the literature are exposed to one or the other potential attack. This paper proposes robust multi-server authentication scheme using smart cards. It eliminates the use of verification table and permits the registered remote users to access multiple servers without separate registration. Moreover, users can choose and change the password securely without any assistance from the server or registration center, supports mutual authentication and session key agreement between user and the server. Furthermore, the proposed scheme withstands present potential network attacks. Besides, our scheme is validated by using BAN logic. Comparative analysis of existing schemes with our proposed scheme is also presented in terms of various security features provided and computational complexity.
Similar content being viewed by others
References
Lamport, L. (1981). Password authentication with insecure communication. Communications of the ACM, 24(11), 770–772.
Chang, C. C., & Wu, T. C. (1991). Remote password authentication with smart cards. IEE Proceedings E: Computers and Digital Techniques, 138, 165–168.
Hu, J., Chen, H. H., & Hou, T. W. (2010). A hybrid public key infrastructure solution (HPKI) for HIPAA privacy/security regulations. Computer Standards & Interfaces, 32(5–6), 274–280.
Pippal, R. S., Jaidhar, C. D., & Tapaswi, S. (2012). Secure key exchange scheme for IPTV broadcasting. Informatica, 36(1), 47–52.
Jiang, Q., Ma, J., Li, G., & Yang, L. (2012). An enhanced authentication scheme with privacy preservation for roaming service in global mobility networks. Wireless Personal Communications. doi: 10.1007/s11277-012-0535-4.
Hao, Z., Zhong, S., & Yu, N. (2011). A time-bound ticket-based mutual authentication scheme for cloud computing. International Journal of Computers, Communications and Control, 6(2), 227–235.
Fan, R., He, D., Pan, X., & Ping, L. (2011). An efficient and DoS-resistant user authentication scheme for two-tiered wireless sensor networks. Journal of Zhejiang University-SCIENCE C (Computers and Electronics), 12(7), 550–560.
Burrows, M., Abadi, M., & Needham, R. (1990). A logic of authentication. ACM Transactions on Computer Systems, 8(1), 18–36.
Li, L. H., Lin, I. C., & Hwang, M. S. (2001). A remote password authentication scheme for multi-server architecture using neural networks. IEEE Transactions on Neural Networks, 12(6), 1498–1504.
Lin, I. C., Hwang, M. S., & Li, L. H. (2003). A new remote user authentication scheme for multi-server architecture. Future Generation Computer Systems, 19(1), 13–22.
Cao, X., & Zhong, S. (2006). Breaking a remote user authentication scheme for multiserver architecture. IEEE Communications Letters, 10(8), 580–581.
Juang, W. S. (2004). Efficient multi-server password authenticated key agreement using smart cards. IEEE Transactions on Consumer Electronics, 50(1), 251–255.
Ku, W. C., Chuang, H. M., Chiang, M. H., & Chang, K. T. (2005). Weaknesses of a multi-server password authenticated key agreement scheme. In Proceedings of 2005 national computer symposium (pp. 1–5).
Chang, C. C., & Lee, J. S. (2004). An efficient and secure multi-server password authentication scheme using smart cards. In Proceedings of the international conference on cyberworlds (pp. 417–422).
Liao, Y. P., & Wang, S. S. (2009). A secure dynamic ID based remote user authentication scheme for multi-server environment. Computer Standards & Interfaces, 31(1), 24–29.
Chen, T. Y., Hwang, M. S., Lee, C. C., & Jan, J. K. (2009). Cryptanalysis of a secure dynamic ID based remote user authentication scheme for multi-server environment. In Proceedings of the 2009 fourth international conference on innovative computing, information and control (pp. 725–728).
Hsiang, C., & Shih, W. K. (2009). Improvement of the secure dynamic ID based remote user authentication scheme for multi-server environment. Computer Standards & Interfaces, 31(6), 1118–1123.
Lee, Y., Kim, J., & Won, D. (2011). Cryptanalysis to a remote user authentication scheme using smart cards for multi-server environment. In Proceedings of the 2011 international conference on human interface and the management of information-volume Part I (pp. 321–329).
He, D., & Huang, Y. (2012). Weaknesses in a dynamic ID-based remote user authentication scheme for multi-server environment. International Journal of Electronic Security and Digital Forensics, 4(1), 43–53.
Lee, C. C., Lin, T. H., & Chang, R. X. (2011). A secure dynamic ID based remote user authentication scheme for multi-server environment using smart cards. Expert Systems with Applications, 38(11), 13863–13870.
He, D. (2011). Comments on a secure dynamic ID-based remote user authentication scheme for multi-server environment using smart cards. eprint.iacr.org/2011/234.pdf.
Sood, S. K., Sarje, A. K., & Singh, K. (2011). A secure dynamic identity based authentication protocol for multi-server architecture. Journal of Network and Computer Applications, 34(2), 609–618.
Chen, B. L., Kuo, W. C., & Wuu, L. C. (2012). Cryptanalysis of Sood et al’.s dynamic identity based authentication protocol for multi-server architecture. International Journal of Digital Content Technology and its Applications (JDCTA), 6(4), 180–187.
Li, X., Xiong, Y., Ma, J., & Wang, W. (2012). An efficient and security dynamic identity based authentication protocol for multi-server architecture using smart cards. Journal of Network and Computer Applications, 35(2), 763–769.
Wang, B., & Ma, M. (2012). A smart card based efficient and secured multi-server authentication scheme. Wireless Personal Communications. doi: 10.1007/s11277-011-0456-7.
He, D., & Wu, S. (2012). Security flaws in a smart card based authentication scheme for multi-server environment. Wireless Personal Communications. doi: 10.1007/s11277-012-0696-1.
Acknowledgments
The authors would like to thank ABV-Indian Institute of Information Technology and Management, Gwalior, India for providing the academic support.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Pippal, R.S., Jaidhar, C.D. & Tapaswi, S. Robust Smart Card Authentication Scheme for Multi-server Architecture. Wireless Pers Commun 72, 729–745 (2013). https://doi.org/10.1007/s11277-013-1039-6
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11277-013-1039-6