Abstract
User authentication is an important security issue for network based services. Multi-server authentication scheme resolves the repeated registration problem of single-server authentication scenario where the user has to register at different servers to access different types of network services. Recently, Pippal et al. proposed a smart card authentication scheme for multi-server architecture. They claimed that their scheme has some advantages and can resist kinds of attacks. However, we find their scheme cannot provide correct authentication, cannot resist impersonation attack, stolen smart card attack, and insider attack. Besides, their scheme is non-extensible when a new server added into the system. In order to overcome the aforementioned weaknesses of Pippal et al.’s scheme, we propose an improved smart card authentication scheme for multi-server architecture. We analyze the security of the proposed scheme using BAN logic, and the analysis result shows that the proposed scheme is more efficient and secure than Pippal et al.’s scheme.
Similar content being viewed by others
References
Lamport, L. (1987). Password authentication with insecure communication. Communications of the ACM, 24(11), 770–772.
Hwang, M. S., Chong, S. K., & Chen, T. Y. (2010). DoS-resistant ID-based password authentication scheme using smart cards. Journal of Systems and Software, 83(1), 163–172.
Song, R. G. (2010). Advanced smart card based password authentication protocol. Computer Standards & Interfaces, 32(5–6), 321–325.
Li, C. T., & Hwang, M. S. (2010). An efficient biometrics-based remote user authentication scheme using smart cards. Journal of Network and Computer Applications, 33(1), 1–5.
Li, X., Niu, J. W., Ma, J., Wang, W. D., & Liu, C. L. (2011). Cryptanalysis and improvement of a biometrics-based remote user authentication scheme using smart cards. Journal of Network and Computer Applications, 34(1), 73–79.
Li, X., Niu, J. W., Khan, M. K., & Liao, J. G. (2013). An enhanced smart card based remote user password authentication scheme. Journal of Network and Computer Applications, 36(5), 1365–1371.
Li, X., Niu, J. W., Khan, M. K., Wang, Z. B. (2013). Applying LU decomposition of matrices to design anonymity bilateral remote user authentication scheme. Mathematical Problems in Engineering, Article ID 910409. doi:10.1155/2013/910409.
Li, X., Niu, J. W., Wang, Z. B., & Chen, C. S. (2013). Applying biometrics to design three-factor remote user authentication scheme with key agreement. Security and Communication Networks. doi:10.1002/sec.767.
Li, L. H., Lin, I. C., & Hwang, M. S. (2001). A remote password authentication scheme for multi-server architecture using neural networks. IEEE Transactions on Neural Networks, 12(6), 1498–1504.
Juang, W. S. (2004). Efficient multi-server password authenticated key agreement using smart cards. IEEE Transactions on Consumer Electronics, 50(1), 251–255.
Chang, C. C., & Lee, J. S. (2004, November) An efficient and secure multi-server password authentication protocol using smart cards. In Proceedings of the third international conference on cyberworlds, pp. 417–422.
Liao, Y. P., & Wang, S. S. (2009). A secure dynamic ID based remote user authentication scheme for multi-server environment. Computer Standards & Interfaces, 31(1), 24–29.
Hsiang, H. C., & Shih, W. K. (2009). Improvement of the secure dynamic ID based remote user authentication scheme for multi-server environment. Computer Standards & Interfaces, 31(6), 1118–1123.
Sood, S. K., Sarje, A. K., & Singh, K. (2011). A secure dynamic identity based authentication protocol for multi-server architecture. Journal of Network and Computer Applications, 34(2), 609–618.
Lee, C. C., Lin, T. H., & Chang, R. X. (2011). A secure dynamic ID based remote user authentication scheme for multi-server environment using smart cards. Expert Systems with Applications, 38(11), 13863–13870.
Li, X., Xiong, Y. P., Ma, J., & Wang, W. D. (2012). An efficient and security dynamic identity based authentication protocol for multi-server architecture using smart cards. Journal of Network and Computer Applications, 35(2), 763–769.
Li, X., Ma, J., Wang, W. D., Xiong, Y. P., & Zhang, J. S. (2013). A novel smart card and dynamic ID based remote user authentication scheme for multi-server environment. Mathematical and Computer Modelling, 58(1–2), 85–95.
Pippal, R. S., Jaidhar, C. D., & Tapaswi, S. (2013). Robust smart card authentication scheme for multi-server architecture. Wireless Personal Communications, 72(1), 729–745.
Kocher, P., Jaffe, J., Jun, B. (1999). Differential power analysis. In: Advances in Cryptology-CRYPTO’99 (pp. 388–397). Berlin: Springer.
Messerges, T. S., Dabbish, E. A., & Sloan, R. H. (2002). Examining smart-card security under the threat of power analysis attacks. IEEE Transactions on Computers, 51(5), 541–552.
Burrows, M., Abadi, M., & Needham, R. M. (1871). A logic of authentication. Proceedings of the Royal Society of London A-Mathematical and Physical Sciences, 1989(426), 233–271.
Acknowledgments
This work was supported by the National Natural Science Foundation of China under Grant Nos. 61300220, 61170296 and 61202462, the China Postdoctoral Science Foundation Funded Project under Grant No. 2014M550590, the Scientific Research Fund of Hunan Provincial Education Department (No. 13C324), and the Hunan Provincial Science and Technology Plan Project (No. 2012FJ4333), and the Research Fund of the State Key Laboratory of Software Development Environment under Grant No. BUAA SKLSDE-2012ZX-17.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Li, X., Niu, J., Kumari, S. et al. An Enhancement of a Smart Card Authentication Scheme for Multi-server Architecture. Wireless Pers Commun 80, 175–192 (2015). https://doi.org/10.1007/s11277-014-2002-x
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11277-014-2002-x