Skip to main content
SpringerLink
Log in

Design and Analysis of Bilinear Pairing Based Mutual Authentication and Key Agreement Protocol Usable in Multi-server Environment

  • Published:
Wireless Personal Communications Aims and scope Submit manuscript

Abstract

With the increasing popularity and demand for various applications, the internet user accesses remote server by performing remote user authentication protocol using smart card over the insecure channel. In order to resist insider attack, most of the users remember a set of identity and password for accessing different application servers. Therefore, remembering set of identity and password is an extra overhead to the user. To avoid the mentioned shortcoming, many remote user authentication and key agreement protocols for multi-server architecture have been proposed in the literature. Recently, Hsieh–Leu proposed an improve protocol of Liao et al. scheme and claimed that the improve protocol is applicable for practical implementation. However, through careful analysis, we found that Hsieh–Leu scheme is still vulnerable to user anonymity, password guessing attack, server masquerading attack and the password change phase is inefficient. Therefore, the main aim of this paper was to design a bilinear pairing based three factors remote user authentication scheme using smart card for providing security weaknesses free protocol. In order to validate security proof of the proposed protocol, this paper uses BAN logic which ensures that the same protocol achieves mutual authentication and session key agreement property securely. Furthermore, this paper also informally illustrates that the proposed protocol is well protected against all the relevant security attacks. The performance analysis and comparison with other schemes are also made, and it has been found that the proposed protocol achieves complete security requirements with comparatively lesser complexities.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1

Similar content being viewed by others

References

  1. Amin, R. (2013). Cryptanalysis and an efficient secure ID-based remote user authentication using smart card. International Journal of Computer Applications, 75(13), 43–48.

    Article  Google Scholar 

  2. Amin, R., & Biswas, G. P. (2015). A novel user authentication and key agreement protocol for accessing multi-medical server usable in TMIS. Journal of Medical Systems, 39(3), 33. doi:10.1007/s10916-015-0217-3.

    Article  MATH  Google Scholar 

  3. Amin, R., & Biswas, G. P. (2015). Remote access control mechanism using rabin public key cryptosystem. In Information systems design and intelligent applications, advances in intelligent systems and computing (vol. 339, pp. 525–533). Springer. doi:10.1007/978-81-322-2250-7_52.

  4. Amin, R., Maitra, T., & Giri, D. (2013). An improved efficient remote user authentication scheme in multi-server environment using smart card. International Journal of Computer Applications, 69(22), 1–6.

    Article  Google Scholar 

  5. Awasthi, A. K., & Lal, S. (2004). An enhanced remote user authentication scheme using smart cards. IEEE Transactions on Consumer Electronics, 50(2), 583–586.

    Article  Google Scholar 

  6. Badra, M., & Urien, P. (2004). Introducing smartcards to remote authenticate passwords using public key encryption. In Advances in wired and wireless communication, 2004 IEEE/Sarnoff symposium on (pp. 123–126). doi:10.1109/SARNOF.2004.1302856.

  7. Boneh, D., & Franklin, M. (2001). Identity-based encryption from the weil pairing. In Advances in cryptology CRYPTO 2001, lecture notes in computer science (vol. 2139, pp. 213–229). Springer, Berlin. doi:10.1007/3-540-44647-8_13.

  8. Boyd, C., & Mathuria, A. (2003). In Protocols for authentication and key establishment. doi:10.1007/978-3-662-09527-0.

  9. Burrows, M., Abadi, M., & Needham, R. (1990). A logic of authentication. ACM Transactions on Computer Systems, 8(1), 18–36. doi:10.1145/77648.77649.

    Article  Google Scholar 

  10. Chang, C. C., & Wu, T. C. (1991). Remote password authentication with smart cards. IEE Proceedings E Computers and Digital Techniques, 138(3), 165–168.

    Article  Google Scholar 

  11. Chang, Y. F., Yu, S. H., & Shiao, D. R. (2013). A uniqueness-and-anonymity-preserving remote user authentication scheme for connected health care. Journal of Medical Systems, 37(2), 1–9. doi:10.1007/s10916-012-9902-7.

    MATH  Google Scholar 

  12. Lee, C.-C., Lai, Y.-M., & Li, C. T. (2011). An improved secure dynamic ID based remote user authentication scheme for multi-server environment. Expert Systems with Applications, 38(11), 203–209.

    Google Scholar 

  13. Cheon, J. H., & Lee, D. H. (2002). Diffie-hellman problems and bilinear maps. Cryptology ePrint Archive: Report 2002.

  14. Chien, H. Y., Jan, J. K., & Tseng, Y. M. (2002). An efficient and practical solution to remote authentication: Smart card. Computers and Security, 21(4), 372–375. doi:10.1016/S0167-4048(02)00415-7.

    Article  Google Scholar 

  15. Eisenbarth, T., Kasper, T., Moradi, A., Paar, C., Salmasizadeh, M., & Shalmani, M. (2008). On the power of power analysis in the real world: A complete break of the keeloq code hopping scheme. In Advances in cryptology CRYPTO 2008, lecture notes in computer science (vol. 5157, pp. 203–220). Springer, Berlin. doi:10.1007/978-3-540-85174-5_12.

  16. Frey, G., & Rück, H. G. (1994). A remark concerning m-divisibility and the discrete logarithm in the divisor class group of curves. Mathematics of computation, 62(206), 865–874. doi:10.2307/2153546.

    MathSciNet  Google Scholar 

  17. Geng, J., & Zhang, L. (2008). A dynamic ID-based user authentication and key agreement scheme for multi-server environment using bilinear pairings. In Power electronics and intelligent transportation system, 2008. PEITS ’08. Workshop on (pp. 33–37). doi:10.1109/PEITS.2008.35.

  18. Hsiang, H. C., & Shih, W. K. (2009). Improvement of the secure dynamic ID based remote user authentication scheme for multi-server environment. Computer Standards and Interfaces, 31(6), 1118–1123. doi:10.1016/j.csi.2008.11.002.

    Article  Google Scholar 

  19. Hsieh, W. B., & Leu, J. S. (2014). An anonymous mobile user authentication protocol using self-certified public keys based on multi-server architectures. The Journal of Supercomputing, 70(1), 133–148. doi:10.1007/s11227-014-1135-8.

    Article  Google Scholar 

  20. Islam, S. (2014). A provably secure ID-based mutual authentication and key agreement scheme for mobile multi-server environment without esl attack. Wireless Personal Communications, 79(3), 1975–1991. doi:10.1007/s11277-014-1968-8.

    Article  Google Scholar 

  21. Jin, A. T. B., Ling, D. N. C., & Goh, A. (2004). Biohashing: Two factor authentication featuring fingerprint data and tokenised random number. Pattern Recognition, 37(11), 2245–2255.

    Article  Google Scholar 

  22. Juang, W. S. (2004). Efficient multi-server password authenticated key agreement using smart cards. IEEE Transactions on Consumer Electronics, 50(1), 251–255. doi:10.1109/TCE.2004.1277870.

    Article  Google Scholar 

  23. Kocher, P., Jaffe, J., & Jun, B. (1999). Differential power analysis. In Advances in cryptology CRYPTO 99, lecture notes in computer science (vol. 1666, pp. 388–397).

  24. Lee, W. B., & Chang, C. C. (2000). User identification and key distribution maintaining anonymity for distributed computer network. Computer and System Science, 15(4), 211–214.

    MathSciNet  MATH  Google Scholar 

  25. Lee, C. C., Lin, T. H., & Chang, R. X. (2011). A secure dynamic ID based remote user authentication scheme for multi-server environment using smart cards. Expert Systems with Applications, 38(11), 13,863–13,870. doi:10.1016/j.eswa.2011.04.190.

    Google Scholar 

  26. Li, X., Ma, J., Wang, W., Xiong, Y., & Zhang, J. (2010). A novel smart card and dynamic ID based remote user authentication scheme for multi-server environments. Mathematical and Computer Modelling 58(1–2), 85–95 (2013). doi:10.1016/j.mcm.2012.06.033. Financial IT and security and international symposium on computational electronics.

  27. Li, X., Niu, J., Kumari, S., Liao, J., & Liang, W. (2015). An enhancement of a smart card authentication scheme for multi-server architecture. Wireless Personal Communications, 80(1), 175–192. doi:10.1007/s11277-014-2002-x.

    Article  MathSciNet  Google Scholar 

  28. Li, X., Qiu, W., Zheng, D., Chen, K., & Li, J. (2010). Anonymity enhancement on robust and efficient password-authenticated key agreement using smart cards. IEEE Transactions on Industrial Electronics, 57(2), 793–800. doi:10.1109/TIE.2009.2028351.

    Article  Google Scholar 

  29. Li, X., Xiong, Y., Ma, J., & Wang, W. (2012). An efficient and security dynamic identity based authentication protocol for multi-server architecture using smart cards. Journal of Network and Computer Applications, 35(2), 763–769. doi:10.1016/j.jnca.2011.11.009.

    Article  Google Scholar 

  30. Liao, Y. P., & Hsiao, C. M. (2013). A novel multi-server remote user authentication scheme using self-certified public keys for mobile clients. Future Generation Computer Systems, 29(3), 886–900.

    Article  Google Scholar 

  31. Liao, Y. P., & Wang, S. S. (2009). A secure dynamic ID based remote user authentication scheme for multi-server environment. Computer Standards and Interfaces, 31(1), 24–29. doi:10.1016/j.csi.2007.10.007.

    Article  Google Scholar 

  32. Lin, I. C., Hwang, M. S., & Li, L. H. (2003). A new remote user authentication scheme for multi-server architecture. Future Generation Computer Systems, 19(1), 13–22. doi:10.1016/S0167-739X(02)00093-6.

    Article  Google Scholar 

  33. Lumini, A., & Nanni, L. (2007). An improved biohashing for human authentication. Pattern Recognition, 40(3), 1057–1065. doi:10.1016/j.patcog.2006.05.030.

    Article  MATH  Google Scholar 

  34. Menezes, A., Vanstone, S., & Okamoto, T. (1991). Reducing elliptic curve logarithms to logarithms in a finite field. In Proceedings of the twenty-third annual ACM symposium on theory of computing, STOC ’91 (pp. 80–89). doi:10.1145/103418.103434.

  35. Messerges, T. S., Dabbish, E. A., & Sloan, R. H. (2002). Examining smart-card security under the threat of power analysis attacks. IEEE Transactions on Computers, 51(5), 541–552.

    Article  MathSciNet  Google Scholar 

  36. Pippal, R., Jaidhar, C., & Tapaswi, S. (2013). Robust smart card authentication scheme for multi-server architecture. Wireless Personal Communications, 72(1), 729–745. doi:10.1007/s11277-013-1039-6.

    Article  Google Scholar 

  37. Shao, M.H., & Chin, Y.C. (2010). A novel approach to dynamic ID-based remote user authentication scheme for multi-server environment. In Proceedings of the 2010 fourth international conference on network and system security, NSS ’10 (pp. 548–553). IEEE Computer Society, Washington, DC, USA. doi:10.1109/NSS.2010.95.

  38. Sood, S. K., Sarje, A. K., & Singh, K. (2011). A secure dynamic identity based authentication protocol for multi-server architecture. Journal of Network and Computer Applications, 34(2), 609–618. doi:10.1016/j.jnca.2010.11.011. Efficient and Robust Security and Services of Wireless Mesh Networks.

  39. Tsai, J. L., Wu, T. C., & Tsai, K. Y. (2010). New dynamic ID authentication scheme using smart cards. International Journal of Communication Systems, 23(3), 1449–1462.

    Article  MathSciNet  Google Scholar 

  40. Tseng, Y. M., Wu, T. Y., & Wu, J. (2008). A pairing-based user authentication scheme for wireless clients with smart card. Informatics, 19(2), 285–302.

    MATH  Google Scholar 

  41. Tsuar, W. J., Chang, C. C., & Wu, W. L. (2001). A flexible user authentication scheme for multi-server internet services. In Networking ICN 2001, lecture notes in computer science (vol. 2093, pp. 174–183). Springer, Berlin. doi:10.1007/3-540-47728-4_18.

  42. Turkanovic, M., Brumen, B., & Hölbl, M. (2014). A novel user authentication and key agreement scheme for heterogeneous ad hoc wireless sensor networks, based on the internet of things notion. Ad Hoc Networks, 20, 96–112. doi:10.1016/j.adhoc.2014.03.009.

    Article  Google Scholar 

  43. Wang, B., & Ma, M. (2013). A smart card based efficient and secured multi-server authentication scheme. Wireless Personal Communications, 68(2), 361–378. doi:10.1007/s11277-011-0456-7.

    Article  Google Scholar 

  44. Wei, J., Liu, W., & Hu, X. (2014). Cryptanalysis and improvement of a robust smart card authentication scheme for multi-server architecture. Wireless Personal Communications, 77(3), 2255–2269. doi:10.1007/s11277-014-1636-z.

    Article  Google Scholar 

  45. Xu, J., Zhu, W. T., & Feng, D. G. (2009). An improved smart card based password authentication scheme with provable security. Computer Standards and Interfaces, 31(4), 723–728. doi:10.1016/j.csi.2008.09.006.

    Article  Google Scholar 

  46. Zhao, D., Peng, H., Li, S., & Yang, Y. (2013) An efficient dynamic ID based remote user authentication scheme using self-certified public keys for multi-server environment. CoRR abs/1305.6350. http://arxiv.org/abs/1305.6350

Download references

Acknowledgments

The authors are grateful to the editor and anonymous reviewers for their valuable suggestions and comments which improved the paper.

Author information

Authors and Affiliations

  1. Indian School of Mines, Dhanbad, 826004, India

    Ruhul Amin & G. P. Biswas

Authors
  1. Ruhul Amin
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. G. P. Biswas
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Ruhul Amin.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Amin, R., Biswas, G.P. Design and Analysis of Bilinear Pairing Based Mutual Authentication and Key Agreement Protocol Usable in Multi-server Environment. Wireless Pers Commun 84, 439–462 (2015). https://doi.org/10.1007/s11277-015-2616-7

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11277-015-2616-7

Keywords

Search

Navigation