Abstract
With the increasing popularity and demand for various applications, the internet user accesses remote server by performing remote user authentication protocol using smart card over the insecure channel. In order to resist insider attack, most of the users remember a set of identity and password for accessing different application servers. Therefore, remembering set of identity and password is an extra overhead to the user. To avoid the mentioned shortcoming, many remote user authentication and key agreement protocols for multi-server architecture have been proposed in the literature. Recently, Hsieh–Leu proposed an improve protocol of Liao et al. scheme and claimed that the improve protocol is applicable for practical implementation. However, through careful analysis, we found that Hsieh–Leu scheme is still vulnerable to user anonymity, password guessing attack, server masquerading attack and the password change phase is inefficient. Therefore, the main aim of this paper was to design a bilinear pairing based three factors remote user authentication scheme using smart card for providing security weaknesses free protocol. In order to validate security proof of the proposed protocol, this paper uses BAN logic which ensures that the same protocol achieves mutual authentication and session key agreement property securely. Furthermore, this paper also informally illustrates that the proposed protocol is well protected against all the relevant security attacks. The performance analysis and comparison with other schemes are also made, and it has been found that the proposed protocol achieves complete security requirements with comparatively lesser complexities.
Similar content being viewed by others
References
Amin, R. (2013). Cryptanalysis and an efficient secure ID-based remote user authentication using smart card. International Journal of Computer Applications, 75(13), 43–48.
Amin, R., & Biswas, G. P. (2015). A novel user authentication and key agreement protocol for accessing multi-medical server usable in TMIS. Journal of Medical Systems, 39(3), 33. doi:10.1007/s10916-015-0217-3.
Amin, R., & Biswas, G. P. (2015). Remote access control mechanism using rabin public key cryptosystem. In Information systems design and intelligent applications, advances in intelligent systems and computing (vol. 339, pp. 525–533). Springer. doi:10.1007/978-81-322-2250-7_52.
Amin, R., Maitra, T., & Giri, D. (2013). An improved efficient remote user authentication scheme in multi-server environment using smart card. International Journal of Computer Applications, 69(22), 1–6.
Awasthi, A. K., & Lal, S. (2004). An enhanced remote user authentication scheme using smart cards. IEEE Transactions on Consumer Electronics, 50(2), 583–586.
Badra, M., & Urien, P. (2004). Introducing smartcards to remote authenticate passwords using public key encryption. In Advances in wired and wireless communication, 2004 IEEE/Sarnoff symposium on (pp. 123–126). doi:10.1109/SARNOF.2004.1302856.
Boneh, D., & Franklin, M. (2001). Identity-based encryption from the weil pairing. In Advances in cryptology CRYPTO 2001, lecture notes in computer science (vol. 2139, pp. 213–229). Springer, Berlin. doi:10.1007/3-540-44647-8_13.
Boyd, C., & Mathuria, A. (2003). In Protocols for authentication and key establishment. doi:10.1007/978-3-662-09527-0.
Burrows, M., Abadi, M., & Needham, R. (1990). A logic of authentication. ACM Transactions on Computer Systems, 8(1), 18–36. doi:10.1145/77648.77649.
Chang, C. C., & Wu, T. C. (1991). Remote password authentication with smart cards. IEE Proceedings E Computers and Digital Techniques, 138(3), 165–168.
Chang, Y. F., Yu, S. H., & Shiao, D. R. (2013). A uniqueness-and-anonymity-preserving remote user authentication scheme for connected health care. Journal of Medical Systems, 37(2), 1–9. doi:10.1007/s10916-012-9902-7.
Lee, C.-C., Lai, Y.-M., & Li, C. T. (2011). An improved secure dynamic ID based remote user authentication scheme for multi-server environment. Expert Systems with Applications, 38(11), 203–209.
Cheon, J. H., & Lee, D. H. (2002). Diffie-hellman problems and bilinear maps. Cryptology ePrint Archive: Report 2002.
Chien, H. Y., Jan, J. K., & Tseng, Y. M. (2002). An efficient and practical solution to remote authentication: Smart card. Computers and Security, 21(4), 372–375. doi:10.1016/S0167-4048(02)00415-7.
Eisenbarth, T., Kasper, T., Moradi, A., Paar, C., Salmasizadeh, M., & Shalmani, M. (2008). On the power of power analysis in the real world: A complete break of the keeloq code hopping scheme. In Advances in cryptology CRYPTO 2008, lecture notes in computer science (vol. 5157, pp. 203–220). Springer, Berlin. doi:10.1007/978-3-540-85174-5_12.
Frey, G., & Rück, H. G. (1994). A remark concerning m-divisibility and the discrete logarithm in the divisor class group of curves. Mathematics of computation, 62(206), 865–874. doi:10.2307/2153546.
Geng, J., & Zhang, L. (2008). A dynamic ID-based user authentication and key agreement scheme for multi-server environment using bilinear pairings. In Power electronics and intelligent transportation system, 2008. PEITS ’08. Workshop on (pp. 33–37). doi:10.1109/PEITS.2008.35.
Hsiang, H. C., & Shih, W. K. (2009). Improvement of the secure dynamic ID based remote user authentication scheme for multi-server environment. Computer Standards and Interfaces, 31(6), 1118–1123. doi:10.1016/j.csi.2008.11.002.
Hsieh, W. B., & Leu, J. S. (2014). An anonymous mobile user authentication protocol using self-certified public keys based on multi-server architectures. The Journal of Supercomputing, 70(1), 133–148. doi:10.1007/s11227-014-1135-8.
Islam, S. (2014). A provably secure ID-based mutual authentication and key agreement scheme for mobile multi-server environment without esl attack. Wireless Personal Communications, 79(3), 1975–1991. doi:10.1007/s11277-014-1968-8.
Jin, A. T. B., Ling, D. N. C., & Goh, A. (2004). Biohashing: Two factor authentication featuring fingerprint data and tokenised random number. Pattern Recognition, 37(11), 2245–2255.
Juang, W. S. (2004). Efficient multi-server password authenticated key agreement using smart cards. IEEE Transactions on Consumer Electronics, 50(1), 251–255. doi:10.1109/TCE.2004.1277870.
Kocher, P., Jaffe, J., & Jun, B. (1999). Differential power analysis. In Advances in cryptology CRYPTO 99, lecture notes in computer science (vol. 1666, pp. 388–397).
Lee, W. B., & Chang, C. C. (2000). User identification and key distribution maintaining anonymity for distributed computer network. Computer and System Science, 15(4), 211–214.
Lee, C. C., Lin, T. H., & Chang, R. X. (2011). A secure dynamic ID based remote user authentication scheme for multi-server environment using smart cards. Expert Systems with Applications, 38(11), 13,863–13,870. doi:10.1016/j.eswa.2011.04.190.
Li, X., Ma, J., Wang, W., Xiong, Y., & Zhang, J. (2010). A novel smart card and dynamic ID based remote user authentication scheme for multi-server environments. Mathematical and Computer Modelling 58(1–2), 85–95 (2013). doi:10.1016/j.mcm.2012.06.033. Financial IT and security and international symposium on computational electronics.
Li, X., Niu, J., Kumari, S., Liao, J., & Liang, W. (2015). An enhancement of a smart card authentication scheme for multi-server architecture. Wireless Personal Communications, 80(1), 175–192. doi:10.1007/s11277-014-2002-x.
Li, X., Qiu, W., Zheng, D., Chen, K., & Li, J. (2010). Anonymity enhancement on robust and efficient password-authenticated key agreement using smart cards. IEEE Transactions on Industrial Electronics, 57(2), 793–800. doi:10.1109/TIE.2009.2028351.
Li, X., Xiong, Y., Ma, J., & Wang, W. (2012). An efficient and security dynamic identity based authentication protocol for multi-server architecture using smart cards. Journal of Network and Computer Applications, 35(2), 763–769. doi:10.1016/j.jnca.2011.11.009.
Liao, Y. P., & Hsiao, C. M. (2013). A novel multi-server remote user authentication scheme using self-certified public keys for mobile clients. Future Generation Computer Systems, 29(3), 886–900.
Liao, Y. P., & Wang, S. S. (2009). A secure dynamic ID based remote user authentication scheme for multi-server environment. Computer Standards and Interfaces, 31(1), 24–29. doi:10.1016/j.csi.2007.10.007.
Lin, I. C., Hwang, M. S., & Li, L. H. (2003). A new remote user authentication scheme for multi-server architecture. Future Generation Computer Systems, 19(1), 13–22. doi:10.1016/S0167-739X(02)00093-6.
Lumini, A., & Nanni, L. (2007). An improved biohashing for human authentication. Pattern Recognition, 40(3), 1057–1065. doi:10.1016/j.patcog.2006.05.030.
Menezes, A., Vanstone, S., & Okamoto, T. (1991). Reducing elliptic curve logarithms to logarithms in a finite field. In Proceedings of the twenty-third annual ACM symposium on theory of computing, STOC ’91 (pp. 80–89). doi:10.1145/103418.103434.
Messerges, T. S., Dabbish, E. A., & Sloan, R. H. (2002). Examining smart-card security under the threat of power analysis attacks. IEEE Transactions on Computers, 51(5), 541–552.
Pippal, R., Jaidhar, C., & Tapaswi, S. (2013). Robust smart card authentication scheme for multi-server architecture. Wireless Personal Communications, 72(1), 729–745. doi:10.1007/s11277-013-1039-6.
Shao, M.H., & Chin, Y.C. (2010). A novel approach to dynamic ID-based remote user authentication scheme for multi-server environment. In Proceedings of the 2010 fourth international conference on network and system security, NSS ’10 (pp. 548–553). IEEE Computer Society, Washington, DC, USA. doi:10.1109/NSS.2010.95.
Sood, S. K., Sarje, A. K., & Singh, K. (2011). A secure dynamic identity based authentication protocol for multi-server architecture. Journal of Network and Computer Applications, 34(2), 609–618. doi:10.1016/j.jnca.2010.11.011. Efficient and Robust Security and Services of Wireless Mesh Networks.
Tsai, J. L., Wu, T. C., & Tsai, K. Y. (2010). New dynamic ID authentication scheme using smart cards. International Journal of Communication Systems, 23(3), 1449–1462.
Tseng, Y. M., Wu, T. Y., & Wu, J. (2008). A pairing-based user authentication scheme for wireless clients with smart card. Informatics, 19(2), 285–302.
Tsuar, W. J., Chang, C. C., & Wu, W. L. (2001). A flexible user authentication scheme for multi-server internet services. In Networking ICN 2001, lecture notes in computer science (vol. 2093, pp. 174–183). Springer, Berlin. doi:10.1007/3-540-47728-4_18.
Turkanovic, M., Brumen, B., & Hölbl, M. (2014). A novel user authentication and key agreement scheme for heterogeneous ad hoc wireless sensor networks, based on the internet of things notion. Ad Hoc Networks, 20, 96–112. doi:10.1016/j.adhoc.2014.03.009.
Wang, B., & Ma, M. (2013). A smart card based efficient and secured multi-server authentication scheme. Wireless Personal Communications, 68(2), 361–378. doi:10.1007/s11277-011-0456-7.
Wei, J., Liu, W., & Hu, X. (2014). Cryptanalysis and improvement of a robust smart card authentication scheme for multi-server architecture. Wireless Personal Communications, 77(3), 2255–2269. doi:10.1007/s11277-014-1636-z.
Xu, J., Zhu, W. T., & Feng, D. G. (2009). An improved smart card based password authentication scheme with provable security. Computer Standards and Interfaces, 31(4), 723–728. doi:10.1016/j.csi.2008.09.006.
Zhao, D., Peng, H., Li, S., & Yang, Y. (2013) An efficient dynamic ID based remote user authentication scheme using self-certified public keys for multi-server environment. CoRR abs/1305.6350. http://arxiv.org/abs/1305.6350
Acknowledgments
The authors are grateful to the editor and anonymous reviewers for their valuable suggestions and comments which improved the paper.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Amin, R., Biswas, G.P. Design and Analysis of Bilinear Pairing Based Mutual Authentication and Key Agreement Protocol Usable in Multi-server Environment. Wireless Pers Commun 84, 439–462 (2015). https://doi.org/10.1007/s11277-015-2616-7
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11277-015-2616-7