Skip to main content
SpringerLink
Log in

An Improved and Secure Two-factor Dynamic ID Based Authenticated Key Agreement Scheme for Multiserver Environment

  • Published:
Wireless Personal Communications Aims and scope Submit manuscript

Abstract

The smart card based password authentication scheme is one of the most important and efficient security mechanism, which is used for providing security to authorized users over an insecure network. In this paper, we analyzed major security flaws of Jangirala et al.’s scheme and proved that it is vulnerable to forgery attack, replay attack, user impersonation attack. Also, Jangirala et al.’s scheme fail to achieve mutual authentication as it claimed. We proposed an improved two factor based dynamic ID based authenticated key agreement protocol for the multiserver environment. The proposed scheme has been simulated using widely accepted AVISPA tool. Furthermore, mutual authentication is proved through BAN logic. The rigorous security and performance analysis depicts that the proposed scheme provides users anonymity, mutual authentication, session key agreement and secure against various active attacks.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2

Similar content being viewed by others

References

  1. Lamport, L. (1981). Password authentication with insecure communication. Communications of the ACM, 24(11), 770–772.

    Article  MathSciNet  Google Scholar 

  2. Hwang, T., Chen, Y., & Laih, C. J. (1990) Non-interactive password authentications without password tables. In 1990 IEEE region 10 conference on computer and communication systems, 1990, IEEE TENCON’90 (pp. 429–431). IEEE.

  3. Yang, W.-H., & Shieh, S.-P. (1999). Password authentication schemes with smart cards. Computers & Security, 18(8), 727–733.

    Article  Google Scholar 

  4. Hwang, M.-S., & Li, L.-H. (2000). A new remote user authentication scheme using smart cards. IEEE Transactions on Consumer Electronics, 46(1), 28–30.

    Article  Google Scholar 

  5. Chan, C.-K., & Cheng, L.-M. (2000). Cryptanalysis of a remote user authentication scheme using smart cards. IEEE Transactions on Consumer Electronics, 46(4), 992–993.

    Article  Google Scholar 

  6. Sun, H.-M. (2000). An efficient remote use authentication scheme using smart cards. IEEE Transactions on Consumer Electronics, 46(4), 958–961.

    Article  MathSciNet  Google Scholar 

  7. Chien, H.-Y., Jan, J.-K., & Tseng, Y.-M. (2002). An efficient and practical solution to remote authentication: Smart card. Computers & Security, 21(4), 372–375.

    Article  Google Scholar 

  8. Wu, S.-T., & Chieu, B.-C. (2003). A user friendly remote authentication scheme with smart cards. Computers & Security, 22(6), 547–550.

    Article  Google Scholar 

  9. Ku, W.-C., & Chen, S.-M. (2004). Weaknesses and improvements of an efficient password based remote user authentication scheme using smart cards. IEEE Transactions on Consumer Electronics, 50(1), 204–207.

    Article  Google Scholar 

  10. Yoon, E.-J., Ryu, E.-K., & Yoo, K.-Y. (2004). Further improvement of an efficient password based remote user authentication scheme using smart cards. IEEE Transactions on Consumer Electronics, 50(2), 612–614.

    Article  Google Scholar 

  11. Lu, R., & Cao, Z. (2005). Efficient remote user authentication scheme using smart card. Computer Networks, 49(4), 535–540.

    Article  MATH  Google Scholar 

  12. Lee, S.-W., Kim, H.-S., & Yoo, K.-Y. (2005). Improvement of chien et al’.s remote user authentication scheme using smart cards. Computer Standards & Interfaces, 27(2), 181–183.

    Article  Google Scholar 

  13. Lee, N.-Y., & Chiu, Y.-C. (2005). Improved remote authentication scheme with smart card. Computer Standards & Interfaces, 27(2), 177–180.

    Article  Google Scholar 

  14. Xu, J., Zhu, W.-T., & Feng, D.-G. (2009). An improved smart card based password authentication scheme with provable security. Computer Standards & Interfaces, 31(4), 723–728.

    Article  Google Scholar 

  15. Amin, R., & Biswas, G. P. (2015). Cryptanalysis and design of a three-party authenticated key exchange protocol using smart card. Arabian Journal for Science and Engineering, 40(11), 3135–3149.

    Article  MathSciNet  MATH  Google Scholar 

  16. Li, L.-H., Lin, L.-C., & Hwang, M.-S. (2001). A remote password authentication scheme for multiserver architecture using neural networks. IEEE Transactions on Neural Networks, 12(6), 1498–1504.

    Article  Google Scholar 

  17. Lin, I.-C., Hwang, M.-S., & Li, L.-H. (2003). A new remote user authentication scheme for multi-server architecture. Future Generation Computer Systems, 19(1), 13–22.

    Article  MATH  Google Scholar 

  18. Juang, W.-S. (2004). Efficient multi-server password authenticated key agreement using smart cards. IEEE Transactions on Consumer Electronics, 50(1), 251–255.

    Article  Google Scholar 

  19. Chang, C.-C., & Lee, J.-S. (2004). An efficient and secure multi-server password authentication scheme using smart cards. In 2004 international conference on cyberworlds (pp. 417–422). IEEE.

  20. Tsaur, W.-J., Chia-Chun, W., & Lee, W.-B. (2004). A smart card-based remote scheme for password authentication in multi-server internet services. Computer Standards & Interfaces, 27(1), 39–51.

    Article  Google Scholar 

  21. Yang, Y., Deng, R. H., & Bao, F. (2006). A practical password-based two-server authentication and key exchange system. IEEE Transactions on Dependable and Secure Computing, 3(2), 105–114.

    Article  Google Scholar 

  22. Tsai, J.-L. (2008). Efficient multi-server authentication scheme based on one-way hash function without verification table. Computers & Security, 27(3), 115–121.

    Article  Google Scholar 

  23. Liao, Y.-P., & Wang, S.-S. (2009). A secure dynamic id based remote user authentication scheme for multi-server environment. Computer Standards & Interfaces, 31(1), 24–29.

    Article  Google Scholar 

  24. Hsiang, H.-C., & Shih, W.-K. (2009). Improvement of the secure dynamic id based remote user authentication scheme for multi-server environment. Computer Standards & Interfaces, 31(6), 1118–1123.

    Article  Google Scholar 

  25. Lee, C.-C., Lin, T.-H., & Chang, R.-X. (2011). A secure dynamic id based remote user authentication scheme for multi-server environment using smart cards. Expert Systems with Applications, 38(11), 13863–13870.

    Google Scholar 

  26. Sood, S. K., Sarje, A. K., & Singh, K. (2011). A secure dynamic identity based authentication protocol for multi-server architecture. Journal of Network and Computer Applications, 34(2), 609–618.

    Article  Google Scholar 

  27. Li, X., Xiong, Y., Ma, J., & Wang, W. (2012). An efficient and security dynamic identity based authentication protocol for multi-server architecture using smart cards. Journal of Network and Computer Applications, 35(2), 763–769.

    Article  Google Scholar 

  28. Li, X., Ma, J., Wang, W., Xiong, Y., & Zhang, J. (2013). A novel smart card and dynamic id based remote user authentication scheme for multi-server environments. Mathematical and Computer Modelling, 58(1), 85–95.

    Article  Google Scholar 

  29. Zhao, D., Peng, H., Li, S., & Yang, Y. (2013). An efficient dynamic id based remote user authentication scheme using self-certified public keys for multi-server environment. arXiv preprint arXiv:1305.6350.

  30. Xue, K., Hong, P., & Ma, C. (2014). A lightweight dynamic pseudonym identity based authentication and key agreement protocol without verification tables for multi-server architecture. Journal of Computer and System Sciences, 80(1), 195–206.

    Article  MathSciNet  MATH  Google Scholar 

  31. Das, A. K. (2015). A secure and efficient user anonymity-preserving three-factor authentication protocol for large-scale distributed wireless sensor networks. Wireless Personal Communications, 82(3), 1377–1404.

    Article  Google Scholar 

  32. Li, X., Niu, J., Kumari, S., Liao, J., & Liang, W. (2015). An enhancement of a smart card authentication scheme for multi-server architecture. Wireless Personal Communications, 80(1), 175–192.

    Article  Google Scholar 

  33. Odelu, V., Das, A. K., & Goswami, A. (2015). An effective and robust secure remote user authenticated key agreement scheme using smart cards in wireless communication systems. Wireless Personal Communications, 84(4), 2571–2598.

    Article  Google Scholar 

  34. Shunmuganathan, S., Saravanan, R. D., & Palanichamy, Y. (2015). Secure and efficient smart-card-based remote user authentication scheme for multiserver environment. Canadian Journal of Electrical and Computer Engineering, 38(1), 20–30.

    Article  Google Scholar 

  35. Jangirala, S., Mukhopadhyay, S., & Das, A. K. (2017). A multi-server environment with secure and efficient remote user authentication scheme based on dynamic ID using smart cards. Wireless Personal Communications, 95(3), 2735–2767.

    Article  Google Scholar 

  36. Burrows, M., Abadi, M., & Needham, R. M. (1989). A logic of authentication. Proceedings of the Royal Society of London A: Mathematical, Physical and Engineering, 426, 233–271.

    Article  MathSciNet  MATH  Google Scholar 

  37. Ali, R., & Pal, A. K. (2017). Three-factor-based confidentiality-preserving remote user authentication scheme in multi-server environment. Arabian Journal for Science and Engineering, 42(8), 3655–3672.

    Article  MathSciNet  MATH  Google Scholar 

  38. AVISPA Automated Validation of Internet Security Protocols and Applications. http://www.avispa-project.org/ (2015).

  39. Viganò, L. (2006). Automated security protocol analysis with the AVISPA tool. Electronic Notes in Theoretical Computer Science, 155, 61–86.

    Article  Google Scholar 

  40. Armando, A., Basin, D., Boichut, Y., Chevalier, Y., Compagna, L., Cuéllar, J., et al. (2005). The AVISPA tool for the automated validation of internet security protocols and applications. In International conference on computer aided verification (pp. 281–285). Springer.

  41. Dolev, D., & Yao, A. (1983). On the security of public key protocols. IEEE Transactions on Information Theory, 29(2), 198–208.

    Article  MathSciNet  MATH  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. National Institute of Technology Rourkela, Rourkela, India

    Shreeya Swagatika Sahoo, Sujata Mohanty & Banshidhar Majhi

Authors
  1. Shreeya Swagatika Sahoo
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Sujata Mohanty
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Banshidhar Majhi
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Shreeya Swagatika Sahoo.

Additional information

Publisher’s Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Sahoo, S.S., Mohanty, S. & Majhi, B. An Improved and Secure Two-factor Dynamic ID Based Authenticated Key Agreement Scheme for Multiserver Environment. Wireless Pers Commun 101, 1307–1333 (2018). https://doi.org/10.1007/s11277-018-5764-8

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11277-018-5764-8

Keywords

Search

Navigation