Abstract
For providing strong mutual authentication in a multi-server environment many algorithms have been proposed. Most of the algorithms provide mutual authentication between client and multiple servers by using single control server for registration. In this paper, we consider a scenario, in which client and server belong to the different control server. We have proposed a protocol for providing authentication in the multi-control server environment. In our scheme, for strong authentication, we use user’s biometric and registered password value in the authentication process. We also use the concept of elliptic curve cryptography to provide security features in our scheme. Furthermore, Burrows–Abadi–Needham logic has been used for formal security analysis in our work. With informal security analysis, we prove that our scheme is secure against popular security attacks like—denial of service attack, man-in-the-middle attack, replay attack and stolen smart card attack.
Similar content being viewed by others
References
Yang, H. W., Yang, C. C., & Lin, W. (2013). Enhanced digital rights management authentication scheme based on smart card. IET Information Security, 7(3), 189–194.
Fan, C. I., Chan, Y. C., & Zhang, Z. K. (2005). Robust remote authentication scheme with smart cards. Computers and Security, 24(8), 619–628.
Amin, R. (2016). Cryptanalysis and efficient dynamic id based remote user authentication scheme in multi-server environment using smart card. International Journal of Network Security, 18(1), 172–181.
Wei, J., Liu, W., & Hu, X. (2016). Secure and efficient smart card based remote user password authentication scheme. IJ Network Security, 18, 782–792.
Li, X., Niu, J., Kumari, S., Liao, J., & Liang, W. (2015). An enhancement of a smart card authentication scheme for multi-server architecture. Wireless Personal Communications, 80(1), 175–192.
Pippal, R. S., Jaidhar, C. D., & Tapaswi, S. (2013). Robust smart card authentication scheme for multi-server architecture. Wireless Personal Communications, 72(1), 729–745.
Chuang, M. C., & Chen, M. C. (2014). An anonymous multi-server authenticated key agreement scheme based on trust computing using smart cards and biometrics. Expert Systems with Applications, 41(4), 1411–1418.
Mishra, D., Das, A. K., & Mukhopadhyay, S. (2014). A secure user anonymity-preserving biometric-based multi-server authenticated key agreement scheme using smart cards. Expert Systems with Applications, 41(18), 8129–8143.
Baruah, K., Banerjee, S., Dutta, M., & Bhunia, C. T. (2015). An improved biometric-based multi-server authentication scheme using smart card. International Journal of Security and Its Applications, 9, 397–408.
Wang, C., Zhang, X., & Zheng, Z. (2016). Cryptanalysis and improvement of a biometric-based multi-server authentication and key agreement scheme. PLOS ONE, 11(2), 1–25.
Reddy, A. G., Yoon, E. J., Das, A. K., Odelu, V., & Yoo, K. Y. (2017). Design of mutually authenticated key agreement protocol resistant to impersonation attacks for multi-server environment. IEEE Access, 5, 3622–3639.
Gupta, P. C., & Dhar, J. (2016). Hash based multi-server key exchange protocol using smart card. Wireless Personal Communications, 87(1), 225–244.
He, D., & Wang, D. (2015). Robust biometrics-based authentication scheme for multiserver environment. IEEE Systems Journal, 9(3), 816–823.
Odelu, V., Das, A. K., & Goswami, A. (2015). A secure biometrics-based multi-server authentication protocol using smart cards. IEEE Transactions on Information Forensics and Security, 10(9), 1953–1966.
Feng, Q., He, D., Zeadally, S., & Wang, H. (2017). Anonymous biometrics-based authentication scheme with key distribution for mobile multi-server environment. Future Generation Computer Systems, 84, 239.
Kumari, S., Das, A. K., Li, X., Wu, F., Khan, M. K., Jiang, Q., et al. (2018). A provably secure biometrics-based authenticated key agreement scheme for multi-server environments. Multimedia Tools and Applications, 77(2), 2359–2389.
Xu, D., Chen, J., & Liu, Q. (2019). Provably secure anonymous three-factor authentication scheme for multi-server environments. Journal of Ambient Intelligence and Humanized Computing, 10(2), 611–627.
Chandrakar, P., & Om, H. (2017). Cryptanalysis and extended three-factor remote user authentication scheme in multi-server environment. Arabian Journal for Science and Engineering, 42(2), 765–786.
Kumar, A., & Om, H. (2018). An improved and secure multiserver authentication scheme based on biometrics and smartcard. Digital Communications and Networks, 4(1), 27–38.
Meadows, C. (2006). Formal methods for cryptographic protocol analysis: Emerging issues and trends. IEEE Journal on Selected Areas in Communications, 21(1), 44–54.
Pan, H. T., Pan, C. S., Tsaur, S. C., & Hwang, M. S. (2016). Cryptanalysis of efficient dynamic id based remote user authentication scheme in multi-server environment using smart card. In 2016 12th International conference on computational intelligence and security (CIS) (pp. 590–593).
Yang, L., & Zheng, Z. (2018). Cryptanalysis and improvement of a biometrics-based authentication and key agreement scheme for multi-server environments. PLOS ONE, 13(3), 1–27.
Xue, K., Hong, P., & Ma, C. (2014). A lightweight dynamic pseudonym identity based authentication and key agreement protocol without verification tables for multi-server architecture. Journal of Computer and System Sciences, 80(1), 195–206.
Seroussi, G. (1999). Elliptic curve cryptography. In 1999 Information theory and networking workshop (cat. no. 99EX371) (p. 41).
Burrows, M., Abadi, M., & Needham, R. (1990). A logic of authentication. ACM Transactions on Computer Systems, 8(1), 18–36.
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Tomar, A., Dhar, J. An ECC Based Secure Authentication and Key Exchange Scheme in Multi-server Environment. Wireless Pers Commun 107, 351–372 (2019). https://doi.org/10.1007/s11277-019-06280-7
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11277-019-06280-7