Skip to main content
SpringerLink
Log in

An ECC Based Secure Authentication and Key Exchange Scheme in Multi-server Environment

  • Published:
Wireless Personal Communications Aims and scope Submit manuscript

Abstract

For providing strong mutual authentication in a multi-server environment many algorithms have been proposed. Most of the algorithms provide mutual authentication between client and multiple servers by using single control server for registration. In this paper, we consider a scenario, in which client and server belong to the different control server. We have proposed a protocol for providing authentication in the multi-control server environment. In our scheme, for strong authentication, we use user’s biometric and registered password value in the authentication process. We also use the concept of elliptic curve cryptography to provide security features in our scheme. Furthermore, Burrows–Abadi–Needham logic has been used for formal security analysis in our work. With informal security analysis, we prove that our scheme is secure against popular security attacks like—denial of service attack, man-in-the-middle attack, replay attack and stolen smart card attack.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5

Similar content being viewed by others

References

  1. Yang, H. W., Yang, C. C., & Lin, W. (2013). Enhanced digital rights management authentication scheme based on smart card. IET Information Security, 7(3), 189–194.

    Article  Google Scholar 

  2. Fan, C. I., Chan, Y. C., & Zhang, Z. K. (2005). Robust remote authentication scheme with smart cards. Computers and Security, 24(8), 619–628.

    Article  Google Scholar 

  3. Amin, R. (2016). Cryptanalysis and efficient dynamic id based remote user authentication scheme in multi-server environment using smart card. International Journal of Network Security, 18(1), 172–181.

    Google Scholar 

  4. Wei, J., Liu, W., & Hu, X. (2016). Secure and efficient smart card based remote user password authentication scheme. IJ Network Security, 18, 782–792.

    Google Scholar 

  5. Li, X., Niu, J., Kumari, S., Liao, J., & Liang, W. (2015). An enhancement of a smart card authentication scheme for multi-server architecture. Wireless Personal Communications, 80(1), 175–192.

    Article  Google Scholar 

  6. Pippal, R. S., Jaidhar, C. D., & Tapaswi, S. (2013). Robust smart card authentication scheme for multi-server architecture. Wireless Personal Communications, 72(1), 729–745.

    Article  Google Scholar 

  7. Chuang, M. C., & Chen, M. C. (2014). An anonymous multi-server authenticated key agreement scheme based on trust computing using smart cards and biometrics. Expert Systems with Applications, 41(4), 1411–1418.

    Article  Google Scholar 

  8. Mishra, D., Das, A. K., & Mukhopadhyay, S. (2014). A secure user anonymity-preserving biometric-based multi-server authenticated key agreement scheme using smart cards. Expert Systems with Applications, 41(18), 8129–8143.

    Article  Google Scholar 

  9. Baruah, K., Banerjee, S., Dutta, M., & Bhunia, C. T. (2015). An improved biometric-based multi-server authentication scheme using smart card. International Journal of Security and Its Applications, 9, 397–408.

    Article  Google Scholar 

  10. Wang, C., Zhang, X., & Zheng, Z. (2016). Cryptanalysis and improvement of a biometric-based multi-server authentication and key agreement scheme. PLOS ONE, 11(2), 1–25.

    Google Scholar 

  11. Reddy, A. G., Yoon, E. J., Das, A. K., Odelu, V., & Yoo, K. Y. (2017). Design of mutually authenticated key agreement protocol resistant to impersonation attacks for multi-server environment. IEEE Access, 5, 3622–3639.

    Article  Google Scholar 

  12. Gupta, P. C., & Dhar, J. (2016). Hash based multi-server key exchange protocol using smart card. Wireless Personal Communications, 87(1), 225–244.

    Article  Google Scholar 

  13. He, D., & Wang, D. (2015). Robust biometrics-based authentication scheme for multiserver environment. IEEE Systems Journal, 9(3), 816–823.

    Article  Google Scholar 

  14. Odelu, V., Das, A. K., & Goswami, A. (2015). A secure biometrics-based multi-server authentication protocol using smart cards. IEEE Transactions on Information Forensics and Security, 10(9), 1953–1966.

    Article  Google Scholar 

  15. Feng, Q., He, D., Zeadally, S., & Wang, H. (2017). Anonymous biometrics-based authentication scheme with key distribution for mobile multi-server environment. Future Generation Computer Systems, 84, 239.

    Article  Google Scholar 

  16. Kumari, S., Das, A. K., Li, X., Wu, F., Khan, M. K., Jiang, Q., et al. (2018). A provably secure biometrics-based authenticated key agreement scheme for multi-server environments. Multimedia Tools and Applications, 77(2), 2359–2389.

    Article  Google Scholar 

  17. Xu, D., Chen, J., & Liu, Q. (2019). Provably secure anonymous three-factor authentication scheme for multi-server environments. Journal of Ambient Intelligence and Humanized Computing, 10(2), 611–627.

    Article  Google Scholar 

  18. Chandrakar, P., & Om, H. (2017). Cryptanalysis and extended three-factor remote user authentication scheme in multi-server environment. Arabian Journal for Science and Engineering, 42(2), 765–786.

    Article  Google Scholar 

  19. Kumar, A., & Om, H. (2018). An improved and secure multiserver authentication scheme based on biometrics and smartcard. Digital Communications and Networks, 4(1), 27–38.

    Article  Google Scholar 

  20. Meadows, C. (2006). Formal methods for cryptographic protocol analysis: Emerging issues and trends. IEEE Journal on Selected Areas in Communications, 21(1), 44–54.

    Article  MathSciNet  Google Scholar 

  21. Pan, H. T., Pan, C. S., Tsaur, S. C., & Hwang, M. S. (2016). Cryptanalysis of efficient dynamic id based remote user authentication scheme in multi-server environment using smart card. In 2016 12th International conference on computational intelligence and security (CIS) (pp. 590–593).

  22. Yang, L., & Zheng, Z. (2018). Cryptanalysis and improvement of a biometrics-based authentication and key agreement scheme for multi-server environments. PLOS ONE, 13(3), 1–27.

    Google Scholar 

  23. Xue, K., Hong, P., & Ma, C. (2014). A lightweight dynamic pseudonym identity based authentication and key agreement protocol without verification tables for multi-server architecture. Journal of Computer and System Sciences, 80(1), 195–206.

    Article  MathSciNet  MATH  Google Scholar 

  24. Seroussi, G. (1999). Elliptic curve cryptography. In 1999 Information theory and networking workshop (cat. no. 99EX371) (p. 41).

  25. Burrows, M., Abadi, M., & Needham, R. (1990). A logic of authentication. ACM Transactions on Computer Systems, 8(1), 18–36.

    Article  MATH  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. ABV-Indian Institute of Information Technology and Management, Gwalior, Madhya Pradesh, 474015, India

    Ashish Tomar & Joydip Dhar

Authors
  1. Ashish Tomar
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Joydip Dhar
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Ashish Tomar.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Tomar, A., Dhar, J. An ECC Based Secure Authentication and Key Exchange Scheme in Multi-server Environment. Wireless Pers Commun 107, 351–372 (2019). https://doi.org/10.1007/s11277-019-06280-7

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11277-019-06280-7

Keywords

Search

Navigation