Abstract
A multi-server authentication scheme offers a single registration procedure, but allows to access services from multiple servers. For efficiently communicating with the servers, a number of password based remote user authentication schemes have been explored. Recently, Chuang and Chen (Expert Syst Appl 41(4):1411–1418, 2014) have discussed an anonymous multi-server a uthenticated key agreement scheme using smart card together with password and biometrics. This scheme achieves various security requirements while supporting multiple servers as claimed by the authors. In this paper, we show that this scheme is susceptible to different attacks, such as DOS attack, user/server impersonation attack, a smart card attack, session specific temporary key attack, and it does not achieve perfect forward secrecy. In this paper, we propose a new scheme by overcoming the drawbacks of the Chuang and Chen’s scheme. Our scheme can provide non-repudiation as the authentication message sent by a user is digitally signed by the server using the RSA digital signature. Due to efficiency and security, our scheme is suitable for the services like tele medicine information system, which can provide healthcare delivery services between the patients and doctors to employ telecare medicine facilities and access electronic medical records.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Xue, K., Hong, P., & Ma, C. (2014). A lightweight dynamic pseudonym identity based authentication and key agreement protocol without verification tables for multi-server architecture. Journal of Computer and System Sciences, 80(1), 195–206.
Chang, Y. F., Yu, S. H., & Shiao, D. R. (2013). A uniqueness-andanonymity preserving remote user authentication scheme for connected health care. Journal of Medical Systems, 37(2), 9902. doi:10.1007/s10916-012-9902-7.
Lee, C. C., Lin, T. H., & Chang, R. X. (2011). A secure dynamic ID based remote user authentication scheme for multiserver environment using smart cards. Expert Systems with Applications, 38(11), 13863–13870.
Li, X., Ma, J., Wang, W. D., Xiong, Y. P., & Zhang, J. S. (2012). A novel smart card and dynamic ID based remote user authentication scheme for multi-server environments. Mathematical and Computer Modelling, 58(1–2), 85–95. doi:10.1016/j.mcm.2012.06.033.
Li, X., Niu, J., Kumari, S., Liao, J., & Liang, W. (2014). An Enhancement of a smart card authentication scheme for multi-server architecture. Wireless Personal Communications. doi:10.1007/s11277-014-2002-x
Chuang, M.-C., & Chen, M. C. (2014). An anonymous multi-server authenticated key agreement scheme based on trust computing using smart cards and biometrics. Expert Systems with Applications, 41(4), 1411–1418.
Yoon, E., & Yoo, K. (2013). Robust biometrics-based multi-server authentication with key agreement scheme for smart cards on elliptic curve cryptosystem. Journal of Supercomputing, 63(1), 235–255.
He, D. Security flaws in a biometrics-based multi-server authentication with key agreement scheme. Technical report 2011/365, ePrint Archive. http://eprint.iacr.org/2011/365.pdf
He, D., & Wang, D. (2014). Robust biometrics-based authentication scheme for multi-server environment. IEEE System Journal, 9(3), 1–8.
Odelu, V., Das, A. K., & Goswami, A. (2014). Cryptanalysis on robust biometrics-based authentication scheme for multi-server environment. Cryptology ePrint Archive. http://eprint.iacr.org/2014/715. pdf
Lamport, L. (1981). Password authentication with in secure communication. Communications of the ACM, 24(11), 770–772.
Wu, Z. Y., Lee, Y. C., Lai, F., Lee, H. C., & Chung, Y. (2012). A secure authentication scheme for telecare medicine information systems. Journal of Medical Systems, 36(3), 1529–1535.
He, D., Chen, J., & Zhang, R. (2012). A more secure authentication scheme for telecare medicine information systems. Journal of Medical Systems, 36(3), 1989–1995.
Wei, J., Hu, X., & Liu, W. (2012). An improved authentication scheme for telecare medicine information systems. Journal of Medical Systems, 36(6), 3597–3604.
Zhu, Z. (2012). An efficient authentication scheme for telecare medicine information systems. Journal of Medical Systems, 36(6), 3833–3838.
Lee, T. F., & Liu, C. M. (2013). A secure smart-card based authentication and key agreement scheme for telecare medicine information systems. Journal of Medical Systems, 37(3), 1–8.
Das, A. K., & Bruhadeshwar, B. (2013). An improved and effective secure password-based authentication and key agreement scheme using smart cards for the telecare medicine information system. Journal of Medical Systems, 37(5), 1–17.
Chen, H. M., Lo, J. W., & Yeh, C. K. (2012). An efficient and secure dynamic id-based authentication scheme for telecare medical information systems. Journal of Medical Systems, 36(6), 3907–3915.
Cao, T., & Zhai, J. (2013). Improved dynamic id-based authentication scheme for telecare medical information systems. Journal of Medical Systems, 37(2), 1–7.
Lin, H. Y. (2013). On the security of a dynamic id-based authentication scheme for telecare medical information systems. Journal of Medical Systems, 37(2), 1–5.
Xie, Q., Zhang, J., & Dong, N. (2013). Robust anonymous authentication scheme for telecare medical information systems. Journal of Medical Systems, 37(2), 1–8.
Jiang, Q., Ma, J., Ma, Z., & Li, G. (2013). A privacy enhanced authentication scheme for telecare medical information systems. Journal of Medical Systems, 37(1), 1–8.
Wu, F., & Xu, L. (2013). Security analysis and improvement of a privacy authentication scheme for telecare medical information systems. Journal of Medical Systems, 37(4), 1–9. doi:10.1007/s10916-013-9958-z.
Mishra, D., & Mukhopadhyay, S. (2013). Cryptanalysis of Wu and Xus authentication scheme for telecare medicine information systems. arXiv preprint arXiv: 1309.5255.
Jiang, Q., Ma, J., Lu, X., & Tian, Y. (2014). Robust chaotic map-based authentication and key agreement scheme with strong anonymity for telecare medicine information systems. Journal of Medical Systems, 38(2), 1–8.
Mishra, D. (2015). On the security flaws in ID-based password authentication schemes for telecare medical information systems. Journal of Medical Systems, 39(1), 1–16.
Yanrong, L., Lixiang, L., Haipeng, P., & Yixian, Y. (2015). An enhanced biometric-based authentication scheme for telecare medicine information systems using elliptic curve cryptosystem. Journal of Medical Systems, 39(3), 1–8. doi:10.1007/s10916-015-0221-7.
Wen, F. T., & Guo, D. I. (2014). An improved anonymous authentication scheme for telecare medical information systems. Journal of Medical Systems, 38(5), 1–11.
Awasthi, A. K., & Srivastava, K. (2013). A biometric authentication scheme for telecare medicine information systems with nonce. Journal of Medical Systems, 37(5), 1–4.
Mishra, D., Mukhopadhyay, S., Kumari, S., Khan, M. K., & Chaturvedi, A. (2014). Security enhancement of a biometric based authentication scheme for telecare medicine information systems with nonce. Journal of Medical Systems, 38(5), 1–11.
Tan, Z. (2014). A user anonymity preserving three-factor authentication scheme for telecare medicine information systems. Journal of Medical Systems, 38(3), 1–9.
Arshad, H., & Nikooghadam, M. (2014). Three-factor anonymous authentication and key agreement scheme for telecare medicine information systems. Journal of Medical Systems, 38(12), 1–12.
Burrows, M., Abadi, M., & Needham, R. (1990). A logic of authentication. ACM Transactions on Computer System, 8, 18–36.
Koblitz, N. (1987). Elliptic curve cryptosystems. Mathematics of computation, 48, 203–209.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Kumari, S., Om, H. Cryptanalysis and Improvement of an Anonymous Multi-server Authenticated Key Agreement Scheme. Wireless Pers Commun 96, 2513–2537 (2017). https://doi.org/10.1007/s11277-017-4310-4
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11277-017-4310-4