article

A two-factor authentication scheme with anonymity for multi-server environments

Authors:

Cheng-Chi LeeAuthors Info & Claims

Security and Communication Networks, Volume 8, Issue 8

Pages 1608 - 1625

https://doi.org/10.1002/sec.1109

Published: 25 May 2015 Publication History

Abstract

In a multi-server environment, remote user authentication is essential for secure communication. Recently, Liao and Wang, Hsiang and Shih, and Lee et al. have successively proposed various remote user authentication schemes for multi-server environments. However, each of these schemes exhibits distinct security weaknesses. The Liao-Wang scheme is vulnerable to insider attacks and masquerade attacks, and fails to provide two-factor security and mutual authentication. The Hsiang-Shih scheme is vulnerable to masquerade attacks and cannot provide mutual authentication. This paper shows that the Lee et al. scheme does not provide two-factor security and cannot withstand masquerade attacks. Their scheme demonstrates poor reparability and fails to provide mutual authentication. Its password change process is inconvenient and inefficient for users who wish to update passwords. Therefore, we propose a novel two-factor authentication scheme with anonymity for multi-server environments and use the Burrows-Abadi-Needham logic method to verify our scheme. We compare the performance and functionality of the proposed scheme with those of previous schemes. Cryptanalysis demonstrated that our improved scheme not only overcomes the drawbacks of the Lee et al., Hsiang-Shih, and Liao-Wang schemes but also satisfies crucial design criteria for secure remote user authentication schemes in multi-server environments. This paper presents a real-case scenario and provides practical examples. We show that our improved authentication scheme provides more functionality than the mentioned schemes do, and can enhance effectiveness in protecting multi-server environments. We also show that the proposed scheme is efficient and can enhance the efficiency of the authentication scheme in a multi-server environment. Copyright © 2014 John Wiley & Sons, Ltd.

References

[1]

Hwang MS, Li LH. A new remote user authentication scheme using smart cards. IEEE Transactions on Consumer Electronics 2000; Volume 46 Issue 1: pp.28-30.

[2]

Shen JJ, Lin CW, Hwang MS. A modified remote user authentication scheme using smart cards. IEEE Transactions on Consumer Electronics 2003; Volume 49 Issue 2: pp.414-416.

[3]

Sun HM. An efficient remote user authentication scheme using smart cards. IEEE Transactions on Consumer Electronics 2000; Volume 46 Issue 4: pp.958-961.

[4]

Liao YP, Wang SS. A secure dynamic ID based remote user authentication scheme for multi-server environment. Computer Standards & Interfaces 2009; Volume 31 Issue 1: pp.24-29.

[5]

Lee WB, Chang CC. User identification and key distribution maintaining anonymity for distributed computer network. Computer Systems Science and Engineering 2000; Volume 15 Issue 4: pp.211-214.

[6]

Wu TS, Hsu CL. Efficient user identification scheme with key distribution preserving anonymity for distributed computer networks. Computers & Security 2004; Volume 23 Issue 2: pp.120-125.

[7]

Chang CC, Lee JS. An efficient and secure multi-server password authentication scheme using smart cards. IEEE Proceeding of the International Conference on Cyberworlds, Tokyo, Japan, Nov. 2004; pp.417-422.

Digital Library

[8]

Juang WS. Efficient multi-server password authenticated key agreement using smart cards. IEEE Transactions on Consumer Electronics 2004; Volume 50 Issue 1: pp.251-255.

[9]

Lin IC, Hwang MS, Li LH. A new remote user authentication scheme for multi-server architecture. Future Generation Computer Systems 2003; Volume 1 Issue 19: pp.13-22.

[10]

Tsaur WJ. A Flexible User Authentication Scheme for Multi-Server Internet Services, Networking-ICN2001, LNCS 2093. Springer Verlag: Colmar, France, 2001; pp.174-183.

[11]

Tsaur WJ, Wu CC, Lee WB. An enhanced user authentication scheme for multi-server internet services. Applied Mathematics and Computation 2005; Volume 170: pp.258-266.

[12]

Li LH, Lin IC, Hwang MS. A remote password authentication scheme for multiserver architecture using neural networks. IEEE Transactions on Neural Networks 2001; Volume 12 Issue 6: pp.1498-1504.

[13]

Hsiang HC, Shih WK. Improvement of the secure dynamic ID based remote user authentication scheme for multi-server environment. Computer Standards & Interfaces 2009; Volume 31 Issue 6: pp.1118-1123.

[14]

Lee CC, Lin TH, Chang RX. A secure dynamic ID based remote user authentication scheme for multi-server environment using smart cards. Expert Systems with Applications 2011; Volume 38 Issue 11: pp.13863-13870.

[15]

Chang CC, Lee CY. A smart card-based authentication scheme using user identify cryptography. International Journal of Network Security 2013; Volume 15 Issue 2: pp.139-147.

[16]

Wei L, Yao Y, Ding Z, Pu Q. Efficient mobile authentication scheme preserving user privacy for large-scale wireless networks. Ad-Hoc and Sensor Wireless Networks 2013; Volume 17 Issue 3-4: pp.313-339.

[17]

Lee JH, Bonnin JM. HOTA: handover optimized ticket-based authentication in network-based mobility management. Information Sciences 2013; Volume 230: pp.64-77.

[18]

Burrows M, Abadi M, Needham R. A logic of authentication. ACM Transactions on Computer Systems 1990; Volume 8 Issue 1: pp.18-36.

[19]

Chang CC, Cheng TF. A robust and efficient smart card based remote login mechanism for multi-server architecture. International Journal of Innovative Computing, Information, and Control 2011; Volume 7 Issue 8: pp.4589-4602.

[20]

Das ML, Saxena A, Gulati VP. A dynamic ID-based remote user authentication scheme. IEEE Transactions on Consumer Electronics 2004; Volume 50 Issue 2: pp.629-631.

[21]

Tian X, Zhu RW, Wong DS. Improved efficient remote user authentication schemes. International Journal of Network Security 2007; Volume 4 Issue 2: pp.149-154.

[22]

Messergers TS, Dabbish EA, Sloan RH. Examining smart card security under the threat of power analysis attacks. IEEE Transactions on Computers 2002; Volume 51 Issue 5: pp.541-552.

[23]

He D, Zhao W, Wu S. Security analysis of a dynamic ID-based authentication scheme for multi-server environment using smart cards. International Journal of Network Security 2013; Volume 15 Issue 5: pp.350-356.

[24]

Hwang T, Ku WC. Reparable key distribution protocols for Internet environments. IEEE Transactions on Consumer Electronics 1995; Volume 43 Issue 5: pp.1947-1949.

[25]

Chang YF, Chang PY. Comments on a dynamic-ID-based remote user authentication scheme for multi-server environment using smart cards. IEEE Sixth International Conference on Genetic and Evolutionary Computing ICGEC, Kitakyushu, Japan, 2012; pp.59-62.

Digital Library

[26]

Lee CC, Chang RX, Ko HJ. Improving two novel three-party encrypted key exchange protocols with perfect forward secrecy. International Journal of Foundations of Computer Science 2010; Volume 21 Issue 6: pp.979-991.

[27]

Ku WC, Chen SM. Weaknesses and improvements of an efficient password based remote user authentication scheme using smart cards. IEEE Transactions on Consumer Electronics 2004; Volume 50 Issue 1: pp.204-207.

[28]

Tsai JL. Efficient multi-server authentication scheme based on one-way hash function without verification table. Computers & Security 2008; Volume 27 Issue 3-4: pp.115-121.

[29]

Chen CT. Improved efficient authentication scheme with anonymity in global mobility networks. International Journal of Innovative Computing, Information, and Control 2013; Volume 9 Issue 8: pp.3319-3339.

[30]

Chang CC, Lee CY, Chiu YC. Enhanced authentication scheme with anonymity for roaming service in global mobility networks. Computer Communications 2009; Volume 32: pp.611-618.

[31]

Schneier B. Applied Cryptography Protocols Algorithms and Source Code in C 2nd edn. John Wiley and Sons Inc.: Hoboken, NJ, USA, 1996.

[32]

Chang YF, Chang CC, Liu YL. Password authentication without the server public key. IEICE Transactions on Communications 2004; Volume E87-B Issue 10: pp.3088-3091.

[33]

Wang RC, Juang WS, Lei CL. A robust authentication scheme with user anonymity for wireless environments. International Journal of Innovative Computing, Information, and Control 2009; Volume 5 Issue 4: pp.1069-1080.

[34]

Lee JS, Chang CC. Secure communications for cluster-based ad hoc networks using node identities. Journal of Network and Computer Applications 2007; Volume 30 Issue 4: pp.1377-1396.

[35]

Li CT, Hwang MS, Chu YP. A secure and efficient communication scheme with authenticated key establishment and privacy preserving for vehicular ad hoc networks. Computer Communications 2008; Volume 31: pp.2803-2814.

[36]

Argyroudis PG, Verma R, Tewari H, O'Mahony D. Performance analysis of cryptographic protocols on handheld devices. Proceedings of the third IEEE international symposium on network computing and applications NCA, Cambridge, USA, 2004; pp.169-174.

Digital Library

[37]

Passing M, Dressler F. Experimental performance evaluation of cryptographic algorithms. Proceedings of the third IEEE international conference on mobile adhoc and sensor systems MASS, Vancouver, Canada, 2006; pp.882-887.

[38]

Wong DS, Fuentes HH, Chan AH. The performance measurement of cryptographic primitives on palm devices. Proceedings of the 17th annual computer security applications conference ACSAC, New Orleans, USA, 2001; pp.92-101.

[39]

Potlapally NR, Ravi S, Raghunathan A, Jha NK. A study of the energy consumption characteristics of cryptographic algorithms and security protocols. IEEE Transactions on Mobile Computing 2006; Volume 5 Issue 2: pp.128-143.

[40]

Hsu CL. Security of Chien et al.'s remote user authentication scheme using smart cards. Computer Standards & Interfaces 2004; Volume 26 Issue 3: pp.167-169.

[41]

Bellare M, Pointcheval D, Rogaway P. Authenticated Key Exchange Secure Against Dictionary Attacks, Advances in Cryptology EUROCRYPT 2000, 1807. Springer Verlag: New York, NY, USA, 2000; pp.139-155.

[42]

Bellare M, Rogaway P. Random oracles are practical: a paradigm for designing efficient protocols. Proceeding of the ACM conference on computer and communications security, Fairfax, VA, USA, 1993; pp.62-73.

Digital Library

[43]

Wu TY, Tseng YM. An efficient user authentication and key exchange protocol for mobile client-server environment. Computer Networks 2010; Volume 54 Issue 9: pp.1520-1530.

[44]

Xu J, Zhu WT, Feng DG. An improved smart card based password authentication scheme with provable security. Computer Standards & Interfaces 2009; Volume 31 Issue 4: pp.723-728.

[45]

Yang SP, Li X. A limitation of BAN logic analysis on a man-in-the-middle attack. Journal of Information and Computing Science 2006; Volume 1 Issue 3: pp.131-138.

Cited By

Reisinger TWagner IBoiten E(2023)Security and Privacy in Unified CommunicationACM Computing Surveys10.1145/349833555:3(1-36)Online publication date: 30-Apr-2023
https://dl.acm.org/doi/10.1145/3498335
Guo ZZhang YCao JRen XZhao XLi H(2022)Secure Multifactor Authentication and Access Control Mechanism for Electronic Bill Service in a 5G Cloud-Fog Hybrid ArchitectureSecurity and Communication Networks10.1155/2022/36584022022Online publication date: 1-Jan-2022
https://dl.acm.org/doi/10.1155/2022/3658402
Qiao HDong XShen Y(2022)Authenticated Key Agreement Scheme with Strong Anonymity for Multi-Server Environment in TMISJournal of Medical Systems10.1007/s10916-019-1442-y43:11(1-13)Online publication date: 11-Mar-2022
https://dl.acm.org/doi/10.1007/s10916-019-1442-y
Show More Cited By

A two-factor authentication scheme with anonymity for multi-server environments
1. Security and privacy
  1. Security services
  2. Systems security

Recommendations

A secure and robust anonymous three-factor remote user authentication scheme for multi-server environment using ECC

We propose a secure anonymous three-factor based remote user authentication scheme for multi-server environment using ECC.We show that the proposed scheme is accurate and provides mutual authentication and session key agreement securely on the basis of ...
Robust anonymous two-factor authenticated key exchange scheme for mobile client-server environment

With the greatest advancement of information technology, mobile communication has become more widespread and prevalent. When a mobile user intends to enjoy the services offered by a remote server, he needs to be authenticated before constructing a ...
Design of a lightweight two-factor authentication scheme with smart card revocation

Smart card based authentication schemes present user-friendly and secure communication mechanism over insure public channel. Recently, Li et al. designed an authentication scheme with pre-smart card authentication to present efficient login phase and ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image Security and Communication Networks

Security and Communication Networks Volume 8, Issue 8

May 2015

195 pages

ISSN:1939-0114

EISSN:1939-0122

Issue’s Table of Contents

Publisher

John Wiley & Sons, Inc.

United States

Publication History

Published: 25 May 2015

Author Tags

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

16
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 05 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Reisinger TWagner IBoiten E(2023)Security and Privacy in Unified CommunicationACM Computing Surveys10.1145/349833555:3(1-36)Online publication date: 30-Apr-2023
https://dl.acm.org/doi/10.1145/3498335
Guo ZZhang YCao JRen XZhao XLi H(2022)Secure Multifactor Authentication and Access Control Mechanism for Electronic Bill Service in a 5G Cloud-Fog Hybrid ArchitectureSecurity and Communication Networks10.1155/2022/36584022022Online publication date: 1-Jan-2022
https://dl.acm.org/doi/10.1155/2022/3658402
Qiao HDong XShen Y(2022)Authenticated Key Agreement Scheme with Strong Anonymity for Multi-Server Environment in TMISJournal of Medical Systems10.1007/s10916-019-1442-y43:11(1-13)Online publication date: 11-Mar-2022
https://dl.acm.org/doi/10.1007/s10916-019-1442-y
Kumar AOm H(2021)An enhanced and provably secure authentication protocol using Chebyshev chaotic maps for multi-server environmentMultimedia Tools and Applications10.1007/s11042-020-10320-x80:9(14163-14189)Online publication date: 1-Apr-2021
https://dl.acm.org/doi/10.1007/s11042-020-10320-x
Akram MGhaffar ZMahmood KKumari SAgarwal KChen C(2020)An anonymous authenticated key-agreement scheme for multi-server infrastructureHuman-centric Computing and Information Sciences10.1186/s13673-020-00227-910:1Online publication date: 15-May-2020
https://dl.acm.org/doi/10.1186/s13673-020-00227-9
Moazami FSafkhani M(2020)SEOTP: a new secure and efficient ownership transfer protocol based on quadric residue and homomorphic encryptionWireless Networks10.1007/s11276-020-02397-x26:7(5285-5306)Online publication date: 22-Jun-2020
https://dl.acm.org/doi/10.1007/s11276-020-02397-x
Wang FXu GWang CPeng J(2019)A Provably Secure Biometrics-Based Authentication Scheme for Multiserver EnvironmentSecurity and Communication Networks10.1155/2019/28386152019Online publication date: 25-Jun-2019
https://dl.acm.org/doi/10.1155/2019/2838615
Abuarqoub A(2019)A Lightweight Two-Factor Authentication Scheme for Mobile Cloud ComputingProceedings of the 3rd International Conference on Future Networks and Distributed Systems10.1145/3341325.3342020(1-7)Online publication date: 1-Jul-2019
https://dl.acm.org/doi/10.1145/3341325.3342020
Irshad ASher MChaudhry SKumari SSangaiah ALi XWu F(2018)A secure mutual authenticated key agreement of user with multiple servers for critical systemsMultimedia Tools and Applications10.1007/s11042-017-5078-y77:9(11067-11099)Online publication date: 1-May-2018
https://dl.acm.org/doi/10.1007/s11042-017-5078-y
Irshad ASher MNawaz OChaudhry SKhan IKumari S(2017)A secure and provable multi-server authenticated key agreement for TMIS based on Amin et al. schemeMultimedia Tools and Applications10.5555/3124201.312423276:15(16463-16489)Online publication date: 1-Aug-2017
https://dl.acm.org/doi/10.5555/3124201.3124232
Show More Cited By

View Options

View options

Figures

Tables

Media

View Issue’s Table of Contents