Nothing Special   »   [go: up one dir, main page]
Skip to main content
Springer Nature Link
Log in

An Enhanced and Provably Secure Chaotic Map-Based Authenticated Key Agreement in Multi-Server Architecture

  • Research Article - Computer Engineering and Computer Science
  • Published:
Arabian Journal for Science and Engineering Aims and scope Submit manuscript

Abstract

In the multi-server authentication (MSA) paradigm, a subscriber might avail multiple services of different service providers, after registering from registration authority. In this approach, the user has to remember only a single password for all service providers, and servers are relieved of individualized registrations. Many MSA-related schemes have been presented so far, however with several drawbacks. In this connection, recently Li et al. in Wirel. Pers. Commun., (2016). doi:10.1007/s11277-016-3293-x presented a chaotic map-based multi-server authentication scheme. However, we observed that Li et al. suffer from malicious server insider attack, stolen smart card attack, and session-specific temporary information attack. This research work is based on improving security of Li et al.’s protocol in minimum possible computation cost. We also evaluate the security for the contributed work which is provable under formal security analysis employing random oracle model and BAN Logic.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Kocarev, L.: Chaos-based cryptography: a brief overview. IEEE Circuits Syst. Mag. 1(3), 6–21 (2001)

    Article  Google Scholar 

  2. Lamport, L.: Password authentication with insecure communication. Commun. ACM 24(11), 770–772 (1981)

    Article  MathSciNet  Google Scholar 

  3. Lee, Y.S.; Kim, E.; Seok, S.J.; Jung, M.S.: A smart card-based user authentication scheme to ensure the PFS in multi-server environments. IEICE Trans. Commun. E95(B2), 619–622 (2012)

    Article  Google Scholar 

  4. He, D.B.; Hu, H.: Cryptanalysis of a smart card-based user authentication scheme for multi-server environments. IEICE Trans. Commun. E95(B9), 3052–3054 (2012)

    Article  Google Scholar 

  5. Chaudhry, S.A.: A secure biometric based multi-server authentication scheme for social multimedia networks. Multimed. Tools Appl. 75(20), 12705–12725 (2016)

    Article  Google Scholar 

  6. He, D. B. : Security flaws in a biometrics-based multi-server authentication with key agreement scheme. IACR Cryptology ePrint Archive, 2011/365 (2011)

  7. Irshad, A.; Sher, M.; Rehman, E.; Ch, S.A.; Hassan, M.U.; Ghani, A.: A single round-trip SIP authentication scheme for voice over internet protocol using smart card. Multimed. Tools Appl. 74(11), 3967–3984 (2015)

    Article  Google Scholar 

  8. Irshad, A.; Sher, M.; Faisal, M.S.; Ghani, A.; Ul Hassan, M.; Ashraf Ch, S.: A secure authentication scheme for session initiation protocol by using ECC on the basis of the Tang and Liu scheme. Secur. Commun. Netw. 7(8), 1210–1218 (2014)

    Article  Google Scholar 

  9. Li, L.H.; Lin, I.C.; Hwang, M.S.: A remote password authentication scheme for multi-server architecture using neural networks. IEEE Trans. Neural Netw. 12(6), 1498–1504 (2001)

    Article  Google Scholar 

  10. Lin, I.C.; Hwang, M.S.; Li, L.H.: A new remote user authentication scheme for multi-server architecture. Future Gener. Comput. Syst. 19(1), 13–22 (2003)

  11. Juang, W.S.: Efficient multi-server password authenticated key agreement using smart cards. IEEE Trans. Consum. Electron. 50(1), 251–255 (2004)

    Article  MathSciNet  Google Scholar 

  12. Chang, C. C.; Lee, J. S.: An efficient and secure multi-server password authentication scheme using smart cards. In: Proceedings of the third international conference on cyberworlds, pp. 417–422 (2004)

  13. Tsaur, W.J.; Wu, C.C.; Lee, W.B.: A smart card-based remote scheme for password authentication in multi-server Internet services. Comput. Stand. Interfaces 27(1), 39–51 (2004)

    Article  Google Scholar 

  14. Tsaur, W.J.; Wu, C.C.; Lee, W.B.: An enhanced user authentication scheme for multi-server Internet services. Appl. Math. Comput. 170(1), 258–266 (2005)

    MathSciNet  MATH  Google Scholar 

  15. Tsai, J.L.: Efficient multi-server authentication scheme based on one-way hash function without verification table. Comput. Secur. 27(3–4), 115–121 (2008)

    Article  Google Scholar 

  16. Irshad, A.; Sher, M.; Chaudhry, S. A.; Xie, Q.; Kumari, S.; Wu, F.: An improved and secure chaotic map based authenticated key agreement in multi-server architecture. Multimed Tools Appl., 1–38 (2017)

  17. Irshad, A.; Sher, M.; Ahmad, H.F.; Alzahrani, B.A.; Chaudhry, S.A.; Kumar, R.: An improved multi-server authentication scheme for distributed mobile cloud computing services. KSII Trans. Internet Inf. Syst. (TIIS) 10(12), 5529–5552 (2016)

    Google Scholar 

  18. Liao, Y.P.; Wang, S.S.: A secure dynamic ID based remote user authentication scheme for multi-server environment. Comput. Stand. Interfaces 31(1), 24–29 (2009)

    Article  Google Scholar 

  19. Hsiang, H.C.; Shih, W.K.: Improvement of the secure dynamic ID based remote user authentication scheme for multi-server environment. Comput. Stand. Interfaces 31(6), 1118–1123 (2009)

    Article  Google Scholar 

  20. Sood, S.K.; Sarje, A.K.; Singh, K.: A secure dynamic identity based authentication protocol for multi-server architecture. J. Netw. Comput. Appl. 34(2), 609–618 (2011)

    Article  Google Scholar 

  21. Lee, C.C.; Lin, T.H.; Chang, R.X.: A secure dynamic ID based remote user authentication scheme for multi-server environment using smart cards. Expert Syst. Appl. 38(11), 13863–13870 (2011)

    Google Scholar 

  22. Li, X.; Xiong, Y.P.; Ma, J.; Wang, W.D.: An efficient and security dynamic identity based authentication protocol for multi-server architecture using smart cards. J. Netw. Comput. Appl. 35(2), 763–769 (2012)

    Article  Google Scholar 

  23. Li, X.; Ma, J.; Wang, W.D.; Xiong, Y.P.; Zhang, J.S.: A novel smart card and dynamic ID based remote user authentication scheme for multi-server environment. Math. Comput. Model. 58(1–2), 85–95 (2013)

    Article  Google Scholar 

  24. Li, C.T.; Lee, C.C.; Weng, C.Y.: An extended chaotic maps based user authentication and privacy preserving scheme against DoS attacks in pervasive and ubiquitous computing environments. Nonlinear Dyn. 74(4), 1133–1143 (2013)

    Article  MathSciNet  Google Scholar 

  25. Lee, C.C.; Chen, C.L.; Wu, C.Y.; Huang, S.Y.: An extended chaotic maps-based key agreement protocol with user anonymity. Nonlinear Dyn. 69(1–2), 79–87 (2012)

    Article  MathSciNet  MATH  Google Scholar 

  26. He, D.B.; Chen, Y.T.; Chen, J.H.: Cryptanalysis and improvement of an extended chaoticmaps-based key agreement protocol. Nonlinear Dyn. 69(3), 1149–1157 (2012)

    Article  MATH  Google Scholar 

  27. Lai, H.; Xiao, J.; Li, L.; et al.: Applying semigroup property of enhanced chebyshev polynomials to anonymous authentication protocol. Math. Probl. Eng. (2012). doi:10.1155/2012/454823

    MathSciNet  MATH  Google Scholar 

  28. Zhao, F.J.; Gong, P.; Li, S.; Li, M.G.; Li, P.: Cryptanalysis and improvement of a three-party key agreement protocol using enhanced Chebyshev polynomials. Nonlinear Dyn. 74(1–2), 419–427 (2013)

    Article  MathSciNet  MATH  Google Scholar 

  29. Xie, Q.; Zhao, J.M.; Yu, X.Y.: Chaotic maps-based three-party password-authenticated key agreement scheme. Nonlinear Dyn. 74(4), 1021–1027 (2013)

    Article  MathSciNet  MATH  Google Scholar 

  30. Kocher, P.; Jaffe, J.; Jun, B.: Differential power analysis. In: Proceedings of advances in cryptology (Crypto’99), pp. 388–397 (1999)

  31. Irshad, A.; Sher, M.; Chaudhary, S.A.; Naqvi, H.; Farash, M.S.: An efficient and anonymous multi-server authenticated key agreement based on chaotic map without engaging registration centre. J. Supercomput. 72(4), 1623–1644 (2016)

    Article  Google Scholar 

  32. Lee, C.C.; Lou, D.C.; Li, C.T.; Hsu, C.W.: An extended chaotic-maps-based protocol with key agreement for multi-server environments. Nonlinear Dyn. 76(1), 853–866 (2014)

    Article  MATH  Google Scholar 

  33. Li, X.; Niu, J.; Kumari, S.; Islam, S.H.; Wu, F.; Khan, M.K.; Das, A.K.: A novel chaotic maps-based user authentication and key agreement protocol for multi-server environments with provable security. Wirel. Pers. Commun. (2016). doi:10.1007/s11277-016-3293-x

    Google Scholar 

  34. Li, X.; Niu, J.W.; Khan, M.K.; Liao, J.G.: An enhanced smart card based remote user password authentication scheme. J. Netw. Comput. Appl. 36(5), 1365–C1371 (2013)

    Article  Google Scholar 

  35. Wang, X.; Zhang, W.; Guo, W.; Zhang, J.: Secure chaotic system with application to chaotic ciphers. Inf. Sci. 221, 555–570 (2013)

    Article  MathSciNet  MATH  Google Scholar 

  36. Cheong, K.Y.; Koshiba, T.: More on security of public key cryptosystems based on Chebyshev polynomials. IEEE T Circuits II 54(9), 795–799 (2007)

    Google Scholar 

  37. Jiang, Q.; Ma, J.; Lu, X.; Tian, Y.: Robust chaotic map-based authentication and key agreement scheme with strong anonymity for telecare medicine information systems. J. Med. Syst. 38(2), 12 (2014)

    Article  Google Scholar 

  38. Jiang, Q.; Wei, F.; Fu, S.; Ma, J.; Li, G.; Alelaiwi, A.: Robust extended chaotic maps-based three-factor authentication scheme preserving biometric template privacy. Nonlinear Dyn. 83(4), 2085–2101 (2016)

    Article  MathSciNet  MATH  Google Scholar 

  39. Ch, S.A.; Sher, M.; Ghani, A.; Naqvi, H.; Irshad, A.: An efficient signcryption scheme with forward secrecy and public verifiability based on hyper elliptic curve cryptography. Multimed. Tools Appl. 74(5), 1711–1723 (2015)

    Article  Google Scholar 

  40. Xiao, D.; Liao, X.; Wong, K.: An efficient entire chaos based scheme for deniable authentication. Chaos Solitons Fractals 23, 1327–1331 (2005)

    Article  MATH  Google Scholar 

  41. Lumini, A.; Loris, N.: An improved Bio-hashing for human authentication. Pattern Recognit. 40(3), 1057–1065 (2007)

  42. Jin, A.T.B.; Ling, D.N.C.; Goh, A.: Bio-hashing: two factor authentication featuring fingerprint data and tokenised random number. Pattern Recognit. 37(11), 2245–2255 (2004)

  43. Messerges, T.S.; Dabbish, E.A.; Sloan, R.H.: Examining smart-card security under the threat of power analysis attacks. IEEE Trans. Comput. 51(5), 541–552 (2002)

    Article  MathSciNet  Google Scholar 

  44. Li, C.T.; Lee, C.C.; Weng, C.Y.; Fan, C.I.: A secure dynamic identity based authentication protocol with smart cards for multi-server architecture. J. Inf. Sci. Eng. 31(6), 1975–1992 (2015)

  45. Chen, C.T.; Lee, C.C.: A two-factor authentication scheme with anonymity for multi-server environments. Secur. Commun. Netw. 8(8), 1608–1625 (2015)

    Article  Google Scholar 

  46. Li, X.; Niu, J.; Kumari, S.; Wu, F.; Choo, K.K.R.: A robust biometrics based three-factor authentication scheme for global mobility networks in smart city. Future Gener. Comput. Syst. (2017). doi:10.1016/j.future.2017.04.012

    Google Scholar 

  47. Li, X.; Ibrahim, M.H.; Kumari, S.; Sangaiah, A.K.; Gupta, V.; Choo, K.K.R.: Anonymous mutual authentication and key agreement scheme for wearable sensors in wireless body area networks. Comput. Netw. (2017). doi:10.1016/j.comnet.2017.03.013

    Google Scholar 

  48. Burrow, M.; Abadi, M.; Needham, R.: A logic of authentication. ACM Trans. Comput. Syst. 8, 18–36 (1990)

    Article  Google Scholar 

  49. Irshad, A.; Ashraf Chaudhry, S.: Comments on A privacy preserving three-factor authentication protocol for e-health clouds. J. Supercomput. 73, 1504 (2017)

    Article  Google Scholar 

  50. Tsaur, W.J.; Li, J.H.; Lee, W.B.: An efficient and secure multi-server authentication scheme with key agreement. J. Syst. Softw. 85(4), 876–882 (2012)

    Article  Google Scholar 

  51. He, D.B.; Wang, D.: Robust biometrics-based authentication scheme for multi-server environment. IEEE Syst. J. 9(3), 816–823 (2015)

    Article  Google Scholar 

  52. Tsai, J.L.; Lo, N.W.: A chaotic map-based anonymous multi-server authenticated key agreement protocol using smart card. Int. J. Commun. Syst. 28(13), 1955–1963 (2015)

    Article  Google Scholar 

  53. Lu, Y.; Li, L.; Peng, H.; Yang, Y.: Cryptanalysis and improvement of a chaotic maps-based anonymous authenticated key agreement protocol for multi-server architecture. Secur. Commun. Netw. (2016). doi:10.1002/sec.1417

    Google Scholar 

Download references

Acknowledgements

This work was supported by the National Natural Science Foundation of China under Grant No. 61300220, and the Scientific Research Fund of Hunan Provincial Education Department under Grant No. 16B089.

Author information

Authors and Affiliations

  1. Department of Computer Science and Software Engineering, International Islamic University, Islamabad, Pakistan

    Azeem Irshad & Shehzad Ashraf Chaudhry

  2. Hangzhou Key Laboratory of Cryptography and Network Security, Hangzhou Normal University, Hangzhou, China

    Qi Xie

  3. Hunan University of Science and Technology, Xiangtan, China

    Xiong Li

  4. Faculty of Mathematical Sciences and Computer, Kharazmi University, Tehran, Iran

    Mohammad Sabzinejad Farash

  5. Chaudhary Charan Singh University, Meerut, Uttar Pradesh, 250004, India

    Saru Kumari

  6. Xiamen Institute of Technology, Xiamen, China

    Fan Wu

Authors
  1. Azeem Irshad
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Shehzad Ashraf Chaudhry
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Qi Xie
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Xiong Li
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Mohammad Sabzinejad Farash
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Saru Kumari
    View author publications

    You can also search for this author in PubMed Google Scholar

  7. Fan Wu
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Azeem Irshad.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Irshad, A., Chaudhry, S.A., Xie, Q. et al. An Enhanced and Provably Secure Chaotic Map-Based Authenticated Key Agreement in Multi-Server Architecture. Arab J Sci Eng 43, 811–828 (2018). https://doi.org/10.1007/s13369-017-2764-z

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s13369-017-2764-z

Keywords

Search

Navigation