Nothing Special   »   [go: up one dir, main page]
Skip to main content
Springer Nature Link
Log in

Analysis and Improvement of a Robust Smart Card Based-Authentication Scheme for Multi-Server Architecture

  • Published:
Wireless Personal Communications Aims and scope Submit manuscript

Abstract

Recently, Pippal et al. proposed an authentication scheme for multi-server architecture and claimed that their scheme had many advantages compared to the previous schemes, such as security, reliability, etc. In this paper, we reanalyze the security of their scheme and demonstrate that their scheme is vulnerable to impersonation attack even if the adversary doesn’t know the information stored in the user’s smart card. Moreover, the adversary can proceed off-line password guessing attack if the user’s smart card is compromised. In order to eliminate those shortcomings, we propose an improved multi-server authentication scheme which can preserve user anonymity. We demonstrate the completeness of the proposed scheme through the BAN logic. Compared with other related protocols, the security analysis and performance evaluation show that our proposed scheme can provide stronger security.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2

Similar content being viewed by others

References

  1. Lamport, L. (1981). Password authentication with insecure communication. Communications of the ACM, 24(11), 770–772.

    Article  MathSciNet  Google Scholar 

  2. Das, M., Saxena, A., & Gulati, V. (2004). A dynamic ID-based remote user authentication scheme. IEEE Transactions on Consumer Electronics, 50(2), 665–667.

    Article  Google Scholar 

  3. Wen, F. (2013). A robust uniqueness-and-anonymity-preserving remote user authentication scheme for connected health care. Journal of Medical Systems, 37, 9980. doi:10.1007/s10916-013-9980-1.

    Article  Google Scholar 

  4. Wen, F., & Li, X. (2011). An improved dynamic ID-based remote user authentication with key agreement scheme. Computers and Electrical Engineering, 38(2), 381–387.

    Article  Google Scholar 

  5. Wen, F., Susilo, W., & Yang, G. (2013). A secure and effective anonymous user authentication scheme for roaming service in global mobility networks. Wireless Personal Communications, 73(3), 993–1004.

    Article  Google Scholar 

  6. Li, L., Lin, I., & Hwang, M. (2001). A remote password authentication scheme for multiserver architecture using neural networks. IEEE Transactions on Neural Network, 12(6), 1498–1504.

    Article  Google Scholar 

  7. Lin, I., Hwang, M., & Li, L. (2003). A new remote user authentication scheme for multi-server architecture. Future Generation Computer System, 19(1), 13–22.

    Article  MATH  Google Scholar 

  8. Cao, X., & Zhong, S. (2006). Breaking a remote user authentication scheme for multiserver architecture. IEEE Communications Letters, 10(8), 580–581.

    Article  Google Scholar 

  9. Juang, W. (2004). Efficient multi-server password authenticated key agreement using smart cards. IEEE Transactions on Consumer Electronics, 50(1), 251–255.

    Article  Google Scholar 

  10. Tsai, J. (2008). Efficient multi-server authentication scheme based on one-way hash function without verification table. Computers and Security, 27(3–4), 115–121.

    Article  Google Scholar 

  11. Liao, Y., & Wang, S. (2009). A secure dynamic ID based remote user authentication scheme for multi-server environment. Computer Standards and Interface, 19(1), 13–22.

    Google Scholar 

  12. Hsiang, H., & Shih, W. (2009). Improvement of the secure dynamic ID based remote user authentication scheme for multi-server environment. Computer Standards and Interface, 31(6), 1118–1123.

    Article  Google Scholar 

  13. Sood, S., Sarje, A., & Singh, K. (2011). A secure dynamic identity based authentication protocol for multi-server architecture. Journal of Network and Computer Applications, 34(2), 609–618.

    Article  Google Scholar 

  14. Lee, C., Lin, T., & Chang, R. (2011). A secure dynamic ID based remote user authentication scheme for multi-server environment using smart cards. Expert Systems with Applications, 38(11), 13863–13870.

    Google Scholar 

  15. Li, X., Xiong, Y., Ma, J., & Wang, W. (2012). An efficient and security dynamic identity based authentication protocol for multi-server architecture using smart cards. Journal of Network and Computer Applications, 35(2), 763–769.

    Article  Google Scholar 

  16. Li, X., Ma, J., Wang, W., Xiong, Y., & Zhang, J. (2012). A novel smart card and dynamic ID based remote user authentication scheme for multi-server environments. Mathematical and Computer Modelling, 58(1–2), 85–95.

    Google Scholar 

  17. Guo, D., & Wen, F. (2013). A more secure dynamic ID based remote user authentication scheme for multi-server environment. Journal of Computational Information Systems, 9(2), 407–414.

    Google Scholar 

  18. Wang, B., & Ma, M. (2013). A smart card based efficient and secured multi-server authentication scheme. Wireless Personal Communications, 68, 361–378.

    Article  Google Scholar 

  19. He, D., & Wu, S. (2013). Security flaws in a smart card based authentication scheme for multi-server environment. Wireless Personal Communications, 70(1), 323–329.

    Article  Google Scholar 

  20. Pippal, R., Jaidhar, C., & Tapaswi, S. (2013). Robust smart card authentication scheme for multi-server architecture. Wireless Personal Communications, 72, 729–745.

    Article  Google Scholar 

  21. Tsai, J., Lo, N., & Wu, T. (2012). A new password-based multi-server authentication scheme robust to password guessing attacks. Wireless Personal Communications, 71, 1977–1988.

    Article  Google Scholar 

  22. Kocher, P., Jaffe, J., & Jun, B. (1999). Differential power analysis: 19th Annual international cryptology conference, (pp. 388–397).

  23. Messerges, T., Dabbish, E., & Sloan, R. (2002). Examining smart card security under the threat of power analysis attacks. IEEE Transactions on Computers, 5(51), 541–552.

    Article  MathSciNet  Google Scholar 

  24. Charvet, X., Pelletier, H. (2005). Improving the DPA attack using Wavelet transform. In: NIST Physical Security Testing Workshop, Vol. 46.

  25. Jasper G. J., van Woudenberg, J., Witteman, M., & Bakker, B. (2011). Improving differential power analysis by elastic alignment. In: Proceedings of the 11th international conference on topics in cryptology: CT-RSA 2011, (pp. 104–119).

  26. Burrows, M., Abadi, M., & Needham, R. (1990). A logic of authentication. ACM Transactions on Computer Systems, 8(1), 18–36.

    Article  Google Scholar 

  27. Chang, Y., Yu, S., & Shiao, D. (2013). A uniqueness-and-anonymity-preserving remote user authentication scheme for connected health care. Journal of Medical Systems, 37(3), 1–16.

    MATH  Google Scholar 

Download references

Acknowledgments

The authors are grateful to the editor and anonymous reviewers for their valuable suggestions. This work is supported by Natural Science Foundation of Shandong Province (No. ZR2013FM009).

Author information

Authors and Affiliations

  1. School of Mathematical Sciences, University of Jinan, Jinan, 250022, China

    Dianli Guo & Fengtong Wen

Authors
  1. Dianli Guo
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Fengtong Wen
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Fengtong Wen.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Guo, D., Wen, F. Analysis and Improvement of a Robust Smart Card Based-Authentication Scheme for Multi-Server Architecture. Wireless Pers Commun 78, 475–490 (2014). https://doi.org/10.1007/s11277-014-1762-7

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11277-014-1762-7

Keywords

Search

Navigation