[go: up one dir, main page]
More Web Proxy on the site http://driver.im/ Skip to main content

Advertisement

Springer Nature Link
Log in

A Novel Three-Factor Authentication Scheme with High Security for Multi-Server Environments

  • Published:
Wireless Personal Communications Aims and scope Submit manuscript

Abstract

In a multi-sever scenario, a two-party remote user authentication scheme is faced with various kinds of security threats. The introduction of biometric technology can effectively improve the security on the user side and the resistance to password guessing attack. Therefore, many biometrics-based user authentication schemes have emerged in the last few years. However, in some recent authentication schemes, a server can easily impersonate a legal user by using the shared secret key and a randomly selected identity. In this study, we first analyze a study of these schemes and indicate the security weakness and vulnerability that might allow attacks. Then, we present an improved biometrics-based three-factor authentication scheme for multi-server environments that inherits most of the advantages of the original scheme and introduces digital signature to address the common security problem. Furthermore, the proposed scheme also has a simplified the authentication procedure and improves execution efficiency. Analysis results, including security analysis and performance comparison, indicate that the new scheme has good efficiency and is robust against various known attacks.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Subscribe and save

Springer+ Basic
£29.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price includes VAT (United Kingdom)

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2

Similar content being viewed by others

Availability of data and material

All data generated or analysed during this study are included in this published article (and its supplementary information files).

References

  1. Lamport, L. (1981). Password authentication with insecure communication. Communications of the Acm, 24(24), 770–772.

    Article  Google Scholar 

  2. Tsai, J. L., & Lo, N. W. (2013). A new password-based multi-server authentication scheme robust to password guessing attacks. Wireless Personal Communications, 71(3), 1977–1988.

    Article  Google Scholar 

  3. Nam, J., Choo, K. K., Han, S., Paik, J., & Won, D. (2015). Two-round password-only authenticated key exchange in the three-party setting. Symmetry, 7(1), 105–124.

    Article  MathSciNet  MATH  Google Scholar 

  4. Chang, C. C., & Wu, T. C. (1991). Remote password authentication with smart cards. IEE Proceedings-E, 138(3), 165–168.

    Google Scholar 

  5. Xiong, L., Niu, J., Kumari, S., Islam, S. H., Fan, W., Khan, M. K., & Das, A. K. (2016). A novel chaotic maps-based user authentication and key agreement protocol for multi-server environment with provable security. Wireless Personal Communications, 89(2), 569–597.

    Article  Google Scholar 

  6. Jangirala, S., Mukhopadhyay, S., & Das, A. K. (2017). A multi-server environment with secure and efficient remote user authentication scheme based on dynamic id using smart cards. Wireless Personal Communications, 95(3), 1–33.

    Article  Google Scholar 

  7. Mishra, D. (2016). Design and analysis of a provably secure multi-server authentication scheme. Wireless Personal Communications, 86(3), 1–25.

    Article  Google Scholar 

  8. Mishra, D., & Dhal, S. (2017). Privacy preserving password-based multi-server authenticated key agreement protocol using smart card. Wireless Personal Communications, 99(3), 1–21.

    Google Scholar 

  9. Jiang, Q., Ma, J., Lu, X., & Tian, Y. (2015). An efficient two-factor user authentication scheme with unlinkability for wireless sensor networks. Peer-to-Peer Networking and Applications, 8(6), 1070–1081.

    Article  Google Scholar 

  10. Wang, D., He, D., Wang, P., & Chu, C. H. (2015). Anonymous two-factor authentication in distributed systems: Certain goals are beyond attainment. Dependable & Secure Computing IEEE Transactions on, 12(4), 428–442.

    Article  Google Scholar 

  11. Maitra, T., Islam, S. H., Amin, R., Giri, D., Khan, M. K., & Kumar, N. (2016). An enhanced multi-server authentication protocol using password and smart-card: Cryptanalysis and design. Security & Communication Networks, 9(17), 4615–4638.

    Article  Google Scholar 

  12. Maitra, T., Obaidat, M. S., Amin, R., Islam, S. H., Chaudhry, S. A., & Giri, D. (2016). A robust elgamal-based password-authentication protocol using smart card for client-server communication. International Journal of Communication Systems, 30(11), e3242.1-e3242.12.

    Google Scholar 

  13. Wang, C., Ding, W., Xu, G., & Guo, Y. (2017). A lightweight password-based authentication protocol using smart card. International Journal of Communication Systems, 30(11), e3336.

    Article  Google Scholar 

  14. Azrour, M., Farhaoui, Y., & Ouanan, M. (2017). A new secure authentication and key exchange protocol for session initiation protocol using smart card. International Journal of Network Security, 19(6), 870–879.

    Google Scholar 

  15. Messerges, T. S., Dabbish, E. A., & Sloan, R. H. (2002). Examining smart-card security under the threat of power analysis attacks. IEEE Transactions on Computers, 51(5), 541–552.

    Article  MathSciNet  MATH  Google Scholar 

  16. He, D., & Wang, D. (2015). Robust biometrics-based authentication scheme for multiserver environment. IEEE Systems Journal, 9(3), 816–823.

    Article  Google Scholar 

  17. Li, C. T., & Hwang, M. S. (2010). An efficient biometrics-based remote user authentication scheme using smart cards. Journal of Network & Computer Applications, 33(1), 1–5.

    Article  Google Scholar 

  18. Das, A. K. (2011). Analysis and improvement on an efficient biometric-based remote user authentication scheme using smart cards. Iet Information Security, 5(3), 145–151.

    Article  Google Scholar 

  19. Huang, X., Yang, X., Chonka, A., Zhou, J., & Deng, R. H. (2011). A generic framework for three-factor authentication: Preserving security and privacy in distributed systems. IEEE Transactions on Parallel & Distributed Systems, 22(8), 1390–1397.

    Article  Google Scholar 

  20. Fan, W., Xu, L., Kumari, S., & Xiong, L. (2015). A novel and provably secure biometrics-based three-factor remote authentication scheme for mobile client-server networks. Computers & Electrical Engineering, 45(C), 274–285.

    Google Scholar 

  21. Qi, J., Khan, M. K., Xiang, L., Ma, J., & He, D. (2016). A privacy preserving three-factor authentication protocol for e-health clouds. Journal of Supercomputing, 72(10), 3826–3849.

    Article  Google Scholar 

  22. Chuang, M. C., & Chen, M. C. (2014). An anonymous multi-server authenticated key agreement scheme based on trust computing using smart cards and biometrics. International Journal of Network Security, 18(5), 997–1000.

    Google Scholar 

  23. Mishra, D., Das, A. K., & Mukhopadhyay, S. (2016). A secure and efficient ecc-based user anonymity-preserving session initiation authentication protocol using smart card. Peer-to-Peer Networking & Applications, 9(1), 171–192.

    Article  Google Scholar 

  24. Moon, J., Choi, Y., Kim, J., & Won, D. (2016). An improvement of robust and efficient biometrics based password authentication scheme for telecare medicine information systems using extended chaotic maps. Journal of Medical Systems, 40(3), 1–11.

    Article  Google Scholar 

  25. S. Ibjaoun, A. A. E. Kalam, V. Poirriez, A. A. Ouahman, & M. D. Montfort, (2017). Analysis and enhancements of an efficient biometric-based remote user authentication scheme using smart cards, in 2016 IEEE/ACS 13th International Conference of Computer Systems and Applications, 1–8.

  26. Mishra, D., Kumari, S., Khan, M. K., & Mukhopadhyay, S. (2017). An anonymous biometric-based remote user-authenticated key agreement scheme for multimedia systems. International Journal of Communication Systems, 30(1), e2946.1-e2946.14.

    Article  Google Scholar 

  27. Park, Y. H., Park, K. S., Lee, K. K., Song, H., & Park, Y. H. (2017). Security analysis and enhancements of an improved multi-factor biometric authentication scheme. International Journal of Distributed Sensor Networks, 13(8), 155014771772430.

    Article  Google Scholar 

  28. Shingala, M., Patel, C., & Doshi, N. (2017). An improve three factor remote user authentication scheme using smart card. Wireless Personal Communications, 99(12), 1–25.

    Google Scholar 

  29. Khan, M. K., & Kumari, S. (2013). An improved biometrics-based remote user authentication scheme with user anonymity. BioMed Research International, 2013(5), 491289.

    Google Scholar 

  30. Wen, F., Susilo, W., & Yang, G. (2015). Analysis and improvement on a biometric-based remote user authentication scheme using smart cards. Wireless Personal Communications, 80(4), 1747–1760.

    Article  Google Scholar 

  31. Xiong, L., Niu, J., Khan, M. K., Liao, J., & Zhao, X. (2014). Robust three-factor remote user authentication scheme with key agreement for multimedia systems. Security & Communication Networks, 9(13), 1916–1927.

    Google Scholar 

  32. He, D., Zeadally, S., Wu, L., & Wang, H. (2016). Analysis of handover authentication protocols for mobile wireless networks using identity-based public key cryptography. Computer Networks, 128(9), 154–163.

    Google Scholar 

  33. Mishra, D., Das, A. K., & Mukhopadhyay, S. (2014). A secure user anonymity-preserving biometric-based multi-server authenticated key agreement scheme using smart cards. Expert Systems with Applications, 41(18), 8129–8143.

    Article  Google Scholar 

  34. Lu, Y., Li, L., Yang, X., & Yang, Y. (2015). A biometrics and smart cards-based authentication scheme for multi-server environment. Security & Communication Networks, 8(17), 3219–3228.

    Article  Google Scholar 

  35. Lu, Y., Li, L., Yang, X., & Yang, Y. (2015). Robust biometrics based authentication and key agreement scheme for multi-server environment using smart cards. Plos One, 10(5), e0126323.

    Article  Google Scholar 

  36. Chaudhry, S. A. (2016). A secure biometric based multi-server authentication scheme for social multimedia networks. Multimedia Tools & Applications, 75(20), 1–21.

    Article  Google Scholar 

  37. Moon, J., Choi, Y., Jung, J., & Won, D. (2015). An improvement of robust biometrics-based authentication and key agreement scheme for multi-server environment using smart cards. Plos One, 10(12), e0145263.

    Article  Google Scholar 

  38. Guo, H., Wang, P., Zhang, X., Huang, Y., & Ma, F. (2017). A robust anonymous biometric-based authenticated key agreement scheme for multi-server environment. Plos One, 12(11), e0187403.

    Article  Google Scholar 

  39. Tomar, A., & Dhar, J. (2019). An ECC based secure authentication and key exchange scheme in multi-server environment. Wireless Personal Communications, 107, 351–372.

    Article  Google Scholar 

  40. Qi, M., & Chen, J. (2019). Anonymous biometrics-based authentication with key agreement scheme for multi-server environment using ECC. Multimedia Tools and Applications, 78(19), 553–568.

    Article  Google Scholar 

  41. Sudhakar, T., & Natarajan, V. (2019). A new three-factor authentication and key agreement protocol for multi-server environment. Wireless Networks, 26(3), 4909–4920.

    Google Scholar 

  42. Chuang, Y., & Lei, C. (2020). An independent three-factor mutual authentication and key agreement scheme with privacy preserving for multiserver environment and a survey. International Journal of Communication Systems, 34, e4660.

    Google Scholar 

  43. Mo, J., Chen, H., & Shen, W. (2020). Cryptanalysis of anonymous three factor-based authentication schemes for multi-server environment. International Conference on Security with Intelligent Computing and Big-data Services, 456–468.

  44. Qi, F., He, D., Zeadally, S., & Wang, H. (2017). Anonymous biometrics-based authentication scheme with key distribution for mobile multi-server environment. Future Generation Computer Systems, 84, 239–251.

    Google Scholar 

  45. Wong, M. K., Hsu, C. L., Le, T. V., Hsieh, M. C., & Lin, T. W. (2020). Three-factor fast authentication scheme with time bound and user anonymity for multi-server e-health systems in 5g-based wireless sensor networks. Sensors, 20(9), 2511.

    Article  Google Scholar 

  46. Kandar, S., Pal, S., & Dhara, B. C. (2021). A biometric based remote user authentication technique using smart card in multi-server environment. Wireless Personal Communications, 120(2), 1–24.

    Article  Google Scholar 

  47. Le, T. V., & Hsu, C. L. (2021). An anonymous key distribution scheme for group healthcare services in 5g-enabled multi-server environment. IEEE Access, 9, 53408–53422.

    Article  Google Scholar 

  48. Iuh, A., Jian, W. A., Yz, A., & Sm, B. (2021). An efficient hash-based authenticated key agreement scheme for multi-server architecture resilient to key compromise impersonation. Digital Communications and Networks, 7(1), 140–150.

    Article  Google Scholar 

  49. Kumar, A., & Om, H. (2017). An improved and secure multi-server authentication scheme based on biometrics and smartcard. Digital Communications and Networks, 4, 27–38.

    Article  Google Scholar 

  50. Kumar, A., & Om, H. (2021). An enhanced and provably secure authentication protocol using chebyshev chaotic maps for multi-server environment. Multimedia Tools and Applications, 80(9), 14163–14189.

    Article  Google Scholar 

  51. Wwa, B., Hha, C., Lxa, C., Qi, L., Rm, D., & Yz, B. (2021). Blockchain-assisted handover authentication for intelligent telehealth in multi-server edge computing environment. Journal of Systems Architecture, 115, 102024.

    Article  Google Scholar 

  52. Wang, D., & Wang, P. (2014). On the anonymity of two-factor authentication schemes for wireless sensor networks: Attacks, principle and solutions. Computer Networks, 73(C), 41–57.

    Article  Google Scholar 

  53. Burrows, M., Abadi, M., & Needham, R. (1990). A logic of authentication. ACM Transactions on Computer Systems, 8(1), 18–36.

    Article  MATH  Google Scholar 

  54. M. Abadi B. Blanchet & H.C.L. (2009). Models and proofs of protocol security: A progress report, in a. bouajjani & o. maler (eds.). Computer aided verification, 35–49.

  55. Sklavos N., Koufopavlou O. (2003). On the hardware implementations of the SHA-2 (256, 384, 512) hash functions. Proceedings of the 2003 International Symposium on Circuits and Systems 5.

  56. Buchmann, J. (2004). Introduction to cryptography (2nd ed.). New York: Springer.

    Book  MATH  Google Scholar 

  57. https://www.openssl.org/.

Download references

Author information

Authors and Affiliations

  1. College of Computer Science, Sichuan Normal University, Chengdu, China

    Rui Chen

  2. Sichuan Water Conservancy Vocational College, Chengdu, China

    Yongcong Mou

  3. College of Foreign Languages, Southwest Minzu University, Chengdu, China

    Min Zhang

Authors
  1. Rui Chen
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Yongcong Mou
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Min Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Rui Chen.

Ethics declarations

Conflicts of interest

The authors declared that they have no conflicts of interest to this work. We declare that we have no financial and personal relationships with other people or organizations that can inappropriately influence our work, there is no professional or other personal interest of any nature or kind in any product, service and/or company that could be construed as influencing the position presented in, or the review of, the manuscript entitled, “A novel three-factor authentication scheme with high security for multi-server environments”

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Chen, R., Mou, Y. & Zhang, M. A Novel Three-Factor Authentication Scheme with High Security for Multi-Server Environments. Wireless Pers Commun 124, 763–781 (2022). https://doi.org/10.1007/s11277-021-09382-3

Download citation

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11277-021-09382-3

Keywords