Abstract
Increasing popularity of the multi-server architecture has propelled the research on the multi-server authentication schemes. Current dominating authentication schemes are smartcard based, verification table free schemes with passwords. Although these schemes have developed to be robust against most of the popular malicious attacks, they still have security weaknesses and their efficiency is generally low. In this paper, we analyze and formulate security issues in previously proposed schemes. And based on the formulation, an enhanced efficient and secure scheme is proposed. In the proposal, a novel “redundant key protection” is proposed to utilize. The proposed scheme is validated and verified by Colored Petri Nets.
Similar content being viewed by others
References
Lamport L. (1981) Password authentication with insecure communication. Communications of the ACM 24(11): 770–772
Hwang, R., & Shiau, S. (2005). Password authenticated key agreement protocol for multi-servers architecture. In Proceedings of the international conference on wireless networks, communications and mobile computing (Vol. 1, pp. 279–284).
Cao, Z., & Sun, D. (2006). Cryptanalysis and improvement of user authentication scheme using smart cards for multi-server environments. In Proceedings of the international conference on machine learning and cybernetics (pp. 2818–2822).
Hwang, T., Chen, Y., & Laih C. S. (1990). Non-interactive password authentication without password tables. In Proceedings of IEEE region conference on computer and communication system (Vol. 1, pp. 429–31).
Sun H. M. (2000) An efficient remote user authentication scheme using smart cards. IEEE Transactions on Consumer Electronics 46(4): 958–961
Li L. H., Lin I. C., Hwang M. S. (2001) A remote password authentication scheme for multi-server architecture using neural networks. IEEE Transactions on Neural Network 12(6): 1498–1504
Lin I. C., Hwang M. S., Li. L. H. (2003) A new remote user authentication scheme for multi-server architecture. Future Generation Computer System 19: 13–22
Tsaur W. J., Wu C. C., Lee W. B. (2004) A smart card-based remote scheme for password authentication in multi-server internet services. Computer Standard & Interfaces 27: 39–51
Juang W. (2004) Efficient multi-Server password authenticated key agreement using smart cards. IEEE Transactions on Consumer Electronics 50(1): 251–255
Chang, C., & Lee, J. (2004). An efficient and secure multi-server password authentication scheme using smart cards. In Proceedings of the international conference on cyberworlds (pp. 417–442).
Liao Y.-P., Wang S.-S. (2009) A secure dynamic ID based remote user authentication scheme for multi-server environment. Computer Standards & Interfaces 31(1): 24–29
Tsai J.-L. (2008) Efficient multi-server authentication scheme based on one way hash function without verification table. Computers & Security 27(3–4): 115–121
Wang R.-C., Juang W.-S., Lei C.-L. (2009) User authentication scheme with privacy-preservation for multi-server environment. IEEE Communications Letters 3(2): 157–159
Geng, J., & Zhang, L. (2008). A dynamic ID-based user authentication and key agreement scheme for multi-server environment using bilinear pairings. In PEITS ’08. Workshop on power electronics and intelligent transportation system (pp. 33–37).
Song, L., Hu, J., & Zhong, C. (2010). A novel threshold distributed authentication scheme using bilinear pairings. In Proceedings of the second international workshop on education technology and computer science (ETCS) (Vol. 3, pp. 124–127).
Zhu, H., Liu, T., & Liu, J. (2009). Robust and Simple multi-server authentication protocol without verification table. In HIS ’09. Proceedings of the ninth international conference on hybrid intelligent systems (Vol. 3, pp. 51–56).
Yoon, E., & Yoo, K. (2009). Robust multi-server authentication scheme. In NPC ’09. Proceedings of the sixth IFIP international conference on network and parallel computing (pp. 197–203).
Lim, M., Lee S., & Lee H. (2008). An efficient multi-server password authenticated key agreement scheme revisited. In ICCIT ’08. Proceedings of the third international conference on convergence and hybrid information technology (pp. 396–400).
Lee, Y., & Won, D. (2008). Security weaknesses in Chang and Wu’s key agreement protocol for a multi-server environment. In ICEBE ’08. Proceedings of the IEEE international conference on e-business engineering (pp. 308–314).
Nam J., Paik J., Kang H.-K., Kim U. M., Won D. (2009) An off-line dictionary attack on a simple three-party key exchange protocol. IEEE Communication Letters 13(3): 205–207
Sotirov, A., Stevens, M., Appelbaum, J., Lenstra, A., Molnar, D., Osvik, D., et al. (2008). MD5 considered harmful today: Creating a rogue CA certificate. 25th Chaos Communications Congress, Berlin, Germany, Talk or Presentation.
Jensen K., Kristensen L. M. (2009) Colored petri nets: Modelling and validation of concurrent systems. Springer, New York
Jensen K., Christensen S., Kristensen L. M. (2006) CPN tools state space manual. University of Aarhus, Aabogade
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Wang, B., Ma, M. A Smart Card Based Efficient and Secured Multi-Server Authentication Scheme. Wireless Pers Commun 68, 361–378 (2013). https://doi.org/10.1007/s11277-011-0456-7
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11277-011-0456-7