Abstract
Organizations often use smart card-based user authentication for remote access. The research community has put forward dynamic identity based remote user authentication schemes for distributed multi-server environment to safeguard the connection between user and server. Recently, Qiu et al. proposed an efficient smart card based remote user authentication scheme for the multi-server environment, in which they uphold their scheme provides mutual authentication and key agreement, user-anonymity, resistance against various kind of attacks. This paper will manifest that if the adversary is successful in stealing a smart card, then their schemes are vulnerable to masquerade attack, server spoofing attack, and password guessing attack. We overcome their flaws and propose an enhanced anonymous scheme where whenever the user wants to log into a server, the user identity is changed dynamically before login. And also, the scheme resists all possible attacks. We compared our scheme with respect to the related scheme, used BAN logic for verification of correctness of mutual key agreement and AVISPA to prove scheme is safe. We have provided formal security proofs for our scheme.
![](http://media.springernature.com/m312/springer-static/image/art%3A10.1007%2Fs10586-022-03585-4/MediaObjects/10586_2022_3585_Fig1_HTML.png)
![](http://media.springernature.com/m312/springer-static/image/art%3A10.1007%2Fs10586-022-03585-4/MediaObjects/10586_2022_3585_Fig2_HTML.png)
![](http://media.springernature.com/m312/springer-static/image/art%3A10.1007%2Fs10586-022-03585-4/MediaObjects/10586_2022_3585_Fig3_HTML.png)
![](http://media.springernature.com/m312/springer-static/image/art%3A10.1007%2Fs10586-022-03585-4/MediaObjects/10586_2022_3585_Fig4_HTML.png)
![](http://media.springernature.com/m312/springer-static/image/art%3A10.1007%2Fs10586-022-03585-4/MediaObjects/10586_2022_3585_Fig5_HTML.png)
Similar content being viewed by others
Data availability
Not applicable,
Code availability
Not applicable.
References
Akherfi, K., Gerndt, M., Harroud, H.: Mobile cloud computing for computation offloading: issues and challenges. Appl. Comput. Inform. 14(1), 1–16 (2018)
Alamsyah, Z., Mantoro, T., Adityawarman, U., Ayu, M.A.: Combination RSA with one time pad for enhanced scheme of two-factor authentication. In: 2020 6th International Conference on Computing Engineering and Design (ICCED), pp. 1–5. IEEE (2020)
Alhejazi, M.M., Al-Dahasi, E.M., Saqib, N.A.: A new remote user authentication scheme for e-health-care applications using steganography. In: 2019 2nd International Conference on Computer Applications and Information Security (ICCAIS), pp 1–10. IEEE (2019)
Burrows, M., Abadi, M.: A logic of authentication. Proc. R. Soc. Lond. A (1989). https://doi.org/10.1098/rspa.1989.0125
Chaffetz, J., Meadows, M., Hurd, W.: The OPM Data Breach: How the Government Jeopardized Our National Security for More than a Generation. Report (2016)
Chang, C.C., Lee, J.S.: An efficient and secure multi-server password authentication scheme using smart cards. In: 2004 International Conference on Cyberworlds, pp 417–422. IEEE (2004)
Chang, Y.F., Tai, W.L., Chang, H.C.: Untraceable dynamic-identity-based remote user authentication scheme with verifiable password update. Int. J. Commun. Syst. 27(11), 3430–3440 (2014)
Derhab, A., Belaoued, M., Guerroumi, M., Khan, F.A.: Two-factor mutual authentication offloading for mobile cloud computing. IEEE Access 8, 28956–28969 (2020)
Ferrag, M.A., Maglaras, L., Derhab, A., Janicke, H.: Authentication schemes for smart mobile devices: threat models, countermeasures, and open research issues. Telecommun. Syst. 73(2), 317–348 (2020)
Hsiang, H.C., Shih, W.K.: Improvement of the secure dynamic ID based remote user authentication scheme for multi-server environment. Comput. Stand. Interfaces 31(6), 1118–1123 (2009)
Hwang, M.S., Li, L.H.: A new remote user authentication scheme using smart cards. IEEE Trans. Consum. Electron. 46(1), 28–30 (2000)
Hwang, M.S., Cahyadi, E.F., Chou, Y.C., Yang, C.Y.: Cryptanalysis of Kumar’s remote user authentication scheme with smart card. In: 2018 14th International Conference on Computational Intelligence and Security (CIS), pp 416–420. IEEE (2018)
Juang, W.S.: Efficient multi-server password authenticated key agreement using smart cards. IEEE Trans. Consum. Electron. 50(1), 251–255 (2004)
Juang, W.S., Chen, S.T., Liaw, H.T.: Robust and efficient password-authenticated key agreement using smart cards. IEEE Trans. Ind. Electron. 55(6), 2551–2556 (2008)
Kocher, P., Jaffe, J., Jun, B.: Differential power analysis. In: Annual International Cryptology Conference, 1999, pp. 388–397. Springer (1999)
Lamport, L.: Password authentication with insecure communication. Commun. ACM 24(11), 770–772 (1981)
Lee, C.C., Lin, T.H., Chang, R.X.: A secure dynamic ID based remote user authentication scheme for multi-server environment using smart cards. Expert Syst. Appl. 38(11), 13863–13870 (2011)
Lee, W.B., Chang, C.C.: User identification and key distribution maintaining anonymity for distributed computer networks. Comput. Syst. Sci. Eng. 15(4), 211–214 (2000)
Leu, J.S., Hsieh, W.B.: Efficient and secure dynamic ID-based remote user authentication scheme for distributed systems using smart cards. IET Inf. Secur. 8(2), 104–113 (2013)
Li, L.H., Lin, L.C., Hwang, M.S.: A remote password authentication scheme for multiserver architecture using neural networks. IEEE Trans. Neural Netw. 12(6), 1498–1504 (2001)
Li, X., Qiu, W., Zheng, D., Chen, K., Li, J.: Anonymity enhancement on robust and efficient password-authenticated key agreement using smart cards. IEEE Trans. Ind. Electron. 57(2), 793–800 (2010)
Li, X., Ma, J., Wang, W., **ong, Y., Zhang, J.: A novel smart card and dynamic ID based remote user authentication scheme for multi-server environments. Math. Comput. Model. 58(1–2), 85–95 (2013)
Liao, Y.P., Wang, S.S.: A secure dynamic ID based remote user authentication scheme for multi-server environment. Comput. Stand. Interfaces 31(1), 24–29 (2009)
Lin, I.C., Hwang, M.S., Li, L.H.: A new remote user authentication scheme for multi-server architecture. Future Gener. Comput. Syst. 19(1), 13–22 (2003)
Liu, Y., Gong, P., Yan, X., Li, P.: On the security of a dynamic identity-based remote user authentication scheme with verifiable password update. Int. J. Commun. Syst. 28(5), 842–847 (2015)
Mangard, S., Oswald, E., Popp, T.: Power Analysis Attacks: Revealing the Secrets of Smart Cards. Springer, Berlin (2010)
Matsumoto, T., Matsumoto, H., Yamada, K., Hoshino, S.: Impact of artificial “gummy” fingers on fingerprint systems. In: Optical Security and Counterfeit Deterrence Techniques IV, vol. 4677. International Society for Optics and Photonics (2002)
Messerges, T.S., Dabbish, E.A., Sloan, R.H.: Examining smart-card security under the threat of power analysis attacks. IEEE Trans. Comput. 51(5), 541–552 (2002)
Mohammedi, M., Omar, M., Bouabdallah, A.: Secure and lightweight remote patient authentication scheme with biometric inputs for mobile healthcare environments. J. Ambient Intell. Humaniz. Comput. 9(5), 1527–1539 (2018)
Mollah, M.B., Azad, M.A.K., Vasilakos, A.: Security and privacy challenges in mobile cloud computing: survey and way ahead. J. Netw. Comput. Appl. 84, 38–54 (2017)
Park, W.S., Hwang, D.Y., Kim, K.H.: A TOTP-based two factor authentication scheme for hyperledger fabric blockchain. In: 2018 Tenth International Conference on Ubiquitous and Future Networks (ICUFN), pp. 817–819. IEEE (2018)
Qiu, S., Xu, G., Ahmad, H., Xu, G., Qiu, X., Xu, H.: An improved lightweight two-factor authentication and key agreement protocol with dynamic identity based on elliptic curve cryptography. KSII Trans. Internet Inf. Syst. 13(2), 978–1002 (2019)
Raub, D., Steinwandt, R., Müller-Quade, J.: On the security and composability of the one time pad. In: International Conference on Current Trends in Theory and Practice of Computer Science, pp. 288–297. Springer (2005)
Sain, M., Kim, K.H., Kang, Y.J., Lee, H.J.: An improved two factor user authentication framework based on captcha and visual secret sharing. In: 2019 IEEE International Conference on Computational Science and Engineering (CSE) and IEEE International Conference on Embedded and Ubiquitous Computing (EUC), pp. 171–175. IEEE (2019)
Shunmuganathan, S., Saravanan, R.D., Palanichamy, Y.: Secure and efficient smart-card-based remote user authentication scheme for multiserver environment. Can. J. Electr. Comput. Eng. 38(1), 20–30 (2015)
Sun, D.Z., Huai, J.P., Sun, J.Z., Li, J.X., Zhang, J.W., Feng, Z.Y.: Improvements of Juang’s password-authenticated key agreement scheme using smart cards. IEEE Trans. Ind. Electron. 56(6), 2284–2291 (2009)
Team, T., et al.: AVISPA v1. 1 user manual. Information Society Technologies Programme (June 2006) (2006). http://avispa-project.org
Tsai, J.L.: Efficient multi-server authentication scheme based on one-way hash function without verification table. Comput. Secur. 27(3–4), 115–121 (2008)
Tsaur, W.J., Wu, C.C., Lee, W.B.: A smart card-based remote scheme for password authentication in multi-server Internet services. Comput. Stand. Interfaces 27(1), 39–51 (2004)
Zhang, X., Wang, B., Wang, W.: A new remote authentication scheme for anonymous users using elliptic curves cryptosystem. Int. J. Netw. Secur. 20(2), 390–395 (2018)
Funding
No funding was received for conducting this study.
Author information
Authors and Affiliations
Corresponding author
Ethics declarations
Conflict of interest
The authors have no conflicts of interest to declare that are relevant to the content of this article.
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Andola, N., Prakash, S., Gahlot, R. et al. An enhanced smart card and dynamic ID based remote multi-server user authentication scheme. Cluster Comput 25, 3699–3717 (2022). https://doi.org/10.1007/s10586-022-03585-4
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10586-022-03585-4