SpringerLink
Log in

An enhanced smart card and dynamic ID based remote multi-server user authentication scheme

  • Published:
Cluster Computing Aims and scope Submit manuscript

Abstract

Organizations often use smart card-based user authentication for remote access. The research community has put forward dynamic identity based remote user authentication schemes for distributed multi-server environment to safeguard the connection between user and server. Recently, Qiu et al. proposed an efficient smart card based remote user authentication scheme for the multi-server environment, in which they uphold their scheme provides mutual authentication and key agreement, user-anonymity, resistance against various kind of attacks. This paper will manifest that if the adversary is successful in stealing a smart card, then their schemes are vulnerable to masquerade attack, server spoofing attack, and password guessing attack. We overcome their flaws and propose an enhanced anonymous scheme where whenever the user wants to log into a server, the user identity is changed dynamically before login. And also, the scheme resists all possible attacks. We compared our scheme with respect to the related scheme, used BAN logic for verification of correctness of mutual key agreement and AVISPA to prove scheme is safe. We have provided formal security proofs for our scheme.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Subscribe and save

Springer+ Basic
EUR 32.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or Ebook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price includes VAT (Germany)

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5

Similar content being viewed by others

Data availability

Not applicable,

Code availability

Not applicable.

References

  1. Akherfi, K., Gerndt, M., Harroud, H.: Mobile cloud computing for computation offloading: issues and challenges. Appl. Comput. Inform. 14(1), 1–16 (2018)

    Article  Google Scholar 

  2. Alamsyah, Z., Mantoro, T., Adityawarman, U., Ayu, M.A.: Combination RSA with one time pad for enhanced scheme of two-factor authentication. In: 2020 6th International Conference on Computing Engineering and Design (ICCED), pp. 1–5. IEEE (2020)

  3. Alhejazi, M.M., Al-Dahasi, E.M., Saqib, N.A.: A new remote user authentication scheme for e-health-care applications using steganography. In: 2019 2nd International Conference on Computer Applications and Information Security (ICCAIS), pp 1–10. IEEE (2019)

  4. Burrows, M., Abadi, M.: A logic of authentication. Proc. R. Soc. Lond. A (1989). https://doi.org/10.1098/rspa.1989.0125

    Article  MATH  Google Scholar 

  5. Chaffetz, J., Meadows, M., Hurd, W.: The OPM Data Breach: How the Government Jeopardized Our National Security for More than a Generation. Report (2016)

  6. Chang, C.C., Lee, J.S.: An efficient and secure multi-server password authentication scheme using smart cards. In: 2004 International Conference on Cyberworlds, pp 417–422. IEEE (2004)

  7. Chang, Y.F., Tai, W.L., Chang, H.C.: Untraceable dynamic-identity-based remote user authentication scheme with verifiable password update. Int. J. Commun. Syst. 27(11), 3430–3440 (2014)

    Google Scholar 

  8. Derhab, A., Belaoued, M., Guerroumi, M., Khan, F.A.: Two-factor mutual authentication offloading for mobile cloud computing. IEEE Access 8, 28956–28969 (2020)

    Article  Google Scholar 

  9. Ferrag, M.A., Maglaras, L., Derhab, A., Janicke, H.: Authentication schemes for smart mobile devices: threat models, countermeasures, and open research issues. Telecommun. Syst. 73(2), 317–348 (2020)

    Article  Google Scholar 

  10. Hsiang, H.C., Shih, W.K.: Improvement of the secure dynamic ID based remote user authentication scheme for multi-server environment. Comput. Stand. Interfaces 31(6), 1118–1123 (2009)

    Article  Google Scholar 

  11. Hwang, M.S., Li, L.H.: A new remote user authentication scheme using smart cards. IEEE Trans. Consum. Electron. 46(1), 28–30 (2000)

    Article  Google Scholar 

  12. Hwang, M.S., Cahyadi, E.F., Chou, Y.C., Yang, C.Y.: Cryptanalysis of Kumar’s remote user authentication scheme with smart card. In: 2018 14th International Conference on Computational Intelligence and Security (CIS), pp 416–420. IEEE (2018)

  13. Juang, W.S.: Efficient multi-server password authenticated key agreement using smart cards. IEEE Trans. Consum. Electron. 50(1), 251–255 (2004)

    Article  Google Scholar 

  14. Juang, W.S., Chen, S.T., Liaw, H.T.: Robust and efficient password-authenticated key agreement using smart cards. IEEE Trans. Ind. Electron. 55(6), 2551–2556 (2008)

    Article  Google Scholar 

  15. Kocher, P., Jaffe, J., Jun, B.: Differential power analysis. In: Annual International Cryptology Conference, 1999, pp. 388–397. Springer (1999)

  16. Lamport, L.: Password authentication with insecure communication. Commun. ACM 24(11), 770–772 (1981)

    Article  Google Scholar 

  17. Lee, C.C., Lin, T.H., Chang, R.X.: A secure dynamic ID based remote user authentication scheme for multi-server environment using smart cards. Expert Syst. Appl. 38(11), 13863–13870 (2011)

    Google Scholar 

  18. Lee, W.B., Chang, C.C.: User identification and key distribution maintaining anonymity for distributed computer networks. Comput. Syst. Sci. Eng. 15(4), 211–214 (2000)

    Google Scholar 

  19. Leu, J.S., Hsieh, W.B.: Efficient and secure dynamic ID-based remote user authentication scheme for distributed systems using smart cards. IET Inf. Secur. 8(2), 104–113 (2013)

    Article  Google Scholar 

  20. Li, L.H., Lin, L.C., Hwang, M.S.: A remote password authentication scheme for multiserver architecture using neural networks. IEEE Trans. Neural Netw. 12(6), 1498–1504 (2001)

    Article  Google Scholar 

  21. Li, X., Qiu, W., Zheng, D., Chen, K., Li, J.: Anonymity enhancement on robust and efficient password-authenticated key agreement using smart cards. IEEE Trans. Ind. Electron. 57(2), 793–800 (2010)

    Article  Google Scholar 

  22. Li, X., Ma, J., Wang, W., **ong, Y., Zhang, J.: A novel smart card and dynamic ID based remote user authentication scheme for multi-server environments. Math. Comput. Model. 58(1–2), 85–95 (2013)

    Article  Google Scholar 

  23. Liao, Y.P., Wang, S.S.: A secure dynamic ID based remote user authentication scheme for multi-server environment. Comput. Stand. Interfaces 31(1), 24–29 (2009)

    Article  Google Scholar 

  24. Lin, I.C., Hwang, M.S., Li, L.H.: A new remote user authentication scheme for multi-server architecture. Future Gener. Comput. Syst. 19(1), 13–22 (2003)

    Article  Google Scholar 

  25. Liu, Y., Gong, P., Yan, X., Li, P.: On the security of a dynamic identity-based remote user authentication scheme with verifiable password update. Int. J. Commun. Syst. 28(5), 842–847 (2015)

    Article  Google Scholar 

  26. Mangard, S., Oswald, E., Popp, T.: Power Analysis Attacks: Revealing the Secrets of Smart Cards. Springer, Berlin (2010)

    MATH  Google Scholar 

  27. Matsumoto, T., Matsumoto, H., Yamada, K., Hoshino, S.: Impact of artificial “gummy” fingers on fingerprint systems. In: Optical Security and Counterfeit Deterrence Techniques IV, vol. 4677. International Society for Optics and Photonics (2002)

  28. Messerges, T.S., Dabbish, E.A., Sloan, R.H.: Examining smart-card security under the threat of power analysis attacks. IEEE Trans. Comput. 51(5), 541–552 (2002)

    Article  MathSciNet  Google Scholar 

  29. Mohammedi, M., Omar, M., Bouabdallah, A.: Secure and lightweight remote patient authentication scheme with biometric inputs for mobile healthcare environments. J. Ambient Intell. Humaniz. Comput. 9(5), 1527–1539 (2018)

    Article  Google Scholar 

  30. Mollah, M.B., Azad, M.A.K., Vasilakos, A.: Security and privacy challenges in mobile cloud computing: survey and way ahead. J. Netw. Comput. Appl. 84, 38–54 (2017)

    Article  Google Scholar 

  31. Park, W.S., Hwang, D.Y., Kim, K.H.: A TOTP-based two factor authentication scheme for hyperledger fabric blockchain. In: 2018 Tenth International Conference on Ubiquitous and Future Networks (ICUFN), pp. 817–819. IEEE (2018)

  32. Qiu, S., Xu, G., Ahmad, H., Xu, G., Qiu, X., Xu, H.: An improved lightweight two-factor authentication and key agreement protocol with dynamic identity based on elliptic curve cryptography. KSII Trans. Internet Inf. Syst. 13(2), 978–1002 (2019)

    Google Scholar 

  33. Raub, D., Steinwandt, R., Müller-Quade, J.: On the security and composability of the one time pad. In: International Conference on Current Trends in Theory and Practice of Computer Science, pp. 288–297. Springer (2005)

  34. Sain, M., Kim, K.H., Kang, Y.J., Lee, H.J.: An improved two factor user authentication framework based on captcha and visual secret sharing. In: 2019 IEEE International Conference on Computational Science and Engineering (CSE) and IEEE International Conference on Embedded and Ubiquitous Computing (EUC), pp. 171–175. IEEE (2019)

  35. Shunmuganathan, S., Saravanan, R.D., Palanichamy, Y.: Secure and efficient smart-card-based remote user authentication scheme for multiserver environment. Can. J. Electr. Comput. Eng. 38(1), 20–30 (2015)

    Article  Google Scholar 

  36. Sun, D.Z., Huai, J.P., Sun, J.Z., Li, J.X., Zhang, J.W., Feng, Z.Y.: Improvements of Juang’s password-authenticated key agreement scheme using smart cards. IEEE Trans. Ind. Electron. 56(6), 2284–2291 (2009)

    Article  Google Scholar 

  37. Team, T., et al.: AVISPA v1. 1 user manual. Information Society Technologies Programme (June 2006) (2006). http://avispa-project.org

  38. Tsai, J.L.: Efficient multi-server authentication scheme based on one-way hash function without verification table. Comput. Secur. 27(3–4), 115–121 (2008)

    Article  Google Scholar 

  39. Tsaur, W.J., Wu, C.C., Lee, W.B.: A smart card-based remote scheme for password authentication in multi-server Internet services. Comput. Stand. Interfaces 27(1), 39–51 (2004)

    Article  Google Scholar 

  40. Zhang, X., Wang, B., Wang, W.: A new remote authentication scheme for anonymous users using elliptic curves cryptosystem. Int. J. Netw. Secur. 20(2), 390–395 (2018)

    Google Scholar 

Download references

Funding

No funding was received for conducting this study.

Author information

Authors and Affiliations

  1. Computer Science & Engineering and Information Technology, Jaypee Institute of Information Technology, Noida, India

    Nitish Andola

  2. Indian Institute of Information Technology Allahabad, Allahabad, India

    Sourabh Prakash, Raghav Gahlot, S. Venkatesan & Shekhar Verma

Authors
  1. Nitish Andola
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Sourabh Prakash
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Raghav Gahlot
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. S. Venkatesan
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Shekhar Verma
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Raghav Gahlot.

Ethics declarations

Conflict of interest

The authors have no conflicts of interest to declare that are relevant to the content of this article.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Andola, N., Prakash, S., Gahlot, R. et al. An enhanced smart card and dynamic ID based remote multi-server user authentication scheme. Cluster Comput 25, 3699–3717 (2022). https://doi.org/10.1007/s10586-022-03585-4

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10586-022-03585-4

Keywords

Search

Navigation