×

A lightweight dynamic pseudonym identity based authentication and key agreement protocol without verification tables for multi-server architecture. (English) Zbl 1312.68086

Summary: Traditional password based authentication schemes are mostly considered in single-server environments. They are unfit for the multi-server environments from two aspects. Recently, based on S. K. Sood, A. K. Sarje and K. Singh’s protocol [“A secure dynamic identity based authentication protocol for multi-server architecture”, J. Netw. Comput. Appl. 34, No. 2, 609–618 (2011; doi:10.1016/j.jnca.2010.11.011)], X. Li et al. [“An efficient and security dynamic identity based authentication protocol for multi-server architecture using smart cards”, ibid. 35, No. 2, 763–769 (2012; doi:10.1016/j.jnca.2011.11.009)] proposed an improved dynamic identity based authentication and key agreement protocol for multi-server architecture. Li et al. [loc. cit.] claim that the proposed scheme can make up the security weaknesses of Sood et al.’s [loc. cit.] protocol. Unfortunately, our further research shows that Li et al.’s [loc. cit.] protocol contains several drawbacks and cannot resist some types of known attacks. In this paper, we further propose a lightweight dynamic pseudonym identity based authentication and key agreement protocol for multi-server architecture. In our scheme, service providing servers don’t need to maintain verification tables for users. The proposed protocol provides not only the declared security features in Li et al.’s [loc. cit.] paper, but also some other security features, such as traceability and identity protection.

MSC:

68P25 Data encryption (aspects in computer science)
94A62 Authentication, digital signatures and secret sharing
PDF BibTeX XML Cite
Full Text: DOI arXiv

References:

[1] Hwang, M. S.; Li, L. H., A new remote user authentication scheme using smart cards, IEEE Transactions on Industrial Electronics, 46, 1, 28-30, (2000)
[2] Elgamal, T., A public key cryptosystem and a signature scheme based on discrete logarithms, Advances in Cryptology, 196, 10-18, (1985) · Zbl 1359.94590
[3] Hwang, T.; Chen, Y.; Laih, C. S., Non-interactive password authentication without password tables, (Proc. of IEEE Region 10 Conference on Computer and Communication System, (September 1990))
[4] Chang, C. C.; Wu, T. C., Remote password authentication with smart cards, IEE Proc. Computers and Digital Techniques, 138, 3, 165-168, (1999)
[5] Li, X.; Qiu, W.; Zheng, D.; Chen, K.; Li, J., Anonymity enhancement on robust and efficient password-authenticated key agreement using smart cards, IEEE Transactions on Industrial Electronics, 57, 2, 793-800, (2010)
[6] Chien, H.; Jan, J.; Tseng, Y., An efficient and practical solution to remote authentication: smart card, Computers & Security, 21, 4, 372-375, (2002)
[7] Yang, W.; Shieh, S., Password authentication schemes with smart card, Computers & Security, 18, 8, 727-733, (1999)
[8] Awashti, A. K.; Lal, S., An enhanced remote user authentication scheme using smart cards, IEEE Transactions on Industrial Electronics, 50, 2, 583-586, (2004)
[9] Xu, J.; Zhu, W. T.; Feng, D. G., An improved smart card based password authentication scheme with provable security, Computer Standards & Interfaces, 31, 4, 723-728, (2009)
[10] Song, R. G., Advanced smart card based password authentication protocol, Computer Standards & Interfaces, 32, 5-6, 321-326, (2010)
[11] Badra, M.; Urien, P., Introducing smartcards to remote authenticate passwords using public key encryption, (Proc. of 2004 IEEE Symposium on Advances in Wired and Wireless Communications, NJ, USA, (2004)), 123-126
[12] Hsiang, H. C.; Shih, W. K., Improvement of the secure dynamic ID based remote user authentication scheme for multi-server environment, Computer Standards & Interfaces, 31, 6, 1118-1123, (2009)
[13] Sood, S. K.; Sarje, A. K.; Singh, K., A secure dynamic identity based authentication protocol for multi-server architecture, Journal of Network and Computer Applications, 34, 2, 609-618, (2011)
[14] M. Badra, P. Urien, IETF Draft: EAP-Double-TLS Authentication Protocol, draft-badraeap-double-tls-05.txt, June 2006.
[15] Badra, M.; Urien, P., Adding client identity protection to EAP-TLS smartcards, (IEEE Wireless Communications and Networking Conference, IEEE WCNC 2007, Hong Kong, (2007))
[16] Urien, P.; Badra, M., Secure access modules for identity protection over the EAPTLS: smartcard benefits for user anonymity in wireless infrastructures, (Proc. of the 2006 International Conference on Security and Cryptography, SECRYPT2006, Barcelona, Spain, (July 2006)), 157-163
[17] Sun, J. Y.; Zhang, C.; Zhang, Y. C.; Fang, Y. G., SAT: A security architecture achieving anonymity and traceability in wireless mesh networks, IEEE Transactions on Dependable and Secure Computing, 8, 2, 295-307, (March-April 2011)
[18] Hu, W.; Xue, K. P.; Hong, P. L.; Wu, C. C., ATCS: A novel anonymous and traceable communication scheme for vehicular ad hoc networks, International Journal of Network Security, 13, 2, 71-78, (September 2011)
[19] Kim, S.; Rhee, H. S.; Chun, J. Y.; Lee, D. H., Anonymous and traceable authentication scheme using smart cards, (Proceedings of the 2008 International Conference on Information Security and Assurance, ISA2008, (April 2008)), 162-165
[20] Tsuar, W. J.; Wu, C. C.; Lee, W. B., An enhanced user authentication scheme for multi-server Internet services, Applied Mathematics and Computation, 170, 1, 258-266, (2005) · Zbl 1078.94025
[21] Lin, I. C.; Hwang, M. S.; Li, L. H., A new remote user authentication scheme for multi-server architecture, Journal of Future Generation Computer System, 19, 1, 13-22, (2003) · Zbl 1043.68025
[22] Yang, Y.; Wang, S.; Bao, F.; Wang, J.; Deng, R., New efficient user identification and key distribution scheme providing enhanced security, Computers & Security, 23, 8, 697-704, (2004)
[23] Tsuar, W. J.; Wu, C. C.; Lee, W. B., A smart card based remote scheme for password authentication in multi-server Internet services, Computer Standards & Interfaces, 27, 1, 39-51, (2004)
[24] Juang, W. S., Efficient multi-server password authenticated key agreement using smart cards, IEEE Transactions on Consumer Electronics, 50, 1, 251-255, (2004)
[25] Li, X.; Xiong, Y. P.; Ma, J.; Wang, W. D., An efficient and security dynamic identity based authentication protocol for multi-server architecture using smart cards, Journal of Network and Computer Applications, 35, 2, 763-769, (2012)
This reference list is based on information provided by the publisher or from digital mathematics libraries. Its items are heuristically matched to zbMATH identifiers and may contain data conversion errors. It attempts to reflect the references listed in the original paper as accurately as possible without claiming the completeness or perfect precision of the matching.