scholarly journals Robust Multiple Servers Architecture Based Authentication Scheme Preserving Anonymity

Sensors ◽  
2019 ◽  
Vol 19 (14) ◽  
pp. 3144 ◽  
Author(s):  
Huawei Wang ◽  
Dianli Guo ◽  
Hua Zhang ◽  
Qiaoyan Wen
Keyword(s):  
User Authentication ◽  
Security Analysis ◽  
Authentication Scheme ◽  
Impersonation Attack ◽  
User Privacy ◽  
Dynamic Id ◽  
Multiple Servers ◽  
And Performance ◽  
Multi Server ◽  
Server Architecture

Recently, many dynamic ID based remote user authentication schemes using smart card have been proposed to improve the security in multiple servers architecture authentication systems. In 2017, Kumari and Om proposed an anonymous multi-server authenticated key agreement scheme, which is believed to be secure against a range of network attacks. Nevertheless, in this paper we reanalyze the security of their scheme, and show that the scheme is vulnerable to impersonation attack and server spoofing attack launched by any adversary without knowing any secret information of the victim users. In addition, their protocol fails to achieve the claimed user privacy protection. For handling these aforementioned shortcomings, we introduce a new biometric-based authentication scheme for multi-server architecture preserving user anonymity. Besides, Burrows—Abadi—Needham (BAN)-logic validated proof and discussion on possible attacks demonstrate the completeness and security of our scheme, respectively. Further, the comparisons in terms of security analysis and performance evaluation of several related protocols show that our proposal can provide stronger security without sacrificing efficiency.

Improvement of a Dynamic ID-Based Remote User Authentication Scheme for Multi-Server Environment Using Smart Card

2013 ◽  
Vol 380-384 ◽  
pp. 286-289
Author(s):  
Zhen Zhen Wang ◽  
Jin Kou Ding ◽  
Zheng Ping Jin ◽  
Hua Zhang
Keyword(s):  
Smart Card ◽  
User Authentication ◽  
Security Analysis ◽  
Authentication Scheme ◽  
Remote User Authentication ◽  
Dynamic Id ◽  
User Authentication Scheme ◽  
And Performance ◽  
Multi Server ◽  
Remote User

In 2011, Lee et al. analyzed the security weaknesses of Hsiang et al.s scheme and proposed a security dynamic ID-based multi-server remote user authentication scheme. They claimed that their protocol is secure and efficient. However, we observe that Lee et al.'s scheme is still vulnerable to stolen smart card attack, malicious server attack. To remedy these security weaknesses, we propose an improved dynamic ID-based remote user authentication scheme for multi-server environment. Besides, security analysis and performance analysis show that compared with other remote user authentication schemes, the proposed scheme is more secure and possesses lower computation cost. As a result, the proposed scheme seems to be more practical for users with portable mobile devices in multi-server environment.

scholarly journals An Anonymous User Authentication with Key Agreement Scheme without Pairings for Multiserver Architecture Using SCPKs

2013 ◽  
Vol 2013 ◽  
pp. 1-8 ◽  
Author(s):  
Peng Jiang ◽  
Qiaoyan Wen ◽  
Wenmin Li ◽  
Zhengping Jin ◽  
Hua Zhang
Keyword(s):  
Key Agreement ◽  
User Authentication ◽  
Privacy Concern ◽  
User Privacy ◽  
Network Applications ◽  
Remote User Authentication ◽  
Multiple Servers ◽  
Multi Server ◽  
Remote User ◽  
Server Architecture

With advancement of computer community and widespread dissemination of network applications, users generally need multiple servers to provide different services. Accordingly, the multiserver architecture has been prevalent, and designing a secure and efficient remote user authentication under multiserver architecture becomes a nontrivial challenge. In last decade, various remote user authentication protocols have been put forward to correspond to the multi-server scenario requirements. However, these schemes suffered from certain security problems or their cost consumption exceeded users’ own constrained ability. In this paper, we present an anonymous remote user authentication with key agreement scheme for multi-server architecture employing self-certified public keys without pairings. The proposed scheme can not only retain previous schemes’ advantages but also achieve user privacy concern. Moreover, our proposal can gain higher efficiency by removing the pairings operation compared with the related schemes. Through analysis and comparison with the related schemes, we can say that our proposal is in accordance with the scenario requirements and feasible to the multi-server architecture.

scholarly journals Security analysis and enhancements of an improved multi-factor biometric authentication scheme

2017 ◽  
Vol 13 (8) ◽  
pp. 155014771772430 ◽  
Author(s):  
YoHan Park ◽  
KiSung Park ◽  
KyungKeun Lee ◽  
Hwangjun Song ◽  
YoungHo Park
Keyword(s):  
User Authentication ◽  
Security Analysis ◽  
User Anonymity ◽  
Authentication Scheme ◽  
Biometric Authentication ◽  
Remote User Authentication ◽  
Dynamic Id ◽  
User Authentication Scheme ◽  
Guessing Attack ◽  
Remote User

Many remote user authentication schemes have been designed and developed to establish secure and authorized communication between a user and server over an insecure channel. By employing a secure remote user authentication scheme, a user and server can authenticate each other and utilize advanced services. In 2015, Cao and Ge demonstrated that An’s scheme is also vulnerable to several attacks and does not provide user anonymity. They also proposed an improved multi-factor biometric authentication scheme. However, we review and cryptanalyze Cao and Ge’s scheme and demonstrate that their scheme fails in correctness and providing user anonymity and is vulnerable to ID guessing attack and server masquerading attack. To overcome these drawbacks, we propose a security-improved authentication scheme that provides a dynamic ID mechanism and better security functionalities. Then, we show that our proposed scheme is secure against various attacks and prove the security of the proposed scheme using BAN Logic.

scholarly journals Security Analysis and Enhancements of an Effective Biometric-Based Remote User Authentication Scheme Using Smart Cards

2012 ◽  
Vol 2012 ◽  
pp. 1-6 ◽  
Author(s):  
Younghwa An
Keyword(s):  
User Authentication ◽  
Mutual Authentication ◽  
Security Analysis ◽  
Smart Cards ◽  
Authentication Scheme ◽  
Impersonation Attack ◽  
Insider Attack ◽  
Remote User Authentication ◽  
User Authentication Scheme ◽  
Remote User

Recently, many biometrics-based user authentication schemes using smart cards have been proposed to improve the security weaknesses in user authentication system. In 2011, Das proposed an efficient biometric-based remote user authentication scheme using smart cards that can provide strong authentication and mutual authentication. In this paper, we analyze the security of Das’s authentication scheme, and we have shown that Das’s authentication scheme is still insecure against the various attacks. Also, we proposed the enhanced scheme to remove these security problems of Das’s authentication scheme, even if the secret information stored in the smart card is revealed to an attacker. As a result of security analysis, we can see that the enhanced scheme is secure against the user impersonation attack, the server masquerading attack, the password guessing attack, and the insider attack and provides mutual authentication between the user and the server.

Sign in / Sign up

Export Citation Format

Share Document