Abstract
A multi-server authentication scheme enables a remote user to access the services provided by multiple servers after registering with the registration center. Recently, Pippal et al. (Wirel Pers Commun 2013, doi:10.1007/s11277-013-1039-6) introduced a robust smart card authentication scheme for multi-server architecture. They also illustrated that their scheme could be free from potential network attacks, and validated the scheme by using BAN logic. In this paper, by presenting concrete attacks, we demonstrate that Pippal et al.’s scheme can not withstand off-line password guessing attacks, impersonation attacks and privileged insider attacks. Furthermore, to overcome these attacks, we propose an improved authentication scheme for multi-server architecture using smart card and password. Security and efficiency analysis indicates that our scheme not only actually achieves intended security goals (e.g., two-factor authentication, perfect forward secrecy etc.), but also is efficient enough to be implemented for practical applications.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Lamport, L. (1981). Password authentication with insecure communication. Communications of the ACM, 24(11), 770–772.
Liao, E., Lee, C. C., & Hwang, M. S. (2006). A password authentication scheme over insecure networks. Journal of Computer and System Science, 72(4), 727–740.
Hwang, M., & Li, L. (2000). A new remote user authentication scheme using smart cards. IEEE Transactions on Consumer Electronics, 46(1), 28–30.
Lee, N. Y., & Chiu, Y. C. (2005). Improved remote authentication scheme with smart card. Computer Standards & Interfaces, 27(2), 177–180.
Xu, J., Zhu, W. T., & Feng, D. G. (2009). An improved smart card based password authentication scheme with provable security. Computer Standards & Interfaces, 31(4), 723–728.
Wang, R. C., Juang, W. S., & Lei, C. L. (2011). Provably secure and efficient identification and key agreement protocol with user anonymity. Journal of Computer and System Sciences, 77(4), 790–798.
Chang, C. C., Le, H. D., & Chang, C. H. (2013). Novel untraceable authenticated key agreement protocol suitable for mobile communication. Wireless Personal Communications, 71(1), 425–437.
Sood, S. K., Sarje, A. K., & Singh, K. (2011). A secure dynamic identity based authentication protocol for multi-server architecture. Journal of Network and Computer Applications, 34(2), 609–618.
Hsiang, C., & Shih, W. K. (2009). Improvement of the secure dynamic ID based remote user authentication scheme for multi-server environment. Computer Standards & Interfaces, 31(6), 1118–1123.
Li, X., Xiong, Y., Ma, J., & Wang, W. (2012). An efficient and security dynamic identity based authentication protocol for multi-server architecture using smart cards. Journal of Network and Computer Applications, 35(2), 763–769.
Wang, B., & Ma, M. (2013). A smart card based efficient and secured multi-server authentication scheme. Wireless Personal Communications, 68(2), 361–378.
He, D., & Wu, S. (2013). Security flaws in a smart card based authentication scheme for multi-server environment. Wireless Personal Communications, 70(1), 323–329.
Pippal, R. S., Jaidhar, C. D., & Tapaswi, S. (2013). Robust smart card authentication scheme for multi-server architecture. Wireless Personal Communications. doi:10.1007/s11277-013-1039-6.
Kocher, P., Jaffe, J., & Jun, B. (1999). Differential power analysis. In Proceedings of advances in cryptology (pp. 388–397).
Messerges, T. S., Dabbish, E. A., & Sloan, R. H. (2002). Examining smart-card security under the threat of power analysis attacks. IEEE Transactions on Computers, 51(5), 541–552.
Lee, C. C., Lin, T. H., & Chang, R. X. (2011). A secure dynamic ID based remote user authentication scheme for multi-server environment using smart cards. Expert Systems with Applications, 38(11), 13863–13870.
Acknowledgments
This research was supported by the National Basic Research Program of China under Grants 2012CB315905 and 2012CB315901.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Wei, J., Liu, W. & Hu, X. Cryptanalysis and Improvement of a Robust Smart Card Authentication Scheme for Multi-server Architecture. Wireless Pers Commun 77, 2255–2269 (2014). https://doi.org/10.1007/s11277-014-1636-z
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11277-014-1636-z