Wireless Personal Communications

, Volume 107, Issue 1, pp 351–372 | Cite as

An ECC Based Secure Authentication and Key Exchange Scheme in Multi-server Environment

  • Ashish TomarEmail author
  • Joydip Dhar


For providing strong mutual authentication in a multi-server environment many algorithms have been proposed. Most of the algorithms provide mutual authentication between client and multiple servers by using single control server for registration. In this paper, we consider a scenario, in which client and server belong to the different control server. We have proposed a protocol for providing authentication in the multi-control server environment. In our scheme, for strong authentication, we use user’s biometric and registered password value in the authentication process. We also use the concept of elliptic curve cryptography to provide security features in our scheme. Furthermore, Burrows–Abadi–Needham logic has been used for formal security analysis in our work. With informal security analysis, we prove that our scheme is secure against popular security attacks like—denial of service attack, man-in-the-middle attack, replay attack and stolen smart card attack.


Multi-server architecture Authentication protocol Multiple control servers Smart card Elliptic curve cryptography Biometrics BAN logic 



  1. 1.
    Yang, H. W., Yang, C. C., & Lin, W. (2013). Enhanced digital rights management authentication scheme based on smart card. IET Information Security, 7(3), 189–194.Google Scholar
  2. 2.
    Fan, C. I., Chan, Y. C., & Zhang, Z. K. (2005). Robust remote authentication scheme with smart cards. Computers and Security, 24(8), 619–628.Google Scholar
  3. 3.
    Amin, R. (2016). Cryptanalysis and efficient dynamic id based remote user authentication scheme in multi-server environment using smart card. International Journal of Network Security, 18(1), 172–181.Google Scholar
  4. 4.
    Wei, J., Liu, W., & Hu, X. (2016). Secure and efficient smart card based remote user password authentication scheme. IJ Network Security, 18, 782–792.Google Scholar
  5. 5.
    Li, X., Niu, J., Kumari, S., Liao, J., & Liang, W. (2015). An enhancement of a smart card authentication scheme for multi-server architecture. Wireless Personal Communications, 80(1), 175–192.Google Scholar
  6. 6.
    Pippal, R. S., Jaidhar, C. D., & Tapaswi, S. (2013). Robust smart card authentication scheme for multi-server architecture. Wireless Personal Communications, 72(1), 729–745.Google Scholar
  7. 7.
    Chuang, M. C., & Chen, M. C. (2014). An anonymous multi-server authenticated key agreement scheme based on trust computing using smart cards and biometrics. Expert Systems with Applications, 41(4), 1411–1418.Google Scholar
  8. 8.
    Mishra, D., Das, A. K., & Mukhopadhyay, S. (2014). A secure user anonymity-preserving biometric-based multi-server authenticated key agreement scheme using smart cards. Expert Systems with Applications, 41(18), 8129–8143.Google Scholar
  9. 9.
    Baruah, K., Banerjee, S., Dutta, M., & Bhunia, C. T. (2015). An improved biometric-based multi-server authentication scheme using smart card. International Journal of Security and Its Applications, 9, 397–408.Google Scholar
  10. 10.
    Wang, C., Zhang, X., & Zheng, Z. (2016). Cryptanalysis and improvement of a biometric-based multi-server authentication and key agreement scheme. PLOS ONE, 11(2), 1–25.Google Scholar
  11. 11.
    Reddy, A. G., Yoon, E. J., Das, A. K., Odelu, V., & Yoo, K. Y. (2017). Design of mutually authenticated key agreement protocol resistant to impersonation attacks for multi-server environment. IEEE Access, 5, 3622–3639.Google Scholar
  12. 12.
    Gupta, P. C., & Dhar, J. (2016). Hash based multi-server key exchange protocol using smart card. Wireless Personal Communications, 87(1), 225–244.Google Scholar
  13. 13.
    He, D., & Wang, D. (2015). Robust biometrics-based authentication scheme for multiserver environment. IEEE Systems Journal, 9(3), 816–823.Google Scholar
  14. 14.
    Odelu, V., Das, A. K., & Goswami, A. (2015). A secure biometrics-based multi-server authentication protocol using smart cards. IEEE Transactions on Information Forensics and Security, 10(9), 1953–1966.Google Scholar
  15. 15.
    Feng, Q., He, D., Zeadally, S., & Wang, H. (2017). Anonymous biometrics-based authentication scheme with key distribution for mobile multi-server environment. Future Generation Computer Systems, 84, 239.Google Scholar
  16. 16.
    Kumari, S., Das, A. K., Li, X., Wu, F., Khan, M. K., Jiang, Q., et al. (2018). A provably secure biometrics-based authenticated key agreement scheme for multi-server environments. Multimedia Tools and Applications, 77(2), 2359–2389.Google Scholar
  17. 17.
    Xu, D., Chen, J., & Liu, Q. (2019). Provably secure anonymous three-factor authentication scheme for multi-server environments. Journal of Ambient Intelligence and Humanized Computing, 10(2), 611–627.Google Scholar
  18. 18.
    Chandrakar, P., & Om, H. (2017). Cryptanalysis and extended three-factor remote user authentication scheme in multi-server environment. Arabian Journal for Science and Engineering, 42(2), 765–786.Google Scholar
  19. 19.
    Kumar, A., & Om, H. (2018). An improved and secure multiserver authentication scheme based on biometrics and smartcard. Digital Communications and Networks, 4(1), 27–38.Google Scholar
  20. 20.
    Meadows, C. (2006). Formal methods for cryptographic protocol analysis: Emerging issues and trends. IEEE Journal on Selected Areas in Communications, 21(1), 44–54.MathSciNetGoogle Scholar
  21. 21.
    Pan, H. T., Pan, C. S., Tsaur, S. C., & Hwang, M. S. (2016). Cryptanalysis of efficient dynamic id based remote user authentication scheme in multi-server environment using smart card. In 2016 12th International conference on computational intelligence and security (CIS) (pp. 590–593).Google Scholar
  22. 22.
    Yang, L., & Zheng, Z. (2018). Cryptanalysis and improvement of a biometrics-based authentication and key agreement scheme for multi-server environments. PLOS ONE, 13(3), 1–27.Google Scholar
  23. 23.
    Xue, K., Hong, P., & Ma, C. (2014). A lightweight dynamic pseudonym identity based authentication and key agreement protocol without verification tables for multi-server architecture. Journal of Computer and System Sciences, 80(1), 195–206.MathSciNetzbMATHGoogle Scholar
  24. 24.
    Seroussi, G. (1999). Elliptic curve cryptography. In 1999 Information theory and networking workshop (cat. no. 99EX371) (p. 41).Google Scholar
  25. 25.
    Burrows, M., Abadi, M., & Needham, R. (1990). A logic of authentication. ACM Transactions on Computer Systems, 8(1), 18–36.zbMATHGoogle Scholar

Copyright information

© Springer Science+Business Media, LLC, part of Springer Nature 2019

Authors and Affiliations

  1. 1.ABV-Indian Institute of Information Technology and ManagementGwaliorIndia

Personalised recommendations