International Journal of Information Technology

, Volume 11, Issue 4, pp 691–696 | Cite as

Cryptanalysis of hash based multi-server key exchange protocol using smart card

  • Ashish TomarEmail author
  • Joydip Dhar
Original Research


In multi-server environment, many authentication algorithms have been proposed. Most of the algorithms are based on registration of client and server on the single control server. Recently Gupta and Dhar (Wirel Pers Commun 87(1):225–244, 2016) proposed an authentication scheme, in which client and server belong to different control servers. According to them their proposed scheme is secured against different security attacks like—user impersonation, smart card stolen and password guessing attack. However, in this article, we have found some weaknesses of their scheme and shown that it does not provide security against denial of service attack, user impersonation and stolen smart card attack.


Authentication protocol Multiple control servers Multi-server architecture Smart card Biometrics 


  1. 1.
    Gupta PC, Dhar J (2016) Hash based multi-server key exchange protocol using smart card. Wirel Pers Commun 87(1):225–244CrossRefGoogle Scholar
  2. 2.
    Mishra D, Das AK, Mukhopadhyay S (2014) A secure user anonymity-preserving biometric-based multi-server authenticated key agreement scheme using smart cards. Expert Syst Appl 41(18):8129–8143CrossRefGoogle Scholar
  3. 3.
    Baruah K, Banerjee S, Dutta M, Bhunia CT (2015) An improved biometric-based multi-server authentication scheme using smart card. Int J Secur Appl 9:397–408Google Scholar
  4. 4.
    Wang C, Zhang X, Zheng Z (2016) Cryptanalysis and improvement of a biometric-based multi-server authentication and key agreement scheme. PLoS One 11(2):1–25Google Scholar
  5. 5.
    Li X, Niu J, Kumari S, Liao J, Liang W (2015) An enhancement of a smart card authentication scheme for multi-server architecture. Wirel Pers Commun 80(1):175–192CrossRefGoogle Scholar
  6. 6.
    Chuang MC, Chen MC (2014) An anonymous multi-server authenticated key agreement scheme based on trust computing using smart cards and biometrics. Expert Syst Appl 41(4):1411–1418CrossRefGoogle Scholar
  7. 7.
    Li Q, Guo M, Chang EC (2008) Fuzzy extractors for asymmetric biometric representations. In: 2008 IEEE computer society conference on computer vision and pattern recognition workshops, pp 1–6Google Scholar
  8. 8.
    He D, Wang D (2015) Robust biometrics-based authentication scheme for multiserver environment. IEEE Syst J 9(3):816–823CrossRefGoogle Scholar
  9. 9.
    Odelu V, Das AK, Goswami A (2015) A secure biometrics-based multi-server authentication protocol using smart cards. IEEE Trans Inf Forensics Secur 10(9):1953–1966CrossRefGoogle Scholar
  10. 10.
    Amin R (2016) Cryptanalysis and efficient dynamic id based remote user authentication scheme in multi-server environment using smart card. Int J Netw Secur 18(1):172–181Google Scholar
  11. 11.
    Wei J, Liu W, Hu X (2016) Secure and efficient smart card based remote user password authentication scheme. IJ Netw Secur 18:782–792Google Scholar
  12. 12.
    Pan HT, Pan CS, Tsaur SC, Hwang MS (2016) Cryptanalysis of efficient dynamic id based remote user authentication scheme in multi-server environment using smart card. In: 2016 12th international conference on computational intelligence and security (CIS), pp 590–593Google Scholar
  13. 13.
    Reddy AG, Yoon EJ, Das AK, Odelu V, Yoo KY (2017) Design of mutually authenticated key agreement protocol resistant to impersonation attacks for multi-server environment. IEEE Access 5:3622–3639CrossRefGoogle Scholar
  14. 14.
    Kumar A, Om H (2018) An improved and secure multiserver authentication scheme based on biometrics and smartcard. Digit Commun Netw 4(1):27–38CrossRefGoogle Scholar
  15. 15.
    Xue K, Hong P, Ma C (2014) A lightweight dynamic pseudonym identity based authentication and key agreement protocol without verification tables for multi-server architecture. J Comput Syst Sci 80(1):195–206MathSciNetCrossRefGoogle Scholar
  16. 16.
    Meadows C (2006) Formal methods for cryptographic protocol analysis: emerging issues and trends. IEEE J Sel A Commun 21(1):44–54CrossRefGoogle Scholar
  17. 17.
    Pippal RS, Jaidhar CD, Tapaswi S (2013) Robust smart card authentication scheme for multi-server architecture. Wirel Pers Commun 72(1):729–745CrossRefGoogle Scholar
  18. 18.
    Feng Q, He D, Zeadally S, Wang H (2017) Anonymous biometrics-based authentication scheme with key distribution for mobile multi-server environment. Future Gener Comput Syst 84:239CrossRefGoogle Scholar
  19. 19.
    Kumari S, Das AK, Li X, Wu F, Khan MK, Jiang Q, Hafizul Islam SK (2018) A provably secure biometrics-based authenticated key agreement scheme for multi-server environments. Multimed Tools Appl 77(2):2359–2389CrossRefGoogle Scholar
  20. 20.
    Xu D, Chen J, Liu Q (2018) Provably secure anonymous three-factor authentication scheme for multi-server environments. J Ambient Intell Hum Comput 10:611CrossRefGoogle Scholar
  21. 21.
    Chandrakar P, Om H (2017) Cryptanalysis and extended three-factor remote user authentication scheme in multi-server environment. Arab J Sci Eng 42(2):765–786CrossRefGoogle Scholar

Copyright information

© Bharati Vidyapeeth's Institute of Computer Applications and Management 2019

Authors and Affiliations

  1. 1.Department of Information TechnologyABV-Indian Institute of Information Technology and ManagementGwaliorIndia

Personalised recommendations