Secure and Efficient Two-Factor Authentication Protocol Using RSA Signature for Multi-server Environments
To avoid multiple number of registrations using multiple passwords and smart-cards, many two-factor multi-server authentication protocols based on RSA have been proposed. However, most of the existing RSA-based multi-server authentication protocols are susceptible to various security attacks, and have high computation complexities. Recently, Amin et al. proposed a two-factor RSA-based robust authentication system for multi-server environments. However, we found that Amin et al.’s protocol cannot resist common modulus attack. To enhance the security, we propose a secure two-factor RSA-based authentication protocol for multi-server environments. The performance and security features of our scheme are also compared with that of the similar existing schemes. The performance and security analysis show that our protocol achieves more security features and has lower computation complexity in comparison with the latest related schemes.
KeywordsRSA Smart card User authentication Multi-server environment
The work of was supported by the National Natural Science Foundation of China (Nos. 61501333, 61572379, 61572370, 61772377), and the Natural Science Foundation of Hubei Province of China (Nos. 2015CFA068, 2017CFA007).
- 1.Amin, R., Biswas, G.P.: An improved RSA based user authentication and session key agreement protocol usable in TMIS. J. Med. Syst. 39(8), 1–14 (2015)Google Scholar
- 3.Amin, R., Biswas, G.P.: Remote access control mechanism using rabin public key cryptosystem. In: Mandal, J.K., Satapathy, S.C., Sanyal, M.K., Sarkar, P.P., Mukhopadhyay, A. (eds.) Information Systems Design and Intelligent Applications. AISC, vol. 339, pp. 525–533. Springer, New Delhi (2015). https://doi.org/10.1007/978-81-322-2250-7_52CrossRefGoogle Scholar
- 6.Hafizul Islam, S.K., Khan, M.K., Obaidat, M.S., Bin Muhaya, F.T.: Provably secure and anonymous password authentication protocol for roaming service in global mobility networks using extended chaotic maps. Wirel. Pers. Commun. 84(3), 1–22 (2015)Google Scholar
- 8.Amin, R., Biswas, G.P.: A secure three-factor user authentication and key agreement protocol for TMIS with user anonymity. J. Med. Syst. 39(8), 1–19 (2015)Google Scholar
- 14.Lee, C.-C., Lin, T.-H., Chang, R.-X.: A secure dynamic ID based remote user authentication scheme for multi-server environment using smart cards. Expert Syst. Appl. 38(11), 13863–13870 (2011)Google Scholar
- 15.Truong, T.-T., Tran, M.-T., Duong, A.-D.: Robust secure dynamic ID based remote user authentication scheme for multi-server environment. In: Murgante, B., Misra, S., Carlini, M., Torre, C.M., Nguyen, H.-Q., Taniar, D., Apduhan, B.O., Gervasi, O. (eds.) ICCSA 2013. LNCS, vol. 7975, pp. 502–515. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-39640-3_37CrossRefGoogle Scholar
- 21.Amin, R., Islam, S.K., Khan, M.K., et al.: A two-factor RSA-based robust authentication system for multiserver environments. Secur. Commun. Netw. 2017, 15 p. (2017). Article no. 5989151Google Scholar
- 22.Ding, W., Ping, W.: Two birds with one stone: two-factor authentication with security beyond conventional bound. IEEE Trans. Dependable Secure Comput. PP(99), 1 (2016)Google Scholar