Abstract
Mutual authentication has been widely used to verify the legal user and server over a common communication channel. To ensure secure connection between user and server, a large number of remote mutual authentication schemes for multi-server have been proposed by researchers. However, there is a common feature that the identity of user is static in the login phase, which may leak some information of user. Therefore, a good deal of smart card based anonymous multi-server remote user authentication scheme have been proposed to overcome this problem. Recently, Banerjee et al. pointed out that Li et al.’s scheme is vulnerable to user impersonates attack and stolen smart card attack. Later, they proposed an improved protocol to fix this problem. However, we found that Banerjee et al.’s scheme is still vulnerable to user impersonation attack and off-line password guessing attack. Finally, we proposed an enhanced scheme to eliminate the security vulnerability.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Lamport, L.: Password authentication with insecure communication. Commun. ACM 24(11), 770–772 (1981)
Hwang, T., Chen, Y., Laih, C.S.: Non-interactive password authentication without password tables. In: IEEE Region 10 Conference on Computer and Communication System, vol. 1, pp. 429–431, September 1990
Horng, G.: Password authentication without using password table. Comput. Secur. 24(8), 619–628 (1995)
Lin, I.C., Hwang, M.S., Li, L.H.: Improving the security of a flexible biometrics remote user authentication scheme. Future Gener. Comput. Syst. 19, 1322 (2002)
Lee, H., Won, D.: Prevention of exponential equivalence in simple password exponential key exchange (SPEKE). Symmetry 7(3), 1587–1594 (2015). doi:10.3390/sym7031587
Juang, W.S.: A new remote user authentication scheme for multi-server architecture. IEEE Trans. Consum. Electron. 50, 22–23 (2001)
Li, C.T., Hwang, M.S.: An efficient biometrics-based remote user authentication scheme using smart cards. J. Netw. Comput. Appl. 33, 1–5 (2010)
Liao, Y.P., Wang, S.S.: A secure dynamic ID based remote user authentication scheme for multi-server environment. Comput. Stand. Interfaces, October 2007. doi:10.1016/j.csi
Hsiang, H.C., Shih, W.K.: Improvement of the secure dynamic ID based remote user authentication scheme for multi-server environment. Comput. Stand. Interfaces 31(6), 1118–1123 (2009)
Lee, C.C., Lin, T.H., Chang, R.X.: A secure dynamic ID based remote user authentication scheme for multi-server environment using smart cards. Expert Syst. Appl. 38(11), 13863–13870 (2011)
Li, X., Ma, J., Wang, W., Xiong, Y., Zhang, J.: A novel smart card and dynamic ID based remote user authentication scheme for multi-server environments. Math. Comput. Model. 58(1–2), 85–95 (2013)
Banerjee, S., Dutta, M.P., Bhunia, C.T.: An improved smart card based anonymous multi-server remote user authentication scheme. Int. J. smart home 9(5), 11–22 (2015)
Choi, Y.S., Nam, J.H., Lee, D.H., Jung, J.Y.K.J.W., Won, D.: Security enhanced anonymous multi-server authenticated key agreement scheme using smart cards and biometrics. Sci. World J. 2014, 15 (2014). Article ID 281305
Choi, Y., Lee, D., Kim, J., Jung, J., Nam, J., Won, D.: Security enhanced user authentication protocol for wireless sensor networks using elliptic curves cryptography. Sensors 14(6), 10081–10106 (2014)
Kim, J., Lee, D., Jeon, W., Lee, Y., Won, D.: Security analysis and improvements of two-factor mutual authentication with key agreement in wireless sensor networks. Sensors 14(4), 6443–6462 (2014)
Nam, J., Choo, K.K.R., Han, S., Kim, M., Paik, J., Won, D.: efficient and anonymous two-factor user authentication in wireless sensor networks: achieving user anonymity with lightweight sensor computation. PLoS ONE 10(4), 1–21 (2015)
Acknowledgment
This work was supported by Institute for Information and communications Technology Promotion (IITP) grant funded by the Korea government (MSIP) (No.R0126-15-1111, The Development of Risk-based Authentication Access Control Platform and Compliance Technique for Cloud Security).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing Switzerland
About this paper
Cite this paper
Sun, Q., Moon, J., Choi, Y., Won, D. (2016). An Improved Dynamic ID Based Remote User Authentication Scheme for Multi-server Environment. In: Huang, X., Xiang, Y., Li, KC. (eds) Green, Pervasive, and Cloud Computing. Lecture Notes in Computer Science(), vol 9663. Springer, Cham. https://doi.org/10.1007/978-3-319-39077-2_15
Download citation
DOI: https://doi.org/10.1007/978-3-319-39077-2_15
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-39076-5
Online ISBN: 978-3-319-39077-2
eBook Packages: Computer ScienceComputer Science (R0)