Advertisement

Secure and Efficient Two-Factor Authentication Protocol Using RSA Signature for Multi-server Environments

  • Zhiqiang Xu
  • Debiao He
  • Xinyi Huang
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10631)

Abstract

To avoid multiple number of registrations using multiple passwords and smart-cards, many two-factor multi-server authentication protocols based on RSA have been proposed. However, most of the existing RSA-based multi-server authentication protocols are susceptible to various security attacks, and have high computation complexities. Recently, Amin et al. proposed a two-factor RSA-based robust authentication system for multi-server environments. However, we found that Amin et al.’s protocol cannot resist common modulus attack. To enhance the security, we propose a secure two-factor RSA-based authentication protocol for multi-server environments. The performance and security features of our scheme are also compared with that of the similar existing schemes. The performance and security analysis show that our protocol achieves more security features and has lower computation complexity in comparison with the latest related schemes.

Keywords

RSA Smart card User authentication Multi-server environment 

Notes

Acknowledgements

The work of was supported by the National Natural Science Foundation of China (Nos. 61501333, 61572379, 61572370, 61772377), and the Natural Science Foundation of Hubei Province of China (Nos. 2015CFA068, 2017CFA007).

References

  1. 1.
    Amin, R., Biswas, G.P.: An improved RSA based user authentication and session key agreement protocol usable in TMIS. J. Med. Syst. 39(8), 1–14 (2015)Google Scholar
  2. 2.
    Giri, D., Maitra, T., Amin, R., Srivastava, P.D.: An efficient and robust RSA-based remote user authentication for telecare medical information systems. J. Med. Syst. 39(1), 1–9 (2015)CrossRefGoogle Scholar
  3. 3.
    Amin, R., Biswas, G.P.: Remote access control mechanism using rabin public key cryptosystem. In: Mandal, J.K., Satapathy, S.C., Sanyal, M.K., Sarkar, P.P., Mukhopadhyay, A. (eds.) Information Systems Design and Intelligent Applications. AISC, vol. 339, pp. 525–533. Springer, New Delhi (2015).  https://doi.org/10.1007/978-81-322-2250-7_52CrossRefGoogle Scholar
  4. 4.
    Amin, R., Biswas, G.P.: Cryptanalysis and design of a three-party authenticated key exchange protocol using smart card. Arab. J. Sci. Eng. 40(11), 1–15 (2015)MathSciNetCrossRefGoogle Scholar
  5. 5.
    Islam, S.K.H., Biswas, G.P., Choo, K.K.R.: Cryptanalysis of an improved smartcard-based remote password authentication scheme. Inf. Sci. Lett. 3(1), 35 (2014)CrossRefGoogle Scholar
  6. 6.
    Hafizul Islam, S.K., Khan, M.K., Obaidat, M.S., Bin Muhaya, F.T.: Provably secure and anonymous password authentication protocol for roaming service in global mobility networks using extended chaotic maps. Wirel. Pers. Commun. 84(3), 1–22 (2015)Google Scholar
  7. 7.
    Hafizul Islam, S.K.: Design and analysis of a three party password-based authenticated key exchange protocol using extended chaotic maps. Inf. Sci. Int. J. 312(C), 104–130 (2015)MathSciNetGoogle Scholar
  8. 8.
    Amin, R., Biswas, G.P.: A secure three-factor user authentication and key agreement protocol for TMIS with user anonymity. J. Med. Syst. 39(8), 1–19 (2015)Google Scholar
  9. 9.
    Hafizul Islam, S.K.: Design and analysis of an improved smartcard-based remote user password authentication scheme. Int. J. Commun. Syst. 29(11), 1708–1719 (2016)CrossRefGoogle Scholar
  10. 10.
    Hafizul Islam, S.K.: A provably secure id-based mutual authentication and key agreement scheme for mobile multi-server environment without ESL attack. Wirel. Pers. Commun. 79(3), 1975–1991 (2014)CrossRefGoogle Scholar
  11. 11.
    Amin, R., Biswas, G.P.: A secure light weight scheme for user authentication and key agreement in multi-gateway based wireless sensor networks. Ad Hoc Netw. 36, 58–80 (2016)CrossRefGoogle Scholar
  12. 12.
    Liao, Y.-P., Wang, S.-S.: A secure dynamic ID based remote user authentication scheme for multi-server environment. Comput. Stand. Interfaces 31(1), 24–29 (2009)CrossRefGoogle Scholar
  13. 13.
    Hsiang, H.-C., Shih, W.-K.: Improvement of the secure dynamic ID based remote user authentication scheme for multi-server environment. Comput. Stand. Interfaces 31(6), 1118–1123 (2009)CrossRefGoogle Scholar
  14. 14.
    Lee, C.-C., Lin, T.-H., Chang, R.-X.: A secure dynamic ID based remote user authentication scheme for multi-server environment using smart cards. Expert Syst. Appl. 38(11), 13863–13870 (2011)Google Scholar
  15. 15.
    Truong, T.-T., Tran, M.-T., Duong, A.-D.: Robust secure dynamic ID based remote user authentication scheme for multi-server environment. In: Murgante, B., Misra, S., Carlini, M., Torre, C.M., Nguyen, H.-Q., Taniar, D., Apduhan, B.O., Gervasi, O. (eds.) ICCSA 2013. LNCS, vol. 7975, pp. 502–515. Springer, Heidelberg (2013).  https://doi.org/10.1007/978-3-642-39640-3_37CrossRefGoogle Scholar
  16. 16.
    Sood, S.K., Sarje, A.K., Singh, K.: A secure dynamic identity based authentication protocol for multi-server architecture. J. Netw. Comput. Appl. 34(2), 609–618 (2011)CrossRefGoogle Scholar
  17. 17.
    Li, X., Xiong, Y., Ma, J., Wang, W.: An efficient and security dynamic identity based authentication protocol for multi-server architecture using smart cards. J. Netw. Comput. Appl. 35(2), 763–769 (2012)CrossRefGoogle Scholar
  18. 18.
    Pippal, R.S., Jaidhar, C.D., Tapaswi, S.: Robust smart card authentication scheme for multi-server architecture. Wirel. Pers. Commun. 72(1), 729–745 (2013)CrossRefGoogle Scholar
  19. 19.
    He, D., Chen, J., Shi, W., Khan, M.K.: On the security of an authentication scheme for multi-server architecture. Int. J. Electr. Secur. Digit. Forensics 5(3/4), 288–296 (2013)CrossRefGoogle Scholar
  20. 20.
    Arshad, H., Rasoolzadegan, A.: Design of a secure authentication and key agreement scheme preserving user privacy usable in telecare medicine information systems. J. Med. Syst. 40(11), 237 (2016)CrossRefGoogle Scholar
  21. 21.
    Amin, R., Islam, S.K., Khan, M.K., et al.: A two-factor RSA-based robust authentication system for multiserver environments. Secur. Commun. Netw. 2017, 15 p. (2017). Article no. 5989151Google Scholar
  22. 22.
    Ding, W., Ping, W.: Two birds with one stone: two-factor authentication with security beyond conventional bound. IEEE Trans. Dependable Secure Comput. PP(99), 1 (2016)Google Scholar
  23. 23.
    Yeh, K.-H.: A provably secure multi-server based authentication scheme. Wirel. Pers. Commun. 79(3), 1621–1634 (2014)CrossRefGoogle Scholar
  24. 24.
    Wei, J., Liu, W., Hu, X.: Cryptanalysis and improvement of a robust smart card authentication scheme for multi-server architecture. Wirel. Pers. Commun. 77(3), 2255–2269 (2014)CrossRefGoogle Scholar
  25. 25.
    Li, X., Niu, J., Kumari, S., Liao, J., Liang, W.: An enhancement of a smart card authentication scheme for multi-server architecture. Wirel. Pers. Commun. Int. J. 80(1), 175–192 (2015)CrossRefGoogle Scholar
  26. 26.
    Lili, X., Fan, W.: Cryptanalysis and improvement of a user authentication scheme preserving uniqueness and anonymity for connected health care. J. Med. Syst. 39(2), 10 (2015)MathSciNetCrossRefGoogle Scholar

Copyright information

© Springer International Publishing AG, part of Springer Nature 2018

Authors and Affiliations

  1. 1.State Key Lab of Software Engineering, Computer SchoolWuhan UniversityWuhanChina
  2. 2.Fujian Provincial Key Laboratory of Network Security and Cryptology, School of Mathematics and Computer ScienceFujian Normal UniversityFuzhouChina

Personalised recommendations