Online citations, reference lists, and bibliographies.
← Back to Search

A Secure And Anonymous Two-Factor Authentication Protocol In Multiserver Environment

Chenyu Wang, Guoai Xu, W. Li
Published 2018 · Computer Science

Cite This
Download PDF
Analyze on Scholarcy
Share
With the great development of network technology, the multiserver system gets widely used in providing various of services. And the two-factor authentication protocols in multiserver system attract more and more attention. Recently, there are two new schemes for multiserver environment which claimed to be secure against the known attacks. However, after a scrutinization of these two schemes, we found that their description of the adversary’s abilities is inaccurate; their schemes suffer from many attacks. Thus, firstly, we corrected their description on the adversary capacities to introduce a widely accepted adversary model and then summarized fourteen security requirements of multiserver based on the works of pioneer contributors. Secondly, we revealed that one of the two schemes fails to preserve forward secrecy and user anonymity and cannot resist stolen-verifier attack and off-line dictionary attack and so forth and also demonstrated that another scheme fails to preserve forward secrecy and user anonymity and is not secure to insider attack and off-line dictionary attack, and so forth. Finally, we designed an enhanced scheme to overcome these identified weaknesses, proved its security via BAN logic and heuristic analysis, and then compared it with other relevant schemes. The comparison results showed the superiority of our scheme.
This paper references
10.1002/dac.2468
Security flaws in two improved remote user authentication schemes using smart cards
C. Ma (2014)
Zipfs law in passwords
D. Wang (2017)
10.1145/2897845.2897916
The Request for Better Measurement: A Comparative Evaluation of Two-Factor Authentication Schemes
Ding Wang (2016)
10.1049/iet-ifs.2012.0206
Efficient and secure dynamic ID-based remote user authentication scheme for distributed systems using smart cards
J. Leu (2014)
10.1002/dac.2793
Design and analysis of an improved smartcard-based remote user password authentication scheme
S. H. Islam (2016)
10.1109/TPDS.2010.206
A Generic Framework for Three-Factor Authentication: Preserving Security and Privacy in Distributed Systems
Xinyi Huang (2011)
10.1002/dac.3336
A lightweight password-based authentication protocol using smart card
Chenyu Wang (2017)
10.1109/TIFS.2016.2573746
Efficient and Anonymous Mobile User Authentication Protocol Using Self-Certified Public Key Cryptography for Multi-Server Architectures
D. He (2016)
10.1016/j.csi.2008.11.002
Improvement of the secure dynamic ID based remote user authentication scheme for multi-server environment
H. Hsiang (2009)
10.1109/TCE.2004.1277870
Efficient multi-server password authenticated key agreement using smart cards
W. Juang (2004)
10.1109/72.963786
A remote password authentication scheme for multiserver architecture using neural networks
L. Li (2001)
10.1002/dac.3351
An improved lightweight multiserver authentication scheme
A. Irshad (2017)
10.1145/77648.77649
A logic of authentication
M. Burrows (1990)
10.1016/j.csi.2007.10.007
A secure dynamic ID based remote user authentication scheme for multi-server environment
Yi-Pin Liao (2009)
10.1002/sec.1214
A new authentication protocol for healthcare applications using wireless medical sensor networks with user anonymity
X. Li (2016)
10.1002/dac.2853
Design of a user anonymous password authentication scheme without smart card
S. Kumari (2016)
10.1016/j.cose.2008.04.001
Efficient multi-server authentication scheme based on one-way hash function without verification table
Jia-Lun Tsai (2008)
10.1109/TDSC.2014.2355850
Anonymous Two-Factor Authentication in Distributed Systems: Certain Goals Are Beyond Attainment
Ding Wang (2015)
10.1109/TDSC.2013.2297110
Robust Multi-Factor Authentication for Fragile Communications
Xinyi Huang (2014)
10.1109/CW.2004.17
An efficient and secure multi-server password authentication scheme using smart cards
C. Chang (2004)
10.1016/j.future.2016.10.004
Design of a provably secure biometrics-based multi-cloud-server authentication scheme
S. Kumari (2017)
10.1007/s11042-017-5078-y
A secure mutual authenticated key agreement of user with multiple servers for critical systems
A. Irshad (2017)
Two-Factor User Authentication in Multi-Server Networks
C. Li (2012)
10.1109/TIFS.2015.2439964
A Secure Biometrics-Based Multi-Server Authentication Protocol Using Smart Cards
Vanga Odelu (2015)
Design and Analysis of a Provably Secure Multiserver Authentication Scheme
D. Mishra (2016)
10.1109/TDSC.2016.2605087
Two Birds with One Stone: Two-Factor Authentication with Security Beyond Conventional Bound
Ding Wang (2018)
Analysis and improvement on an efficient biometricbased remote user authentication scheme using smart cards
A.K.Das (2011)
10.1016/j.jnca.2010.11.011
A secure dynamic identity based authentication protocol for multi-server architecture
S. Sood (2011)
10.1007/s11277-014-2002-x
An Enhancement of a Smart Card Authentication Scheme for Multi-server Architecture
X. Li (2015)
Design and analysis of an improved smartcardbased remote user password authentication scheme
S. H. Islam (2016)
10.1016/S0167-739X(02)00093-6
A new remote user authentication scheme for multi-server architecture
I. Lin (2003)
10.1007/s11277-015-2975-0
Design and Analysis of a Provably Secure Multi-server Authentication Scheme
Dheerendra Mishra (2016)
10.1016/j.comnet.2014.07.010
On the anonymity of two-factor authentication schemes for wireless sensor networks: Attacks, principle and solutions
Ding Wang (2014)
10.1002/dac.2858
Cryptanalysis and security enhancement of a robust two-factor authentication and key agreement protocol
Q. Xie (2016)
10.1002/sec.1305
A new authenticated key agreement scheme based on smart cards providing user anonymity with formal proof
F. Wu (2015)
10.3390/s17112681
A Lightweight Anonymous Authentication Protocol with Perfect Forward Secrecy for Wireless Sensor Networks
Ling Xiong (2017)
10.1049/iet-ifs.2010.0125
Analysis and improvement on an efficient biometric-based remote user authentication scheme using smart cards
A. K. Das (2011)
10.1155/2017/1619741
Cryptanalysis of Three Password-Based Remote User Authentication Schemes with Non-Tamper-Resistant Smart Card
Chenyu Wang (2017)
10.4236/jis.2012.34040
Dynamic Identity Based Authentication Protocol for Two-Server Architecture
S. Sood (2012)
Secure and Efficient Smart Card Based Remote User Password Authentication Scheme
Jianghong Wei (2016)
10.1007/s12652-017-0516-2
Security analysis and improvement of bio-hashing based three-factor authentication scheme for telecare medical information systems
Qi Jiang (2018)
10.1016/j.compeleceng.2017.03.016
Efficient end-to-end authentication protocol for wearable health monitoring systems
Qi Jiang (2017)
10.1002/sec.1653
An enhanced multi-server authentication protocol using password and smart-card: cryptanalysis and design
Tanmoy Maitra (2016)
10.1016/j.csi.2004.03.004
A smart card-based remote scheme for password authentication in multi-server Internet services
W. Tsaur (2004)
10.1109/TIFS.2017.2721359
Zipf’s Law in Passwords
Ding Wang (2017)
Cryptanalysis and Efficient Dynamic ID Based Remote User Authentication Scheme in Multi-server Environment Using Smart Card
R. Amin (2016)
10.1109/ACCESS.2017.2673239
Lightweight Three-Factor Authentication and Key Agreement Protocol for Internet-Integrated Wireless Sensor Networks
Q. Jiang (2017)



This paper is referenced by
10.1007/978-981-15-1384-8_15
Performance Analysis of Collaborative Recommender System: A Heuristic Approach
Akanksha Bansal Chopra (2019)
10.1155/2019/2838615
A Provably Secure Biometrics-Based Authentication Scheme for Multiserver Environment
Feifei Wang (2019)
10.1016/j.cose.2019.101619
Understanding security failures of multi-factor authentication schemes for multi-server environments
Ding Wang (2020)
10.1155/2018/3048697
An Enhanced User Authentication Protocol Based on Elliptic Curve Cryptosystem in Cloud Computing Environment
Chenyu Wang (2018)
10.1155/2020/8899409
Enhancing Transaction Security for Handling Accountability in Electronic Health Records
Chian Techapanupreed (2020)
10.1007/978-981-13-5953-8_4
Integrated Cryptography for Internet of Things Using TBF Approach
S. Sharma (2019)
10.1016/J.FUTURE.2019.06.020
Two-factor authentication in industrial Internet-of-Things: Attacks, evaluation and new construction
W. Li (2019)
10.1109/icoac44903.2018.8939070
Cryptanalysis of Provably Secure Authentication Scheme for Multi-Server Environment
T. Sudhakar (2018)
10.1007/s11277-020-07462-4
An Enhanced Authentication Protocol for Multi-server Environment Using Password and Smart Card
T. Sudhakar (2020)
10.1007/978-3-030-01950-1_50
Revisiting Anonymous Two-Factor Authentication Schemes for Multi-server Environment
P. Wang (2018)
10.1109/ACCESS.2020.3000790
On the Design of Secure and Efficient Three-Factor Authentication Protocol Using Honey List for Wireless Sensor Networks
Joonyoung Lee (2020)
10.1371/journal.pone.0202657
An efficient dynamic ID-based remote user authentication scheme using self-certified public keys for multi-server environments
D. Zhao (2018)
10.1145/3325130
Efficient Multi-Factor User Authentication Protocol with Forward Secrecy for Real-Time Data Access in WSNs
Ding Wang (2020)
10.1007/S11276-018-1828-7
Authentication scheme based on smart card in multi-server environment
Simin Zhou (2020)
10.37200/ijpr/v24i4/pr201594
Multifactor Authentication - A Study on User Preference, Remembering Ability, Error Rate and Time Consumption
S. Vaithyasubramanian (2019)
Semantic Scholar Logo Some data provided by SemanticScholar