Online citations, reference lists, and bibliographies.
Please confirm you are human
(Sign Up for free to never see this)
← Back to Search

A Multi-Server Two-Factor Authentication Scheme With Un-Traceability Using Elliptic Curve Cryptography

Guosheng Xu, S. Qiu, H. Ahmad, Guoai Xu, Y. Guo, M. Zhang, Hong Xu
Published 2018 · Computer Science, Medicine

Save to my Library
Download PDF
Analyze on Scholarcy
Share
To provide secure communication, the authentication-and-key-agreement scheme plays a vital role in multi-server environments, Internet of Things (IoT), wireless sensor networks (WSNs), etc. This scheme enables users and servers to negotiate for a common session initiation key. Our proposal first analyzes Amin et al.’s authentication scheme based on RSA and proves that it cannot provide perfect forward secrecy and user un-traceability, and is susceptible to offline password guessing attack and key-compromise user impersonation attack. Secondly, we provide that Srinivas et al.’s multi-server authentication scheme is not secured against offline password guessing attack and key-compromise user impersonation attack, and is unable to ensure user un-traceability. To remedy such limitations and improve computational efficiency, we present a multi-server two-factor authentication scheme using elliptic curve cryptography (ECC). Subsequently, employing heuristic analysis and Burrows–Abadi–Needham logic (BAN-Logic) proof, it is proven that the presented scheme provides security against all known attacks, and in particular provides user un-traceability and perfect forward security. Finally, appropriate comparisons with prevalent works demonstrate the robustness and feasibility of the presented solution in multi-server environments.
This paper references
10.1016/j.ins.2015.02.010
A secure temporal-credential-based mutual authentication and key agreement scheme with pseudo identity for wireless sensor networks
D. He (2015)
An efficient and secure authentication and key agreement scheme for session initiation protocol using ECC. Multimed
H. Arshad (2014)
10.1007/springerreference_213
Differential Power Analysis
Siva Sai Yerubandi (2002)
10.1002/dac.1286
A new authenticated key agreement for session initiation protocol
Qi Xie (2012)
10.1007/978-3-319-45744-4_6
On the Implications of Zipf's Law in Passwords
Ding Wang (2016)
10.1007/s11042-011-0787-0
Elliptic curve cryptography based mutual authentication scheme for session initiation protocol
R. Arshad (2011)
10.3390/s140610081
Security Enhanced User Authentication Protocol for Wireless Sensor Networks Using Elliptic Curves Cryptography
Younsung Choi (2014)
10.1002/dac.3019
A lightweight anonymous authentication scheme for consumer roaming in ubiquitous networks with provable security
M. Farash (2017)
10.1007/s10916-014-0135-9
Cryptanalysis and Improvement of Authentication and Key Agreement Protocols for Telecare Medicine Information Systems
S. H. Islam (2014)
10.1109/TDSC.2014.2355850
Anonymous Two-Factor Authentication in Distributed Systems: Certain Goals Are Beyond Attainment
Ding Wang (2015)
10.3390/s17030644
Efficient and Security Enhanced Anonymous Authentication with Key Agreement Scheme in Wireless Sensor Networks
J. Jung (2017)
10.1007/s12652-017-0460-1
Design of a secure anonymity-preserving authentication scheme for session initiation protocol using elliptic curve cryptography
S. Kumari (2018)
10.1145/358790.358797
Password authentication with insecure communication
L. Lamport (1981)
10.1145/2976749.2978339
Targeted Online Password Guessing: An Underestimated Threat
Ding Wang (2016)
10.3390/s16122123
Three-Factor User Authentication and Key Agreement Using Elliptic Curve Cryptosystem in Wireless Sensor Networks
YoHan Park (2016)
Cryptanalysis and Improvement of an RSA Based Remote User Authentication Scheme
R. Amin (2017)
10.1002/dac.3568
Cryptanalysis and improvement of 2 mutual authentication schemes for Session Initiation Protocol
S. Qiu (2018)
10.5755/j01.itc.42.4.2496
An Enhanced Authenticated Key Agreement for Session Initiation Protocol
M. Farash (2013)
10.1016/S0167-4048(03)00709-0
Security enhancement for the timestamp-based password authentication scheme using smart cards
Jau-Ji Shen (2003)
10.4103/0256-4602.50703
Fingerprint Biometric-based Self-Authentication and Deniable Authentication Schemes for the Electronic World
M. Khan (2009)
10.1109/AINA.2014.45
An Efficient and Transparent One-Time Authentication Protocol with Non-interactive Key Scheduling and Update
A. Castiglione (2014)
10.1007/s11277-013-1039-6
Robust Smart Card Authentication Scheme for Multi-server Architecture
R. Pippal (2013)
10.1007/s11277-017-4476-9
A Self-Verifiable Password Based Authentication Scheme for Multi-Server Architecture Using Smart Card
J. Srinivas (2017)
10.1109/TIFS.2017.2721359
Zipf’s Law in Passwords
Ding Wang (2017)
10.1002/SEC.506
A secure mutual authentication scheme for session initiation protocol using elliptic curve cryptography
D. He (2012)
10.1007/s11042-014-1885-6
A secure authentication scheme with anonymity for session initiation protocol using elliptic curve cryptography
Zezhong Zhang (2014)
10.1007/978-3-540-85174-5_12
On the Power of Power Analysis in the Real World: A Complete Break of the KeeLoqCode Hopping Scheme
Thomas Eisenbarth (2008)
10.17487/RFC2617
HTTP Authentication: Basic and Digest Access Authentication
J. Franks (1999)
Security Mechanism Agreement for SIP Sessions
J. Arkko (2003)
10.1007/978-1-4615-3198-2
Elliptic curve public key cryptosystems
A. Menezes (1997)
A Self-Verifiable Password Based Authentication Scheme for Multi-Server Architecture Using Smart Card
SrinivasJangirala (2017)
10.1109/TC.2002.1004593
Examining Smart-Card Security under the Threat of Power Analysis Attacks
Thomas S. Messerges (2002)
10.1109/ACCESS.2017.2780124
A Robust Mutual Authentication Scheme Based on Elliptic Curve Cryptography for Telecare Medical Information Systems
S. Qiu (2018)
10.1016/j.compeleceng.2011.09.015
An improved timestamp-based remote user authentication scheme
A. Awasthi (2011)
Elliptic curve cryptography based mutual authentication scheme for session initiation
R. Arshad (2013)
10.1007/3-540-45608-2_2
The Logic of Authentication Protocols
P. Syverson (2000)
10.1007/s11277-014-2002-x
An Enhancement of a Smart Card Authentication Scheme for Multi-server Architecture
X. Li (2015)
10.1145/77648.77649
A logic of authentication
M. Burrows (1990)
10.1007/s12083-014-0285-z
An efficient two-factor user authentication scheme with unlinkability for wireless sensor networks
Q. Jiang (2015)
10.3390/s110504767
A Secured Authentication Protocol for Wireless Sensor Networks Using Elliptic Curves Cryptography
Hsiu-lien Yeh (2011)
10.3390/s151229767
Enhanced Two-Factor Authentication and Key Agreement Using Dynamic Identities in Wireless Sensor Networks
I. Chang (2015)
10.1016/j.adhoc.2012.01.002
An efficient remote user authentication and key agreement protocol for mobile client-server environment from pairings
Debiao He (2012)
10.1371/journal.pone.0194072
An enhanced password authentication scheme for session initiation protocol with perfect forward secrecy
S. Qiu (2018)
10.1109/SURV.2013.091513.00050
A Survey of SIP Authentication and Key Agreement Schemes
H. H. Kilinc (2014)
10.1007/s11277-017-4408-8
Cryptanalysis and Improvement of an RSA Based Remote User Authentication Scheme Using Smart Card
R. Amin (2017)
10.1155/2013/730831
A New User Authentication Protocol for Wireless Sensor Networks Using Elliptic Curves Cryptography
Wenbo Shi (2013)
10.1016/j.adhoc.2014.03.003
Understanding security failures of two-factor authentication schemes for real-time applications in hierarchical wireless sensor networks
Ding Wang (2014)
10.1109/TDSC.2016.2605087
Two Birds with One Stone: Two-Factor Authentication with Security Beyond Conventional Bound
Ding Wang (2018)
Cryptanalysis and Improvement of an Improved Two Factor Authentication Protocol for Telecare
S. A. Chaudhry (2015)
Enhancement of Timestamp-based User Authentication Scheme with Smart Card
Hui-Feng Huang (2014)
10.1016/j.ins.2015.03.070
Preserving privacy for free: Efficient and provably secure two-factor authentication scheme with user anonymity
Ding Wang (2015)
10.1145/1941530.1941540
The Impact of TLS on SIP Server Performance: Measurement and Modeling
Charles Shen (2012)
10.1016/j.comnet.2014.07.010
On the anonymity of two-factor authentication schemes for wireless sensor networks: Attacks, principle and solutions
Ding Wang (2014)
10.1145/74850.74852
A logic of authentication
M. Burrows (1989)
SIP Security Requirements; Work In Progress
M. Thomas (2001)
10.1007/s11042-014-2282-x
An efficient and secure authentication and key agreement scheme for session initiation protocol using ECC
Hamed Arshad (2014)
10.1109/TII.2018.2834351
Measuring Two-Factor Authentication Schemes for Real-Time Data Access in Industrial Wireless Sensor Networks
Ding Wang (2018)
10.1016/j.cose.2004.10.007
Secure authentication scheme for session initiation protocol
C. Yang (2005)
10.1002/sec.1672
A provably secure anonymous authentication scheme for Session Initiation Protocol
Shehzad Ashraf Chaudhry (2016)
10.1007/s10916-015-0244-0
Cryptanalysis and Improvement of an Improved Two Factor Authentication Protocol for Telecare Medical Information Systems
Shehzad Ashraf Chaudhry (2015)



This paper is referenced by
10.3390/s19102358
Secure Three-Factor Authentication Protocol for Multi-Gateway IoT Environments
Joonyoung Lee (2019)
10.3390/s18114021
Dynamic Cipher Puzzle for Efficient Broadcast Authentication in Wireless Sensor Networks
Farah Afianti (2018)
10.1007/s12083-020-00906-5
PSTRM: Privacy-aware sociopsychological trust and reputation model for wireless sensor networks
Henry Nunoo-Mensah (2020)
10.3390/s20020501
Lightweight Authentication Protocol for M2M Communications of Resource-Constrained Devices in Industrial Internet of Things
E. Lara (2020)
10.1109/ICCCN.2019.8847031
A Secure Multi-Factor Remote User Authentication Scheme for Cloud-IoT Applications
Joonyoung Lee (2019)
10.3390/sym12010150
A Secure Authentication and Key Agreement Scheme for IoT-Based Cloud Computing Environment
Y. Yu (2020)
10.1155/2020/3579705
Chebyshev Polynomial-Based Authentication Scheme in Multiserver Environment Polynomial-Based Authentication Scheme
T. Truong (2020)
10.1007/s11276-020-02368-2
Prediction-based secured handover authentication for mobile cloud computing
Walid I. Khedr (2020)
10.1109/ACCESS.2019.2933576
A Privacy-Preserving RLWE-Based Remote Biometric Authentication Scheme for Single and Multi-Server Environments
Hailong Yao (2019)
10.1007/s12652-020-02020-z
Security protocol using elliptic curve cryptography algorithm for wireless sensor networks
R. Qazi (2020)
10.1109/ACCESS.2020.2982359
A Silent Password Recognition Framework Based on Lip Analysis
Mohamed Ezz (2020)
10.1007/s11277-020-07462-4
An Enhanced Authentication Protocol for Multi-server Environment Using Password and Smart Card
T. Sudhakar (2020)
10.3390/s19010129
Two-Factor-Based Public Data Protection Scheme in Smart Ocean Management
Jian Shen (2019)
10.1155/2020/2523834
Efficient Hierarchical Authentication Protocol for Multiserver Architecture
J. Kou (2020)
10.14569/IJACSA.2018.091185
A Secure User Authentication Scheme with Biometrics for IoT Medical Environments
YoHan Park (2018)
Semantic Scholar Logo Some data provided by SemanticScholar