Examining Smart-Card Security under the Threat of Power Analysis Attacks
IEEE Transactions on Computers
Password Authentication Using Multiple Servers
CT-RSA 2001 Proceedings of the 2001 Conference on Topics in Cryptology: The Cryptographer's Track at RSA
CRYPTO '99 Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology
Server-Assisted Generation of a Strong Secret from a Password
WETICE '00 Proceedings of the 9th IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises
An Efficient and Secure Multi-Server Password Authentication Scheme using Smart Cards
CW '04 Proceedings of the 2004 International Conference on Cyberworlds
A Remote Authentication Scheme Preserving User Anonymity
AINA '05 Proceedings of the 19th International Conference on Advanced Information Networking and Applications - Volume 2
Threshold Password-Authenticated Key Exchange
Journal of Cryptology
Security Enhancement for a Dynamic ID-Based Remote User Authentication Scheme
NWESP '05 Proceedings of the International Conference on Next Generation Web Services Practices
A Practical Password-Based Two-Server Authentication and Key Exchange System
IEEE Transactions on Dependable and Secure Computing
A new two-server approach for authentication with short secrets
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
An Efficient Multi-server Password Authenticated Key Agreement Scheme Using Smart Cards
MUE '07 Proceedings of the 2007 International Conference on Multimedia and Ubiquitous Engineering
A secure dynamic ID based remote user authentication scheme for multi-server environment
Computer Standards & Interfaces
Computer Standards & Interfaces
Provably secure threshold password-authenticated key exchange
EUROCRYPT'03 Proceedings of the 22nd international conference on Theory and applications of cryptographic techniques
Improving the dynamic ID-Based remote mutual authentication scheme
OTM'06 Proceedings of the 2006 international conference on On the Move to Meaningful Internet Systems: AWeSOMe, CAMS, COMINF, IS, KSinBIT, MIOS-CIAO, MONET - Volume Part I
Efficient multi-server password authenticated key agreement using smart cards
IEEE Transactions on Consumer Electronics
A dynamic ID-based remote user authentication scheme
IEEE Transactions on Consumer Electronics
A remote password authentication scheme for multiserver architecture using neural networks
IEEE Transactions on Neural Networks
Journal of Network and Computer Applications
A combined approach to ensure data security in cloud computing
Journal of Network and Computer Applications
Security and Communication Networks
Future Generation Computer Systems
NSS'12 Proceedings of the 6th international conference on Network and System Security
New identity-based three-party authenticated key agreement protocol with provable security
Journal of Network and Computer Applications
Journal of Computer and System Sciences
Advanced remote user authentication protocol for multi-server architecture based on ECC
Journal of Information Security and Applications
Robust Smart Card Authentication Scheme for Multi-server Architecture
Wireless Personal Communications: An International Journal
Hi-index | 0.00 |
Most of the password based authentication protocols rely on single authentication server for the user's authentication. User's verification information stored on the single server is a main point of susceptibility and remains an attractive target for the attacker. In 2009, Hsiang and Shih improved Liao and Wang's dynamic identity based smart card authentication protocol for multi-server environment. However, we found that Hsiang and Shih's protocol is susceptible to replay attack, impersonation attack and stolen smart card attack. Moreover, the password change phase of Hsiang and Shih's protocol is incorrect. This paper presents a secure dynamic identity based authentication protocol for multi-server architecture using smart cards that resolves the aforementioned security flaws, while keeping the merits of Hsiang and Shih's protocol. It uses two-server paradigm in which different levels of trust are assigned to the servers and the user's verifier information is distributed between these two servers known as the service provider server and the control server. The service provider server is more exposed to the clients than the control server. The back-end control server is not directly accessible to the clients and thus it is less likely to be attacked. The user's smart card uses stored information in it and random nonce value to generate dynamic identity. The proposed protocol is practical and computationally efficient because only nonce, one-way hash functions and XOR operations are used in its implementation. It provides a secure method to change the user's password without the server's help. In e-commerce, the number of servers providing the services to the user is usually more than one and hence secure authentication protocols for multi-server environment are required.