A secure dynamic identity based authentication protocol for multi-server architecture

Sood, Sandeep K.; Sarje, Anil K.; Singh, Kuldip

doi:10.1016/j.jnca.2010.11.011

Cited by 209 publications

(153 citation statements)

References 18 publications

(20 reference statements)

Supporting

Mentioning

152

Contrasting

Order By: Relevance

“…Generally, identity and password of the user are low entropy in cryptography, that means the adversary can guess the identity and password individually using dictionary attack in polynomial time. But, the adversary cannot guess identity and password simultaneously in on-line/off-line within a polynomial time as pointed out in [34]. According to our adversary model, we consider two following cases:…”

Section: Modelmentioning

confidence: 99%

A Three Factor Remote User Authentication Scheme Using Collision Resist Fuzzy Extractor in Single Server Environment

Giri

Maitra

2017

ITM Web Conf.

View full text Add to dashboard Cite

Abstract. Due to rapid growth of online applications, it is needed to provide such a facility by which communicators can get the services by applying the applications in a secure way. As communications are done through an insecure channel like Internet, any adversary can trap and modify the communication messages. Only authentication procedure can overcome the aforementioned problem. Many researchers have proposed so many authentication schemes in this literature. But, this paper has shown that many of them are not usable in real world application scenarios because, the existing schemes cannot resist all the possible attacks. Therefore, this paper has proposed a three factor authentication scheme using hash function and fuzzy extractor. This paper has further analyzed the security of the proposed scheme using random oracle model. The analysis shows that the proposed scheme can resist all the possible attacks. Furthermore, comparison between proposed scheme and related existing schemes shows that the proposed scheme has better trade-off among storage, computational and communication costs.

show abstract

Section: Modelmentioning

confidence: 99%

A Three Factor Remote User Authentication Scheme Using Collision Resist Fuzzy Extractor in Single Server Environment

Giri

Maitra

2017

ITM Web Conf.

View full text Add to dashboard Cite

show abstract

“…To remedy these flaws, Hsiang and Shih proposed an improvement over Liao and Wang's protocol. In 2010, Sood et al [11] found that Hsiang and Shih protocol is also found to be flawed for replay attack, impersonation attack and stolen smart card attack.…”

Section: Related Workmentioning

confidence: 99%

Dynamic Identity Based Authentication Protocol for Two-Server Architecture

Sood¹

2012

JIS

View full text Add to dashboard Cite

Most of the password based authentication protocols make use of the single authentication server for user's authentication. User's verifier information stored on the single server is a main point of susceptibility and remains an attractive target for the attacker. On the other hand, multi-server architecture based authentication protocols make it difficult for the attacker to find out any significant authentication information related to the legitimate users. In 2009, Liao and Wang proposed a dynamic identity based remote user authentication protocol for multi-server environment. However, we found that Liao and Wang's protocol is susceptible to malicious server attack and malicious user attack. This paper presents a novel dynamic identity based authentication protocol for multi-server architecture using smart cards that resolves the aforementioned flaws, while keeping the merits of Liao and Wang's protocol. It uses two-server paradigm by imposing different levels of trust upon the two servers and the user's verifier information is distributed between these two servers known as the service provider server and the control server. The proposed protocol is practical and computational efficient because only nonce, one-way hash function and XOR operations are used in its implementation. It provides a secure method to change the user's password without the server's help. In e-commerce, the number of servers providing the services to the user is usually more than one and hence secure authentication protocols for multi-server environment are required.

show abstract

“…Since then a considerable amount of research [1][2][3][4][5][6][7][8][9][10] has been carried out in this field. In 2009, Hsiang and Shih [1] showed that Liao-Wang [2] scheme cannot resist insider attack, masquerade attack, and server spoofing attack, meanwhile, the scheme cannot achieve mutual authentication.…”

Section: Introductionmentioning

confidence: 99%

“…In 2009, Hsiang and Shih [1] showed that Liao-Wang [2] scheme cannot resist insider attack, masquerade attack, and server spoofing attack, meanwhile, the scheme cannot achieve mutual authentication. And they proposed an enhanced scheme on Liao-Wang scheme, However, Sood et al [3] pointed out that Hsiang et al's scheme is still insecure; it fails to resist replay attack, impersonation attack and stolen smart attack. And they proposed a secure dynamic identity based authentication scheme.…”

Section: Introductionmentioning

confidence: 99%

Security Weaknesses of Li's Remote User Password Authentication Scheme Using Smart Card

Ling¹,

Zhao²,

Liu³

2015

Proceedings of the 2015 International Conference on Materials Engineering and Information Technology Applications

View full text Add to dashboard Cite

Abstract. User authentication is an important technology to guarantee that only the legal users can access resources from the remote server. The advantages of smart cards are storage and computation abilities. Recently, Li et al. pointed out the security problems of Chen et al's password authentication scheme and they proposed an enhanced smart card based remote user password authentication scheme and claimed it is secure, However, We find that Li scheme is still vulnerable. It cannot resist user impersonation attack and insider attack. Besides, it also suffers from user anonymity violation and clock synchronization problem.

show abstract

A secure dynamic identity based authentication protocol for multi-server architecture

Cited by 209 publications

References 18 publications

A Three Factor Remote User Authentication Scheme Using Collision Resist Fuzzy Extractor in Single Server Environment

A Three Factor Remote User Authentication Scheme Using Collision Resist Fuzzy Extractor in Single Server Environment

Dynamic Identity Based Authentication Protocol for Two-Server Architecture

Security Weaknesses of Li's Remote User Password Authentication Scheme Using Smart Card

Contact Info

Product

Resources

About