scholarly journals An Enhanced Approach for Three Factor Remote User Authentication in Multi-Server Environment

2018 ◽  
Author(s):  
Dhara Joshi ◽  
Chintan Patel ◽  
Nishant Doshi ◽  
Rutvij Jhaveri ◽  
Xianmin Wang
Keyword(s):  
User Authentication ◽  
Authentication Scheme ◽  
User Needs ◽  
Single Server ◽  
Session Key ◽  
Replay Attack ◽  
Password Guessing Attack ◽  
Remote User Authentication ◽  
Multi Server ◽  
Remote User

With quick improvement in the field of network, everything becomes online. Remote user authentication is a mechanism in which remote server verify the correctness of user over common or public channel. Remote user authentication can be Single server authentication or Multi server authentication. The disadvantage of single server authentication is that the user needs to recall user id and password for each service, he/she need to utilize, however it can overcome by Multi-server authentication in which user needs to register himself with Registration Center (RC) for the first run through and after that onwards he can utilize each service (which are given by servers, associated with RC) by recollecting only one user id and password. In this paper, we analyze Chen's authentication scheme (based on multi server authentication) and show that this scheme is vulnerable to password guessing attack, replay attack, RC spoofing attack, session key verification attack and perfect forward secrecy attack. In this Paper, we propose a biometric based remote user authentication scheme in multi-server environment. Proposed scheme is more secure and efficient as compared to chen's scheme\cite{23}.

An enhanced approach for three factor remote user authentication in multi - server environment

2020 ◽  
Vol 39 (6) ◽  
pp. 8609-8620
Author(s):  
Chintan Patel ◽  
Dhara Joshi ◽  
Nishant Doshi ◽  
A. Veeramuthu ◽  
Rutvij Jhaveri
Keyword(s):  
User Authentication ◽  
Security Analysis ◽  
Random Oracle ◽  
Agile Development ◽  
Session Key ◽  
Replay Attack ◽  
Password Guessing Attack ◽  
Remote User Authentication ◽  
Multi Server ◽  
Remote User

With the agile development of the Internet era, starting from the message transmission to money transactions, everything is online now. Remote user authentication (RUA) is a mechanism in which a remote server verifies the user’s correctness over the shared or public channel. In this paper, we analyze an RUA scheme proposed by Chen for the multi-server environment and prove that their scheme is not secured. We also find numerous vulnerabilities such as password guessing attack, replay attack, Registration Center (RC) spoofing attack, session key verification attack, and perfect forward secrecy attack for Chen’s scheme. After performing the cryptanalysis of Chen’s scheme, we propose a biometric-based RUA scheme for the same multi-server environment. We prove that the proposed authentication scheme achieves higher security than Chen’s scheme with the use of informal security analysis as well as formal security analysis. The formal security analysis of the proposed scheme is done using a widely adopted random oracle method.

A New Remote User Authentication Scheme on Three Dimensions

2013 ◽  
Vol 846-847 ◽  
pp. 1707-1710
Author(s):  
Wei Chen Wu
Keyword(s):  
User Authentication ◽  
Mutual Authentication ◽  
Authentication Scheme ◽  
Three Dimensions ◽  
Session Key ◽  
Remote User Authentication ◽  
User Authentication Scheme ◽  
Remote System ◽  
Multi Server ◽  
Remote User

The authors present a new remote user authentication scheme on three dimensions for multi-server environments. The merits include: the scheme can be used in multi-server environments; the system does not need to maintain any verification table; the users who have registered with various servers do not need to remember different login passwords for each; the ability to choose passwords freely and change them offline; mutual authentication is provided between the user and the remote system; a session key agreed by the user and the remote system is generated in every session. Furthermore, we propose a specific Access Right (AR). The AR means the legal users have different level of authorization based on which server in the multi-server environment in used.

scholarly journals Revisiting the “An Improved Remote user Authentication Scheme with Key Agreement”

2018 ◽  
Vol 11 (4) ◽  
pp. 190-194
Author(s):  
YALIN CHEN ◽  
JUE-SAM CHOU ◽  
I - CHIUNG LIAO
Keyword(s):  
Smart Card ◽  
Key Agreement ◽  
User Authentication ◽  
Authentication Scheme ◽  
Session Key ◽  
Password Guessing Attack ◽  
Remote User Authentication ◽  
User Authentication Scheme ◽  
Guessing Attack ◽  
Remote User

Recently, Kumari et al., pointed out that Chang et al.’s scheme “Untraceable dynamic-identity-based remote user authentication scheme with verifiable password update” has several drawbacks and does not provide any session key agreement. Hence, they proposed an improved remote user authentication scheme with key agreement based on Chang et al.’s protocol. They claimed that the improved method is secure. However, we found that their improvement still has both anonymity breach and smart card loss password guessing attack which cannot be violated in the ten basic requirements advocated for a secure identity authentication using smart card by Liao et al. Thus, we modify their protocol to encompass these security functionalities which are needed in a user authentication system using smart card.

Attacks on Young-Hwa An’s Improved Dynamic ID-Based Remote User Authentication Scheme

2014 ◽  
Vol 556-562 ◽  
pp. 5235-5238
Author(s):  
Cheng Qiang Xu ◽  
Zhen Li Zhang
Keyword(s):  
User Authentication ◽  
Authentication Scheme ◽  
Session Key ◽  
Forgery Attack ◽  
Password Guessing Attack ◽  
Remote User Authentication ◽  
Dynamic Id ◽  
User Authentication Scheme ◽  
Guessing Attack ◽  
Remote User

In 2011, Khan et al. analyzed and improved an enhanced secure dynamic ID-based remote user authentication scheme to overcome the weakness of Wang et al.’s scheme. In 2013, Young-Hwa An showed that Khan et al.’s scheme is not secure because Khan et al.’s scheme can not resist password guessing attack, forgery attack and does not provide user anonymity. After that he proposed a security improvement of dynamic ID-based remote user authentication scheme with session key agreement to remedy the weakness in Khan et al.’s scheme. Recently, through our study, we have found that Young-Hwa An’s mechanism is not secure enough. There still exists insider user’s attack, anonymity attack and forgery attack.

Cryptanalysis and Security Enhancement of Three-Factor Remote User Authentication Scheme for Multi-Server Environment

2017 ◽  
Vol 13 (1) ◽  
pp. 85-101 ◽  
Author(s):  
Preeti Chandrakar ◽  
Hari Om
Keyword(s):  
User Authentication ◽  
Denial Of Service ◽  
Mutual Authentication ◽  
Authentication Scheme ◽  
Security Attacks ◽  
Session Key ◽  
Remote User Authentication ◽  
Multi Server ◽  
Remote User ◽  
Three Factor

Recently, Om et al. proposed three-factor remote user authentication protocol using ElGamal cryptosystem and ensured that it is withstands to various kinds of security attacks. But, the authors review carefully Om et al.'s scheme and discover that it unable to resist three attacks (like password guessing; denial of service; and user impersonation). Moreover, their protocol is not facilitating user anonymity. To solve these security vulnerabilities, the authors devise a secure and robust anonymous identity based authentication scheme for multi-server environment. The authentication proof of the proposed scheme has validated using BAN (Burrows-Abadi-Needham) logic, which confirms the protocol facilitates mutual authentication and session-key negotiation securely. Informal security analysis also confirms that it is well protected against various security attacks. In addition, the proposed work is compared along with other schemes (in the context of smart card storage and computation costs as well as execution time).

Sign in / Sign up

Export Citation Format

Share Document