Cryptanalysis and Security Enhancement of Three-Factor Remote User Authentication Scheme for Multi-Server Environment

2017 ◽  
Vol 13 (1) ◽  
pp. 85-101 ◽  
Author(s):  
Preeti Chandrakar ◽  
Hari Om
Keyword(s):  
User Authentication ◽  
Denial Of Service ◽  
Mutual Authentication ◽  
Authentication Scheme ◽  
Security Attacks ◽  
Session Key ◽  
Remote User Authentication ◽  
Multi Server ◽  
Remote User ◽  
Three Factor

Recently, Om et al. proposed three-factor remote user authentication protocol using ElGamal cryptosystem and ensured that it is withstands to various kinds of security attacks. But, the authors review carefully Om et al.'s scheme and discover that it unable to resist three attacks (like password guessing; denial of service; and user impersonation). Moreover, their protocol is not facilitating user anonymity. To solve these security vulnerabilities, the authors devise a secure and robust anonymous identity based authentication scheme for multi-server environment. The authentication proof of the proposed scheme has validated using BAN (Burrows-Abadi-Needham) logic, which confirms the protocol facilitates mutual authentication and session-key negotiation securely. Informal security analysis also confirms that it is well protected against various security attacks. In addition, the proposed work is compared along with other schemes (in the context of smart card storage and computation costs as well as execution time).

A New Remote User Authentication Scheme on Three Dimensions

2013 ◽  
Vol 846-847 ◽  
pp. 1707-1710
Author(s):  
Wei Chen Wu
Keyword(s):  
User Authentication ◽  
Mutual Authentication ◽  
Authentication Scheme ◽  
Three Dimensions ◽  
Session Key ◽  
Remote User Authentication ◽  
User Authentication Scheme ◽  
Remote System ◽  
Multi Server ◽  
Remote User

The authors present a new remote user authentication scheme on three dimensions for multi-server environments. The merits include: the scheme can be used in multi-server environments; the system does not need to maintain any verification table; the users who have registered with various servers do not need to remember different login passwords for each; the ability to choose passwords freely and change them offline; mutual authentication is provided between the user and the remote system; a session key agreed by the user and the remote system is generated in every session. Furthermore, we propose a specific Access Right (AR). The AR means the legal users have different level of authorization based on which server in the multi-server environment in used.

scholarly journals An Enhanced Approach for Three Factor Remote User Authentication in Multi-Server Environment

2018 ◽  
Author(s):  
Dhara Joshi ◽  
Chintan Patel ◽  
Nishant Doshi ◽  
Rutvij Jhaveri ◽  
Xianmin Wang
Keyword(s):  
User Authentication ◽  
Authentication Scheme ◽  
User Needs ◽  
Single Server ◽  
Session Key ◽  
Replay Attack ◽  
Password Guessing Attack ◽  
Remote User Authentication ◽  
Multi Server ◽  
Remote User

With quick improvement in the field of network, everything becomes online. Remote user authentication is a mechanism in which remote server verify the correctness of user over common or public channel. Remote user authentication can be Single server authentication or Multi server authentication. The disadvantage of single server authentication is that the user needs to recall user id and password for each service, he/she need to utilize, however it can overcome by Multi-server authentication in which user needs to register himself with Registration Center (RC) for the first run through and after that onwards he can utilize each service (which are given by servers, associated with RC) by recollecting only one user id and password. In this paper, we analyze Chen's authentication scheme (based on multi server authentication) and show that this scheme is vulnerable to password guessing attack, replay attack, RC spoofing attack, session key verification attack and perfect forward secrecy attack. In this Paper, we propose a biometric based remote user authentication scheme in multi-server environment. Proposed scheme is more secure and efficient as compared to chen's scheme\cite{23}.

Sign in / Sign up

Export Citation Format

Share Document