A two‐factor authentication scheme with anonymity for multi‐server environments

Chen, Chi-Tung; Lee, Cheng‐Chi

doi:10.1002/sec.1109

Cited by 47 publications

(77 citation statements)

References 32 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…It is evident from the reported results that our scheme fulfills the design properties, and our scheme is also secure under the test of AVISPA using OFMC and CLAtSe backends with the bounded number of sessions. (Li et al, 2015) and Chen-Lee's scheme (Chen et al, 2015). …”

Section: Analysis Of Resultsmentioning

confidence: 99%

“…Li et al's scheme (Li et al, 2015) is vulnerable to privileged-insider attack, stolen smart card attack and user impersonation attack, and it does not support formal security verification using AVISPA tool. Similar to Li et al's scheme, Chen-Lee's scheme (Chen et al, 2015) is vulnerable to privilegedinsider attack, stolen smart card attack and user impersonation attack, and it does not support formal security verification using AVISPA tool. On the other hand, our proposed scheme provides better security features as compared to those for both Pippal et al's scheme and Wei et al's scheme.…”

Section: Functionality Comparisonmentioning

confidence: 95%

“…Communication overhead Lee et al (2014) 3 messages (2880 bits) Li et al (2015) 4 messages (2240 bits) Chen et al (2015) 3 messages (1280 bits) Pippal et al (2013) 3 messages (5056 bits) Wei et al (2014) 3 messages (2994 bits) Ours 2 messages (2592 bits)…”

Section: Fig 4 -Role Specification In Hlpsl For the Servermentioning

confidence: 98%

“…We take 1024-bit prime p for modular exponentiation. The service period in ChenLee's scheme (Chen et al, 2015) is taken as 32 bits. …”

Section: Fig 4 -Role Specification In Hlpsl For the Servermentioning

confidence: 99%

“…Chen-Lee (Chen et al, 2015) also presented a two-factor authentication scheme with anonymity for multi-server environments. Similar to the above analysis done in Li et al's scheme (Li et al, 2015), it can be shown that Chen-Lee's scheme is insecure against privileged-insider attack.…”

Section: Introductionmentioning

confidence: 97%

See 4 more Smart Citations

Design of a secure smart card-based multi-server authentication scheme

Chaturvedi

Das

Mishra

et al. 2016

Journal of Information Security and Applications

View full text Add to dashboard Cite

Section: Analysis Of Resultsmentioning

confidence: 99%

Section: Functionality Comparisonmentioning

confidence: 95%

Section: Fig 4 -Role Specification In Hlpsl For the Servermentioning

confidence: 98%

“…We take 1024-bit prime p for modular exponentiation. The service period in ChenLee's scheme (Chen et al, 2015) is taken as 32 bits. …”

Section: Fig 4 -Role Specification In Hlpsl For the Servermentioning

confidence: 99%

Section: Introductionmentioning

confidence: 97%

See 3 more Smart Citations

Design of a secure smart card-based multi-server authentication scheme

Chaturvedi

Das

Mishra

et al. 2016

Journal of Information Security and Applications

View full text Add to dashboard Cite

An improved lightweight multiserver authentication scheme

Irshad

Chaudhry

Kumari

et al. 2017

Int J Communication

View full text Add to dashboard Cite

Summary Multiserver authentication complies with the up‐to‐date requirements of Internet services and latest applications. The multiserver architecture enables the expedient authentication of subscribers on an insecure channel for the delivery of services. The users rely on a single registration of a trusted third party for the procurement of services from various servers. Recently, Chen and Lee, Moon et al, and Wang et al presented multiserver key agreement schemes that are found to be vulnerable to many attacks according to our analysis. The Chen and Lee scheme was found susceptible to impersonation attack, trace attack, stolen smart card attack exposing session key, key‐compromise impersonation attack, and inefficient password modification. The Moon et al is susceptible to stolen card attack leading to further attacks, ie, identity guessing, key‐compromise impersonation attack, user impersonation attack, and session keys disclosure, while Wang et al is also found to be prone to trace attack, session‐specific temporary information attack, key‐compromise information attack, and privileged insider attack leading to session key disclosure and user impersonation attacks. We propose an improved protocol countering the indicated weaknesses of these schemes in an equivalent cost. Our scheme demonstrates automated and security analysis on the basis of Burrows‐Abadi‐Needham logic and also presents the performance evaluation for related schemes.

show abstract

Provable analysis and improvement of smart card–based anonymous authentication protocols

Far

Alagheband

2018

Int J Communication

View full text Add to dashboard Cite

Summary Nowadays, authentication protocols are essential for secure communications specially for roaming networks, distributed computer networks, and remote wireless communication. The numerous users in these networks rise vulnerabilities. Thus, privacy‐preserving methods have to be run to provide more reliable services and sustain privacy. Anonymous authentication is a method to remotely authenticate users with no revelation about their identity. In this paper, we analyze 2 smart card–based protocols that the user's identity is anonymous. However, we represent that they are vulnerable to privileged insider attack. It means that the servers can compromise the users' identity for breaking their privacy. Also, we highlight that the Wen et al protocol has flaws in both stolen smart card and stolen server attacks and the Odelu et al protocol is traceable. Then, we propose 2 modified anonymous authentication protocols. Finally, we analyze our improved protocols with both heuristic and formal methods.

show abstract

A two‐factor authentication scheme with anonymity for multi‐server environments

Cited by 47 publications

References 32 publications

Design of a secure smart card-based multi-server authentication scheme

Design of a secure smart card-based multi-server authentication scheme

An improved lightweight multiserver authentication scheme

Provable analysis and improvement of smart card–based anonymous authentication protocols

Contact Info

Product

Resources

About