An extended chaotic-maps-based protocol with key agreement for multiserver environments

Lee, Cheng‐Chi; Lou, Der‐Chyuan; Li, Chun-Ta; Hsu, Che-Wei

doi:10.1007/s11071-013-1174-3

Cited by 52 publications

(37 citation statements)

References 32 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In MSA architecture, [27][28][29][30][31][32] the users get registered through a centralized control center. Thereafter, the users may get services of authorized service providers without reregistration.…”

Section: Multiserver Authentication Architecturementioning

confidence: 99%

An improved lightweight multiserver authentication scheme

Irshad

Chaudhry

Kumari

et al. 2017

Int J Communication

View full text Add to dashboard Cite

Summary Multiserver authentication complies with the up‐to‐date requirements of Internet services and latest applications. The multiserver architecture enables the expedient authentication of subscribers on an insecure channel for the delivery of services. The users rely on a single registration of a trusted third party for the procurement of services from various servers. Recently, Chen and Lee, Moon et al, and Wang et al presented multiserver key agreement schemes that are found to be vulnerable to many attacks according to our analysis. The Chen and Lee scheme was found susceptible to impersonation attack, trace attack, stolen smart card attack exposing session key, key‐compromise impersonation attack, and inefficient password modification. The Moon et al is susceptible to stolen card attack leading to further attacks, ie, identity guessing, key‐compromise impersonation attack, user impersonation attack, and session keys disclosure, while Wang et al is also found to be prone to trace attack, session‐specific temporary information attack, key‐compromise information attack, and privileged insider attack leading to session key disclosure and user impersonation attacks. We propose an improved protocol countering the indicated weaknesses of these schemes in an equivalent cost. Our scheme demonstrates automated and security analysis on the basis of Burrows‐Abadi‐Needham logic and also presents the performance evaluation for related schemes.

show abstract

Section: Multiserver Authentication Architecturementioning

confidence: 99%

An improved lightweight multiserver authentication scheme

Irshad

Chaudhry

Kumari

et al. 2017

Int J Communication

View full text Add to dashboard Cite

show abstract

“…In addition, Wei et al's scheme does not provide the formal security verification using AVISPA tool as well as formal verification using BAN logic. Lee et al's scheme (Lee et al, 2014) is inefficient login and authentication phase and it does not provide formal security verification using AVISPA tool. Li et al's scheme (Li et al, 2015) is vulnerable to privileged-insider attack, stolen smart card attack and user impersonation attack, and it does not support formal security verification using AVISPA tool.…”

Section: Functionality Comparisonmentioning

confidence: 99%

“…Communication overhead Lee et al (2014) 3 messages (2880 bits) Li et al (2015) 4 messages (2240 bits) Chen et al (2015) 3 messages (1280 bits) Pippal et al (2013) 3 messages (5056 bits) Wei et al (2014) 3 messages (2994 bits) Ours 2 messages (2592 bits)…”

Section: Fig 4 -Role Specification In Hlpsl For the Servermentioning

confidence: 99%

“…Lee et al (2012) presented an improved dynamic identity based remote user authentication protocol suitable for multiserver environment, which relies on one-way hash function h(·) and bitwise XOR operation. Lee et al (2014) also presented another improved multi-server authentication and key agreement protocol using the extended chaotic-map. However, their scheme is inefficient in login and session-key agreement phase because during the login phase the user credentials such as password are not locally verified by the smart card, and if the user enters the password incorrectly by mistake, it is detected at the server side.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Design of a secure smart card-based multi-server authentication scheme

Chaturvedi

Das

Mishra

et al. 2016

Journal of Information Security and Applications

View full text Add to dashboard Cite

“…Focusing on the multi-server environment, in the last decade, some authors have introduced smart card based authentication schemes which migrate verification parameters to a personal device [2][3][4][5][6][7][8][9][10][11]. Lin et al [2] proposed an offline password changing scheme utilizing time stamps and the discrete logarithm problem.…”

Section: Introductionmentioning

confidence: 99%

An Untraceable Biometric-Based Multi-server Authenticated Key Agreement Protocol with Revocation

Chang

Nguyen

2016

Wireless Pers Commun

View full text Add to dashboard Cite

Online access has been widely adopted to distribute diversified services to customers. In this architecture, public channels are utilized to exchange information between end users and remote servers at anytime and anywhere. To achieve confidentiality and integrity for transferred data, the related parties have to authenticate each other and negotiate a secret session key to encrypt and decrypt exchanged messages. Since the Lamport's pioneering authentication work in 1981, numerous mechanisms have been proposed to enhance security as well as reduce computation and payload data. Recently, Chuang and Chen proposed a multi-server authenticated agreement protocol employing a smart card and biometric data to eliminate the weaknesses caused by parameters related to low-entropy human-memorable passwords that are stored in a physical location. However, Mishra et al. showed that Chuang and Chen's protocol is not only vulnerable to multiple attacks but also suffers from the drawback of variation of biometric data. To overcome these weaknesses, they proposed an enhanced three-factor authenticated key agreement protocol using the low-error rate Biohashing technique. Unfortunately, we found that Mishra et al.'s scheme is also vulnerable to the denial-of-service attack, the traceable user attack, the impersonation attack, and the pre-shared key attack. Furthermore, the protocol does not provide any user revocation mechanism to control user accesses. In this novel untraceable authenticated key agreement scheme, we adopt the Hamming distance to verify encrypted Biohash codes and a public-key technique to construct the revocation mechanism. Our scheme achieves not only zero errors of biometric verification but also secure against all known attacks.

show abstract

An extended chaotic-maps-based protocol with key agreement for multiserver environments

Cited by 52 publications

References 32 publications

An improved lightweight multiserver authentication scheme

An improved lightweight multiserver authentication scheme

Design of a secure smart card-based multi-server authentication scheme

An Untraceable Biometric-Based Multi-server Authenticated Key Agreement Protocol with Revocation

Contact Info

Product

Resources

About