Cryptanalysis and Extended Three-Factor Remote User Authentication Scheme in Multi-Server Environment

Chandrakar, Preeti; Om, Hari

doi:10.1007/s13369-016-2341-x

Cited by 28 publications

(13 citation statements)

References 33 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…To enhance the security, Mishra et al also devised a 3‐factor–based remote user authentication protocol. In recent times, many 3‐factor–based remote authentication schemes have been devised in the literature . But the bulk of remote user authentication schemes are unsafe against various security threats.…”

Section: Related Workmentioning

confidence: 99%

“…

scriptA

can obstruct the public messages over an unreliable channel, and then she/he can easily alter, replay, or delete these messages.

scriptA

cannot eavesdrop or intercept any communication message over a reliable channel. An attacker/adversary acts as a genuine user or vice versa. A server insider can reveal the privileged information of the server to

scriptA

or can himself behave as

scriptA

scriptA

can easily guess a low‐entropy identity or password individually, but the polynomial equation rule is violated for guessing 2 confidential data (password and identity) at the same time. If the length of identity I D i and password P W i are n characters each, then the guessing probability of an n ‐character‐long string is approximately 1/2 6 n All the protocols are publicly known in an authentication system. …”

Section: Related Workmentioning

confidence: 99%

“…This section presents formal security verification using a random oracle model to certify that the proposed protocol is more flexible. Some formal definitions for getting about the random oracle have been defined in other works, and we apply the same security verification procedure as in these works to prove the theorems.

…”

Section: Formal Security Analysismentioning

confidence: 99%

“…Moreover, outsider

scriptA

attempts to guess I D i and P W i ; he/she is required 4 unknown values { I D i , P W i , x , R } at the same time. The guessing probability is approximately equivalent to 1/2 12 n +160+1024 , where 160 is the length of the random number R and 1024 is the length of the secret key x . The guessing probability to find I D i and P W i from the Q i parameter is negligible. The outsider

scriptA

cannot obtain P W i and I D i from the parameter C i because of the 1‐way secure hash function.…”

Section: Informal Security Analysismentioning

confidence: 99%

See 3 more Smart Citations

An extended ECC‐based anonymity‐preserving 3‐factor remote authentication scheme usable in TMIS

Chandrakar

2018

Int J Communication

Self Cite

View full text Add to dashboard Cite

A telecare medicine information system (TMIS) helps in providing an efficient communication platform to patients from home to consult doctors at a clinical center. In TMIS, the patient's confidentiality, security, and mutual authentication are very crucial; so remote authentication plays a vital role for verifying the legitimacy of patients. Recently, Amin and Biswas have devised a remote authentication protocol for TMIS, claiming it to be secured from various malicious vulnerabilities. We examine this protocol and find that it is not able to withstand many attacks that include off-line and online password-guessing, identity-guessing, user impersonation, privileged insider, and known session key temporary information attacks. We propose a 3-factor-based authentication protocol for TMIS by overcoming these security shortcomings. We present its security verification in formal and informal ways, which assert its resistivity against various security threats. We use the Burrows-Abadi-Needham logic for validating it, and with the Automated Validation of Internet Security Protocols and Applications tool, it is simulated. Further, the performance evaluation and the security functionalities justify high degree of security with efficient complexity.

show abstract

Section: Related Workmentioning

confidence: 99%

“…

scriptA

can obstruct the public messages over an unreliable channel, and then she/he can easily alter, replay, or delete these messages.

scriptA

scriptA

or can himself behave as

scriptA

scriptA

Section: Related Workmentioning

confidence: 99%

…”

Section: Formal Security Analysismentioning

confidence: 99%

“…Moreover, outsider

scriptA

scriptA

cannot obtain P W i and I D i from the parameter C i because of the 1‐way secure hash function.…”

Section: Informal Security Analysismentioning

confidence: 99%

See 2 more Smart Citations

An extended ECC‐based anonymity‐preserving 3‐factor remote authentication scheme usable in TMIS

Chandrakar

2018

Int J Communication

Self Cite

View full text Add to dashboard Cite

show abstract

“…[5][6][7][8][9] In a single-server environment, for accessing different servers, one needs to remember many pairs of different secret pieces of information (e.g., user identity and password), which is the main issue in such environment. In order to overcome this limitation, various authentication schemes for multiserver environments have been designed, 4,[10][11][12][13][14][15] where one can access numerous application servers without separately registering at each and every server.…”

Section: Introductionmentioning

confidence: 99%

Cryptanalysis and improvement of a biometric‐based remote user authentication protocol usable in a multiserver environment

Chandrakar

2017

Trans Emerging Tel Tech

Self Cite

View full text Add to dashboard Cite

Recently, Amin and Biswas have discussed a bilinear pairing–based three‐factor remote user authentication protocol, claiming it to be secured against various attacks. We scrutinize this protocol and find that it is vulnerable to identity guessing attack, password guessing attack, user untraceability attack, user‐server impersonation attack, new smart card issue attack, and privileged insider attack. In this paper, we propose an elliptic curve cryptography and biometric‐based remote user authentication protocol for a multiserver environment by overcoming these drawbacks. We conduct its informal and formal security analysis to show that it resists all known security attacks. The Burrows‐Abadi‐Needham (BAN) logic verifies that our protocol facilitates mutual authentication and session key agreement securely. We simulate it using the Automated Validation of Internet Security Protocols and Applications (AVISPA) tool to certify that it can be protected from passive and active threats, including replay and man‐in‐the‐middle attacks. Furthermore, the proposed protocol provides more security attributes and better complexity in terms of smart card storage cost, computation cost, estimated time, and communication cost, as compared with the related existing protocols.

show abstract

An efficient three factor–based authentication scheme in multiserver environment using ECC

Ali

Pal

2017

Int J Communication

View full text Add to dashboard Cite

Recently, Li et al have developed a smartcard-based remote user authentication scheme in multiserver environment. They have claimed that their scheme is secured against some possible cryptographic attacks. However, we have analyzed that the scheme of Li et al cannot preserve all the proclaimed security goals, which are given as follows: (1) It is not withstanding password-guessing, user impersonation, insider, and smartcard theft attacks, and (2) it fails to facilitate user anonymity property. To remedy these above-mentioned security flaws, we have proposed an efficient three factor-based authentication scheme in a multiserver environment using elliptic curve cryptography. The Burrows-Abadi-Needham logic is used to confirm the security validation of our scheme, which ensures that it provides mutual-authentication and session-key agreement securely. Then, the random oracle model is also considered to analyze the proposed scheme, and it shows that the backbone parameters, ie, identity, password, biometrics, and the session key, are secure from an adversary. Further, the informal security analysis confirms that the suggested scheme can withstand against some possible mentioned attacks. Later, the Automated Validation of Internet Security Protocols and Applications tool is incorporated to ensure its security against passive and active attacks. Finally, the performance comparison of the scheme is furnished to confirm its enhanced security with other relevant schemes. KEYWORDSAVISPA, BAN logic, cryptographic attacks, random oracle model, three-factor authentication Int J Commun Syst. 2018;31:e3484.wileyonlinelibrary.com/journal/dac

show abstract

Cryptanalysis and Extended Three-Factor Remote User Authentication Scheme in Multi-Server Environment

Cited by 28 publications

References 33 publications

An extended ECC‐based anonymity‐preserving 3‐factor remote authentication scheme usable in TMIS

An extended ECC‐based anonymity‐preserving 3‐factor remote authentication scheme usable in TMIS

Cryptanalysis and improvement of a biometric‐based remote user authentication protocol usable in a multiserver environment

An efficient three factor–based authentication scheme in multiserver environment using ECC

Contact Info

Product

Resources

About