Secure and Energy-Efficient Key-Agreement Protocol for Multi-Server Architecture

04/19/2020
by   Trupil Limbasiya, et al.
BITS Pilani
0

Authentication schemes are practised globally to verify the legitimacy of users and servers for the exchange of data in different facilities. Generally, the server verifies a user to provide resources for different purposes. But due to the large network system, the authentication process has become complex and therefore, time-to-time different authentication protocols have been proposed for the multi-server architecture. However, most of the protocols are vulnerable to various security attacks and their performance is not efficient. In this paper, we propose a secure and energy-efficient remote user authentication protocol for multi-server systems. The results show that the proposed protocol is comparatively  44 communication cost. We also demonstrate that with only two-factor authentication, the proposed protocol is more secure from the earlier related authentication schemes.

READ FULL TEXT VIEW PDF

Authors

page 1

page 2

page 3

page 4

06/27/2022

Comment on "Provably secure biometric-based client-server secure communication over unreliable networks"

In key agreement protocols, the user will send a request to the server a...
10/13/2021

Privacy-Preserving Mutual Authentication and Key Agreement Scheme for Multi-Server Healthcare System

The usage of different technologies and smart devices helps people to ge...
11/03/2017

Design and Analysis of a Secure Three Factor User Authentication Scheme Using Biometric and Smart Card

Password security can no longer provide enough security in the area of r...
11/29/2017

Secure Encryption scheme with key exchange for Two server Architecture

In the distributed environment, authentication and key exchange mechanis...
01/29/2021

Detection and Prevention of New Attacks for ID-based Authentication Protocols

The rapid development of information and network technologies motivates ...
06/29/2021

How many FIDO protocols are needed? Surveying the design, security and market perspectives

Unequivocally, a single man in possession of a strong password is not en...
05/20/2022

Vulnerability Analysis and Performance Enhancement of Authentication Protocol in Dynamic Wireless Power Transfer Systems

Recent advancements in wireless charging technology, as well as the poss...
This week in AI

Get the week's most popular data science and artificial intelligence research sent straight to your inbox every Saturday.

1 Introduction

In today’s emerging world, the Internet has become more and more popular for its various facilities, and it is extensively used in government organizations, smart city applications, education sectors, business, private sectors, etc. Further, there are many applications in which users should get diverse services from different systems remotely, e.g., banking system, healthcare, smart agriculture, smart grid, home automation, etc. Consequently, the network has become highly sophisticated and demanding. Hence, it is not easy to fulfill all users’ requirements at the same time, and it leads to the provision of multi-server based system through which applicants can get services any time without any interruption.

In general, server and user should authenticate each other before transmitting/delivering resources to prevent various attacks in a public environment. Therefore, a secure and efficient authentication scheme is required to confirm the legitimacy of the server and a user. In most of the systems, both (user and server) practice the authentication process before starting a communication [1], [2], [3], [4]. Fig. 1 shows a user-server connection representation for a multi-server environment in which various users are connected to different servers to obtain facility. These servers are typically synchronized with each other, and a user has a smart card to get authenticated by the server. In this scheme, a user cannot connect to multiple servers at the same time, but he/she can establish a connection with different servers alternatively as shown in Fig. 1.

Figure 1: User-server mutual authentication overview in multi-server based structure

1.1 Related Works

Li et al. [5]

suggested an authentication system based on an artificial neural networks to resist a replay attack for the multi-server architecture. Lin et al.

[6] recommended a new authentication protocol to protect a modification attack and a replay attack. Tsaur et al. [7] noticed that an off-line password guessing is feasible in their previous scheme and thus, they designed an improved authentication method to prevent an off-line password guessing attack. However, they ([5], [6], and [7]) used the Diffie–Hellman key exchange concept for the encryption and decryption. Therefore, these schemes are vulnerable to man-in-the-middle, impersonation attacks. Besides, they requires high computational time to perform all necessary operations.

Juang [8] suggested a mutual authentication and key agreement system for the multiple server framework with low computation and communication cost. Besides, this scheme has various merits, i.e., only one-time registration, no need of a verification table, freely chosen password by a user, mutual authentication, low communication and computation cost. However, they used the symmetric key concept to design an authentication protocol [8] and thus, there is a key challenge to share the encryption/decryption key between the server and a user. Besides, the encrypted secret key is saved in a smart card. For all these reasons, the scheme [8] is vulnerable to smart card lost, replay, impersonation, and man-in-the-middle attacks.

Liao and Wang [9] proposed an authentication protocol to resist distinct attacks (replay, insider, server spoofing, and stolen verifier). However, Hsiang and Shi [10] found a server spoofing attack is feasible in [9] as discussed in [10]. To overcome server spoofing and session key attacks, they [10] suggested an enhanced remote user authentication method for the multi-server structure. In 2014, Lee et al. [11] came up with an extensive chaotic based authentication mechanism to prevent various attacks (plain-text, insider, impersonation, and replay). However, it is vulnerable to denial of service and session key attacks. Besides, both (server and user) need to exchange messages three times to establish a connection for services. Subsequently, Banerjee et al. [12] observed that smart card lost and user impersonation attacks are present in earlier authentication schemes. Then, they proposed a smart card-based anonymous authentication system to prevent security attacks, e.g., user impersonation, smart card lost, forward secrecy, and insider. In 2016, Sun et al. [13] noticed some loopholes in [12], i.e., smart card lost, replay, user impersonation, session key, and password guessing. Accordingly, they advised an authentication mechanism using dynamic identity to protect against various attacks (user impersonation, replay, insider, smart card lost, session key, and password guessing). However, we identify that the scheme [13] is still vulnerable to some attacks, e.g., smart card lost, off-line password guessing, and replay.

Li et al. [14] found security concerns (no single registration, no password update support, and spoofing) in [11] and proposed a chaotic based key-agreement scheme for enhancing security features. However, Irshad et al. [16] found security drawbacks (password guessing, stolen smart card, and user impersonation) in [14]. In addition, they proposed an advanced system to resist identified security concerns in [16]. However, Irshad et al.’s scheme [16] requires high computational time, storage cost, and communication overhead. Jangirala et al. [15] noticed some security issues in earlier system and advised an extended authentication protocol to enhance security. They also stated that the scheme [15] is resistant to multiple attacks (password guessing, stolen smart card, replay, man-in-the-middle, server spoofing, and forgery), but this scheme is weak in performance. Recently, Ying and Nayak [17] suggested a remote user authentication mechanism for multi-server architecture using self-certified public key cryptography to improve performance results, but this protocol is susceptible to different attacks, i.e., smart card lost, impersonation, replay, password guessing, session key disclosure, and insider. Moreover, comparatively it requires more computational resources.

1.2 Contributions

From the literature survey ([11] - [17]), we notice that most of authentication methods are vulnerable to different security attacks and they need more computational resources for the implementation. Thus, we understand that a secure and efficient remote user verification protocol is required for the multi server-based system to provide on-time services and to resist against various security attacks. Therefore, we propose an energy-efficient and more secure remote user authentication scheme, and our contributions are as follows in this paper.

  • Design an advanced energy-effective mutual authentication protocol.

  • Security discussions to check strengths against different attacks, e.g., password guessing, replay, impersonation, insider, session key disclosure, smart card lost, and man-in-the-middle.

  • Present performance analysis for the proposed method and do the comparison with relevant authentication schemes for different performance measures.

The paper is structured as follows. In section 2, we explain the system architecture and the adversary model is described in section 3. In section 4, we propose an advanced authentication protocol using a smart card for multi-server based system. Section 5 discusses performance and security analysis of the suggested system. Then, we do a comparison of the suggested protocol with other related authentication schemes in terms of security and performance. We summarize our conclusions in section 6.

2 System Architecture

The registration authority (RA), smart cards, smart card readers, and servers are components in the multi-server system. Users access resources from the server after proving their legitimacy and this data access can be carried out using a smart card through a smart card reader. The RA is a trusted authority in order to register a new user and to provide a legal smart card to that user. Servers are used to provide resources to the legal users and it is highly configured in security, processing power, and storage. A smart card is used to store some important values and these parameters help its owner to get resources/services from the server. In general, a smart card is used to establish a secure connection between a user and the server or to update a user password. The multi-server architecture based system is classified into three phases as (1) registration (2) login and authentication (3) password update. The registration phase is initiated by a new user to become a legitimate person of the system via a secure medium. The login and authentication phase is executed in the interest of a user to access resources from the server over a public channel. The password update phase is performed to change/update a user password via an insecure channel. Fig.

2 shows an extensive system model overview for different phases by involving different actors.

Figure 2: The system architecture

3 Adversary Model

We consider an adversary model according to [2], [3], [4] for mutual authentication system between a user and the server in a public environment. Accordingly, an attacker has the following capabilities.

  • An adversary can read/delay/re-transmit packets (transferred over a public channel).

  • An attacker has the ability to extract parameters from a smart card. And this is feasible after stealing a smart card or getting a lost smart card.

  • An adversary can modify messages, which are transmitted through an insecure medium.

  • An attacker can send a forged login request in a polynomial time.

Notations Explanations
A user
’s identity
’s password
A server
’s smart card
A smart card reader
Random nonce
A server’s secret key
’s secret key generated by RA
A session key at end
A session key at side
The list of user identities
The list of computed values
An adversary/attacker
Bit-wise XOR operation
Concatenation operation
One-way hash function
A threshold delay fixed at time
Generated time-stamp at time
Table 1: List of different symbols

4 The Proposed Scheme

We suggest an energy-efficient remote user authentication protocol for multi-server based system to resist various security attacks. The proposed scheme consists of four phases, (1) server registration, (2) user registration, (3) login and authentication, and (4) user password update as follows.

4.1 Server Registration

In the multi-server architecture, different servers should be registered with the registration authority (RA) via an online secure channel. The server registration process is as follows.

  1. A server () chooses an identity () and password (), and random nonce (). Then, computes and sends {} to the RA.

  2. The RA confirms the availability of and if it is, then the RA does ., and saves , , , in the ’s secure storage.

4.2 User Registration

A new user () of the system should enroll with the registration authority (RA) once to become a legal user over a secure channel. gets a smart card () after completing the registration process successfully and this helps to get logged into the system for services. This phase is also shown in Fig. 3.

  1. selects , , and calculates , . Then, sends {} to the RA over a secure channel.

  2. The RA generates a random nonce (say for ) and enumerates , , , . After that, it saves , into and into the database securely. Next, the RA sends to via a secure medium.

 
Chooses , ,
Computes…
  
  
                     
                        Secure channel
Generates & Enumerates…
                    
                       Secure medium
Figure 3: The proposed registration phase

4.3 Login and Authentication

When wants to access service(s) from the server (), this phase is executed between a smart card reader () and . For this, / performs following steps. Fig. 4 presents the proposed login and authentication phase.

  1. puts , , and into . Then, computes , , , , . Now, checks the correctness by comparing and . If both are equal, generates and enumerates , , , , . Then, it sends {} to publicly.

  2. confirms the validity of {} by calculating . If it is valid, then it computes , , , , . Further, performs for the verification. continues to the next step in case of equality. Otherwise, it ends the session immediately.

  3. generates and enumerates , . Subsequently, it transfers {} to .

  4. calculates to check its freshness. And it computes , and verifies by comparing with . If it holds, then and generates a session key as . Ultimately, and communicate based on this session key for a limited period.

4.4 Password update

The password change is a facility for the system users to update their for different reason(s) later. For this, should imitate following steps.

  1. inserts , , and into . Then, enumerates , , , , . Now, performs to confirm equality. If it holds, asks for a new password () and computes , , , , . After that, replaces , , and by , , into . Finally, will have updated .

 
Inserts &
Enumerates…
  Generates
                             
                                  Open Channel
Generates
                             
                                Open Channel
Calculates…
Figure 4: The proposed login and authentication

5 Analysis of the Proposed Scheme

After proposing an advanced authentication system, we do analysis on this protocol to verify security robustness and performance efficiency. For this confirmation, we have discussed security analysis and performance analysis as below.

5.1 Security Analysis

We explain various security attacks and how the proposed system is resistant to different attacks. Then, we compare security robustness of the suggested scheme with other related authentication mechanisms ([11], [12], [13], [14], [15], [16]).

5.1.1 Password Guessing

If an adversary () can identify the correctness of a guessed password (), then a password guessing attack is possible. sends {} to over an open channel. Therefore, has access to these parameters. To become a successful in this attack, needs to compare at least with one variable in which has been used and that parameter should be available publicly. is computed using indirectly and thus, has an opportunity to know correctness of if he or she can get/derive/compute . For this, requires , , . However, and are generated randomly at end, and these random values are only known to . Therefore, it is difficult to obtain and exactly. Further, does not have essential credentials ( and ) to compute . Hence, it is infeasible to derive by having only . Consequently, has no opportunity to compare . For this reason, cannot apply a password guessing attack in the suggested system.

5.1.2 User Impersonation

A user impersonation attack is feasible if has a favorable plan to create a fake login request, and it should be accepted by . For this, should know or compute , , , in the proposed model. First of all, is used in and . Therefore, needs to compute these variables ( and ) to forge a login request. As a result, s/he requires some amount of time to forge a request or generate a fake login request in future. Accordingly, s/he should use fresh time-stamp (say ). In order to work out for forged parameters ( and ), needs , , . Here, is calculated as and hence, should know and additionally. In the proposed method, and are randomly generated numbers. Moreover, is not able to enumerate and due to unavailability of essential credentials (, , , and ). For these reasons, an adversary cannot obtain required credentials anyhow and thus, s/he is restricted to forge and . Additionally, confirms the validity of a login request. As a result, fails to make feasible a user impersonation attack in the proposed method.

5.1.3 Replay

In the proposed scheme, we have used the concept of a time-stamp to identify transaction time. Here, sends {} to over an open medium and transfers {, , } to via an insecure channel. Thus, can attempt to stop or delay this request/response. However, confirms validity of {} by executing . Similarly, proceeds further after verifying (by calculating ) the reasonableness of {, , }. If does not get a response message from within a reasonable time, then understands that has tried to interrupt {} and after that, terminates the session directly. It means that if tries to perform a replay attack, it will be identified at the receiver side. Additionally, cannot change in the request or in the response message because these time-stamps are used in , , and these parameters are confirmed at the receiver end. Furthermore, does not have essential credentials to calculate , , . After these considerations, an adversary is not able to perform a replay attack in the advised protocol.

5.1.4 Smart Card Lost

This attack is applicable if can deal with mutually and successfully after sending a bogus login request. We assume that a legitimate user () can lose his/her or someone can steal . Therefore, has knowledge of variables (, , ) and common channel parameters (, , , , , , , ) according to the suggested protocol for this attack. Here, should compute a login request in such a way on which should be agreed to process further. sends {} to as a login message. These values are calculated as , , . Now, needs , , for enumerating and . But does not find any proficiency to obtain/calculate these credentials without knowing , , , , and (see Section 5.1.2). Additionally, checks freshness of a received login request. If is beyond , then discards that request immediately. Hence, cannot proceed to generate a valid login request and this stops to an adversary for further process. In this fashion, the proposed model is protected against a smart card lost attack.

5.1.5 Session key disclosure

If can generate/compute a valid session key, then there is a possibility of a session key disclosure attack. A session key is calculated as in the suggested scheme. Thus, should know , and in order to compute it illegally. We consider that and are identity values of and and thus, these variables are known to generally. Next, is the difference between and . Hence, it is also available to an attacker. However, does not have , , , and . In the proposed method, , , and are random numbers and these are only known to and for a limited time and for this session only. Further, both ( and ) are agreed on and for a fixed period. Accordingly, it is hard to know/get these random values. In the proposed method, is computed as and therefore, cannot calculate correctly without having . For these reasons, is unable to proceed for a session key ( / ) anyway. After this analysis, a session key disclosure attack is not feasible in the proposed system.

5.1.6 Man-in-the-middle

If a person can understand transmitted request/response messages in public environment, then this attack is considerable. In the proposed mechanism, transmits {} to and responses to as {, , } through an open channel. Therefore, can know , , and based on these transactions. is a user’s identity and it can be identifiable generally. and are time-stamps and these time-stamps are not profitable to effectively because and are valid for a limited period only. Accordingly, both ( and ) do not consider / for further process or do not accept any request/response beyond /. Next, needs other vital credentials (e.g., , , ) to understand , , and . Similarly, requires , , , for and . But cannot obtain these private values based on public channel parameters. Consequently, an attacker fails to work out for a man-in-the-middle attack in the suggested method.

5.1.7 Insider

If an authorized user can compute a valid login request using his/her own credentials for another legal user, then an insider attack can be applied in the system. We consider two legitimate users ( and ) in the proposed scheme and acts an adversary to impersonate . has his/her and s/he knows values (). In general, sends a login request to via a public channel. Therefore, has knowledge of . To get access of system resources behalf of , needs to compute a fake login request freshly and this request should be accepted by to generate a session key mutually. For this, should enumerate , , and correctly so that will be agreed on these values legitimately. should know (for ), (for ), and (for ). We have already described that cannot get (see Section 5.1.2). Similarly, is not able to get relevant credentials. Additionally, a time-stamp is used in the suggested method. Next, is a random nonce and it is not known to anyone in the proposed system. Further, is concatenated with and then, has performed a one-way hash operation. Accordingly, it is difficult to know of . In this fashion, fails to calculate a bogus login request. Thus, the suggested scheme can withstand to an insider attack.

Security Attributes
Schemes A1 A2 A3 A4 A5 A6 A7 A8 A9
Lee et al. [11] Yes No
Banerjee et al. [12] Yes No
Sun et al. [13] Yes No
Li et al. [14] Yes No
Jangirala et al. [15] Yes No
Irshad et al. [16] No Yes
Ying and Nayak [17] Yes No
Proposed Yes No

A1: Smart card lost; A2: Impersonation; A3: Password guessing;
A4: Replay; A5: Session key disclosure; A6: Man-in-the-middle;
A7: Insider; A8: Two-factor authentication; A9: Three-factor authentication;
: Secure; : Vulnerable; : Insecure without biometric-identity;
Table 2: Security features of various authentications protocols

Table 2 shows a comparison in terms of different security attributes. A smart card lost attack is feasible in [12], [13], [14], [15]. Authentication schemes ([11], [12], [13]) are vulnerable to an impersonation attack. An adversary has an opportunity to confirm a guessed password in [11], [12], [13], [14], [15] easily. The schemes ([13], [14], [15], [16]) cannot withstand against a replay attack. A session key disclosure attack can be performed in [12], [14], and [16]. Banerjee et al.’s scheme [12] is also weak against a man-in-the-middle attack. A legitimate person acts as an adversary to perform an insider attack in [12] and [13]. A biometric identity is used in [16] to enhance security but it fails to resist attacks (replay and session key disclosure). Additionally, if we consider that a biometric identity can be forged, then two other attacks (smart card lost and a password guessing) are partially possible in [16]. In this way, various authentication schemes ([11], [12], [13], [14], [15], [16]) are insecure against various attacks. However, the proposed scheme can withstand against different security attacks as mentioned in Table 2. Further, the suggested protocol can achieve this security level using two-factor authentication only. Therefore, the proposed method is more secure compared to other schemes.

Schemes Registration Login and Authentication
Lee et al. [11] (1.74 ms) (132.62 ms)
Banerjee et al. [12] (4.06 ms) (9.86 ms)
Sun et al. [13] (3.48 ms) (10.44 ms)
Li et al. [14] (1.74 ms) (137.26 ms)
Jangirala et al. [15] (4.06 ms) (13.34 ms)
Irshad et al. [16] (1.74 ms) (143.06 ms)
Ying and Nayak [17] (77.76 ms) (269.26 ms)
Proposed (1.74 ms) (5.80 ms)
Table 3: Execution Cost Comparison for different verification schemes

5.2 Performance Analysis

We explain different performance measure, i.e., execution time, storage cost, and communication overhead. Then, we present outcomes of various remote user authentication mechanisms based on these performance parameters.

5.2.1 Execution Time

It is depended on the total number of needed cryptographic operations to carry out the authentication procedure. In this computational cost, most of the verification schemes have used four different cryptographic functions, e.g., one-way hash (), elliptic curve cryptography (), concatenation (), chebyshev chaotic (), and Ex-OR (). Generally, these operations expect some amount of time in the execution. We consider the running time based on a specific system configuration, i.e., the Ubuntu 12.04.1 32-bit OS, 2 GB RAM with Intel 2.4 GHz CPU [16]. The pairing-based cryptography library is inherited for cryptographic operations. After noting down a running time of these functions, we do not include a computing time for and because they need highly negligible time to accomplish an operation compared to other functions (, , and ). Therefore, we consider only , , and for the implementation time and these functions expect 0.58 milliseconds (ms), 37.72 ms and 21.04 ms respectively. The comparability between varied authentication schemes ([11], [12], [13], [14], [15], [16], and the suggested method) is appeared in Table 3. In general, the registration phase is executed once only but the login and authentication process is performed when a legitimate user wants access system resources. Therefore, we mainly focus on the execution time of the login and authentication phase. After looking requirement of different cryptographic functions in Table 3, Banerjee et al.’s scheme [12] takes less execution time (i.e., 9.86 ms) compared to other authentication methods ([11], [13], [14], [15], [16], and [17]). Next, the scheme [13] requires 10.44 ms to complete the login and authentication phase. Although these protocols ([12] and [13]) are vulnerable to various attacks (see Table 2). However, the suggested method can be implemented in 5.80 ms and it is safe against different security attacks (see Section 5.1). Thus, the proposed protocol can be executed rapidly rather than other mentioned authentication systems.

5.2.2 Storage Cost

During the registration or the initialization phase, the registration authority stores some credentials into and for this, the system needs to reserve a specified number of bytes. An identity/random nonce variable needs 8 bytes, a chebyshev chaotic function requires 16 bytes, elliptic curve (EC) needs 64 bytes, and 32 bytes (SHA-2) are expected as a storage cost. Lee et al.’s scheme [11] requires 2 (one-way hash), 1 (time-stamp), and 3 (identity/normal) variables. Banerjee et al.’s model [12] and Sun et al.’s system [13] need 5 (one-way hash) and 1 (identity) variables individually. Li et al.’s mechanism [14] expects 1 (time-stamp), 3 (one-way hash), and 2 (identity/normal)variables. 5 (one-way hash) and 2 (normal) parameters are needed in [15]. Irshad et al.’s protocol [16] requires 3 (one-way hash), 3 (identity/normal), and 1 (chebyshev chaotic) variables. The protocol [17] requires 3 (EC), 2 (one-way hash), and 1 (random nonce).

However, the suggested system needs to save only four (computed using a one-way hash) and one (normal) parameters. Fig. 5 shows required storage memory (in bytes) for various authentication models individually. In general, the system saves different credentials into the smart card once. Consequently, this is a one-time process only. Lee et al.’s scheme [11] needs 92 bytes in storage, which is 19 % less compared to the suggested method but the scheme [11] is weak to two security attacks (password guessing and impersonation) and it expects very high implementation time (see Table 3).

5.2.3 Communication overhead

In the login and authentication procedure, both (sender and receiver) transmits different parameters in order to generate a common session key and therefore, they require to spend essential bytes as a communication overhead. An identity variable needs 8 bytes, EC requires 64 bytes, a chebyshev chaotic function expects 16 bytes, a time-stamp requires 4 bytes, and 32 bytes (SHA-2) are needed for a one-way hash during the communication. Lee et al.’s method [11] can be performed using 3 (chebyshev chaotic) and 5 (one-way hash) parameters. The schemes ([12] and [13]) require 7 (one-way hash) variables separately. Li et al’s system [14] needs 1 (identity), 13 (one-way hash), and 4 (chebyshev chaotic) parameters. The scheme [15] can be carried out with 7 (one-way hash) variables. Irshad et al.’s system [16] expects 16 (one-way hash), 1 (identity), and 4 (chebyshev chaotic) parameters. Ying and Nayak’s scheme [17] needs 5 (EC), 1 (identity), and 2 (one-way hash).

However, the proposed protocol can be implemented using only three (identity), three (one-way hash), and two (time-stamp) variables. The communication cost comparison is shown in Fig. 5. Lee et al.’s scheme [11] requires 208 bytes for communication but the communication overhead is 38 % less in the suggested protocol compared to [11]. Thus, the proposed method needs less energy to provide services.

Figure 5: Communication and storage cost demand for distinct authentication systems.

5.2.4 Energy Consumption

During the authentication phase, the system takes a fixed amount of energy to execute various operations and to send different parameters. This is known as the energy consumption and it is measured in millijoule (mJ). The energy consumption is calculated as for the execution cost and for communication cost. Where, voltage power, current, the execution time, message size, and data rate (6100 Kbps). If the authentication protocol takes low execution time and less communication overhead, then it consumes less energy compared to other authentication schemes. The proposed protocol needs 5.80 ms as the execution time and 128 bytes in the communication, which are less compared to other authentication mechanisms ([11], [12], [13], [15], [16], and [17]). Therefore, the proposed scheme is also energy-efficient compared to other protocols.

6 Conclusion

We have proposed a secure and energy-efficient remote user authentication protocol for the multi-server based system. Security analysis of the proposed system is done, and it is shown that our model resists various attacks, i.e., password guessing, impersonation, insider, man-in-the-middle, replay, smart card lost, and session key disclosure even without biometric identity. After analyzing the performance, the results show that the suggested scheme is implemented at least 44 % more efficiently compared to relevant schemes. Further, the proposed system comparatively requires 42 % less communication overhead and 19 % less storage space. Accordingly, the proposed method consumes less energy in the authentication process. To make the multi-server authentication mechanism more attack-proof, we are working to enhance the security and efficiency of the multi-server authentication system, by analyzing meet-in-the-middle and side-channel attacks, etc.

References

  • [1] Lamport, L. (1981). Password authentication with insecure communication. Communications of the ACM, 24(11), 770-772.
  • [2] Messerges, T. S., Dabbish, E. A., and Sloan, R. H. (2002). Examining smart-card security under the threat of power analysis attacks. IEEE transactions on computers, 51(5), 541-552.
  • [3] Madhusudhan, R., and Mittal, R. C. (2012). Dynamic ID-based remote user password authentication schemes using smart cards: A review. Journal of Network and Computer Applications, 35(4), 1235-1248.
  • [4] Limbasiya, T., and Doshi, N. (2017). An analytical study of biometric based remote user authentication schemes using smart cards. Computers & Electrical Engineering, 59, 305-321.
  • [5] Li, L. H., Lin, L. C., and Hwang, M. S. (2001). A remote password authentication scheme for multiserver architecture using neural networks. IEEE Transactions on Neural Networks, 12(6), 1498-1504.
  • [6] Lin, I. C., Hwang, M. S., and Li, L. H. (2003). A new remote user authentication scheme for multi-server architecture. Future Generation Computer Systems, 19(1), 13-22.
  • [7] Tsaur, W. J., Wu, C. C., and Lee, W. B. (2005). An enhanced user authentication scheme for multi-server internet services. Applied Mathematics and Computation, 170(1), 258-266.
  • [8] Juang, W. S. (2004). Efficient multi-server password authenticated key agreement using smart cards. IEEE Transactions on Consumer Electronics, 50(1), 251-255.
  • [9] Liao, Y. P., and Wang, S. S. (2009). A secure dynamic ID based remote user authentication scheme for multi-server environment. Computer Standards & Interfaces, 31(1), 24-29.
  • [10] Hsiang, H. C., and Shih, W. K. (2009). Improvement of the secure dynamic ID based remote user authentication scheme for multi-server environment. Computer Standards & Interfaces, 31(6), 1118-1123.
  • [11] Lee, C. C., Lou, D. C., Li, C. T., and Hsu, C. W. (2014). An extended chaotic-maps-based protocol with key agreement for multiserver environments. Nonlinear Dynamics, 76(1), 853-866.
  • [12] Banerjee, S., Dutta, M. P., and Bhunia, C. T. (2015). An improved smart card based anonymous multi-server remote user authentication scheme. International Journal of Smart Home, 9(5), 11-22.
  • [13] Sun, Q., Moon, J., Choi, Y., and Won, D. (2016). An Improved Dynamic ID Based Remote User Authentication Scheme for Multi-server Environment. In Green, Pervasive, and Cloud Computing (pp. 229-242). Springer, Cham.
  • [14] Li, X., Niu, J., Kumari, S., Islam, S. H., Wu, F., Khan, M. K., and Das, A. K. (2016). A novel chaotic maps-based user authentication and key agreement protocol for multi-server environments with provable security. Wireless Personal Communications, 89(2), 569-597.
  • [15] Jangirala, S., Mukhopadhyay, S., and Das, A. K. (2017). A Multi-server environment with secure and efficient remote user authentication scheme based on dynamic ID using smart cards. Wireless Personal Communications, 95(3), 2735-2767.
  • [16] Irshad, A., Chaudhry, S. A., Xie, Q., Li, X., Farash, M. S., Kumari, S., and Wu, F. (2018). An enhanced and provably secure chaotic map-based authenticated key agreement in multi-server architecture. Arabian Journal for Science and Engineering, 43(2), 811-828.
  • [17] Ying, B., and Nayak, A. (2019). Lightweight remote user authentication protocol for multi-server 5G networks using self-certified public key cryptography. Journal of Network and Computer Applications, 131, 66-74.