Design of a secure smart card-based multi-server authentication scheme

详细信息    查看全文

• 作者：Ankita Chaturvedi^a ; Ashok Kumar Das^b ; ^{iitkgp.akdas@gmail.com" class="auth_mail" title="E-mail the corresponding author} ; ^{ashok.das@iiit.ac.in" class="auth_mail" title="E-mail the corresponding author} ; Dheerendra Mishra^c ; Sourav Mukhopadhyay^a
• 关键词：Multi-server environment ; Authentication ; Smart card ; Security ; BAN logic ; AVISPA
• 刊名：Journal of Information Security and Applications
• 出版年：2016
• 出版时间：October 2016
• 年：2016
• 卷：30
• 期：Complete
• 页码：64-80
• 全文大小：1595 K

文摘

Traditional two party client server authentication protocol may not provide a scalable solution for present network environments where personal and ubiquitous computing technologies are involved as it is now becoming multi-server based. To achieve efficient authorized communication, multi-server based authentication protocols have been designed. The key feature of multi-server based protocols is one time registration. We study the existing multi-server based authentication protocols, and identify that many of the multi-server based authentication protocols involve control server in mutual authentication or trusted server environment is required. The involvement of central authority in mutual authentication may be a bottleneck for large network, and the servers may be semi-trusted. To erase these drawbacks, Wei et al. recently proposed a multi-server based authentication protocol. Their protocol does not require all servers to be trusted and involvement of control server in mutual authentication. Unfortunately, we identify the security vulnerability of Wei et al.'s scheme to insider attack and password guessing attack. Additionally, lack of pre-smart card authentication leads to denial of service attack. To enhance the security of Wei et al.'s protocol, we propose a secure biometric-based authentication scheme for multi-server environment using smart card. We simulate the proposed protocol for the formal security verification using the widely accepted AVISPA (Automated Validation of Internet Security Protocols and Applications) tool to show that our scheme is secure against active and passive attacks. In addition, we prove that our proposed scheme provides mutual authentication using the widely-accepted Burrows–Abadi–Needham (BAN) logic and is also secured against various well known attacks. In addition, our scheme is efficient in terms of computational and communication overheads as compared to Wei et al.'s scheme and other existing related schemes.