Homeworks academic service


An id based multiple authentication scheme against

This is an open access article distributed under the Creative Commons Attribution Licensewhich permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited. Abstract The rapid development of information and network technologies motivates the emergence of various new computing paradigms, such as distributed computing, cloud computing, and edge computing.

To ensure these services can only be accessed conveniently by authorized users, many password and smart card based authentication schemes for multiserver architecture have been proposed. Recently, Truong et al. However, in this paper, we point out that their scheme suffers from offline password guessing and impersonation attack and fails to achieve security requirements of this kind of authentication scheme.

Moreover, we put forward a new scheme to conquer security pitfalls in the above scheme. Security analysis indicates that the proposed scheme can be free from well-known attacks.

Performance discussion demonstrates that our scheme has advantages in terms of both security property and computation efficiency and thus is an id based multiple authentication scheme against desirable for practical applications in multiserver environment. Introduction The authentication and key agreement protocol is one of fundamental building blocks for securing communications over the Internet. Roughly speaking, the above application scenarios can be abstracted to a user-server model.

Then, the service provider can ensure that the service can only be accessed by legitimate users; meanwhile, the user can believe that the service provider is legal. So far, there are many kinds of authentication scheme that are applicable to the user-server setting, such as certificate-based authentication scheme [ 12 ], identity-based authentication scheme [ 3 — 5 ], and password-based authentication scheme [ 67 ].

Among these variants of authentication scheme, password-based authentication scheme is particularly attractive due to its unique features, i. Specifically, in the context of this kind of authentication scheme, each user possesses a personal password, as the credential of accessing the service provider by a server.

  • User property being set to that identity;
  • In addition, it also increases the damage of password disclosure.

However, this also makes the scheme vulnerable to offline password guessing attack, especially when the verification table is disclosed. To conquer this issue, smart card is introduced into the design of password-based authentication scheme, which results in password and smart card based two-factor authentication scheme.

  • Simple form-based authentication relies as described in orchestrating multi-step authentication with ocsp apis to validate against multiple;
  • Note Specifying the default scheme results in the HttpContext;
  • AutomaticAuthenticate property to false.

Such an authentication provides stronger security guarantee; namely, even if the password or the smart card not the both gets exposed, the scheme can remain secure. Since the introduction of this kind of two-factor authentication scheme, a lot of schemes [ 8 — 14 ] based on different cryptography primitives have been proposed. Particularly, these schemes are designed for the single server environment. On the other hand, the rapid development of information and network technologies brings a number of new information systems, e.

To solve the access control problem in the setting of multiple service providers, we can concurrently implement multiple instances of a password and smart card based authentication scheme designed in the single server environment. However, an id based multiple authentication scheme against a system user, this will bring tremendous workload of managing passwords and smart cards issued by different service providers. In addition, it also increases the damage of password disclosure.

To improve the usability of password and smart card based authentication scheme, researchers propose to design this kind of authentication scheme for multiserver architecture. Specifically, Yeh [ 15 ] recently proposed such authentication scheme based on RSA cryptosystem and proved its security in the random oracle model. However, Truong et al. Furthermore, they proposed a new scheme to conquer these security pitfalls.

An id based multiple authentication scheme against

Their scheme is built upon elliptic curve cryptography and is claimed to be secure against various attacks. Unfortunately, in this paper, we will demonstrate that Truong et al. In addition, we also put forward a security enhanced password and smart card based authentication scheme in multiserver environment.

The security analysis and performance discussion indicate that our scheme has advantages in terms of both security property and computation efficiency and thus are more desirable for practical applications.

Related Work In 1981 Lamport [ 17 ] proposed the first password authentication scheme. This scheme is built upon cryptographically secure one-way hash function and has advantages of simplicity and convenience. However, it inevitably suffers from password guessing attack and the threat of the disclosure of the verification table.

To enhance the security of password-based authentication scheme, Chang and Wu [ 18 ] introduced password and smart card based two-factor remote user authentication scheme. Since then, a number of such schemes [ 19 — 27 ] have been proposed to improve the security and efficiency of this kind of authentication scheme. In general, these schemes fall into two types, i. The main drawback of using static identity is that publicly transmitted identity will reveal user privacy.

To conquer this issue, Das et al. However, Liao et al. Subsequently, although there are various similar schemes designed to fix security pitfalls in previous schemes, most of them [ 20 — 22 ] are still vulnerable to offline password guessing attack when the smart card is lost.

If we directly use those authentication schemes designed for the single server environment, then a user has to register with all of service providers, which will bring heavy workload for the user to manage all passwords and identities.

To solve this problem, Li et al. Subsequently, Lin et al. Moreover, Juang [ 31 ] further used hash function and symmetric encryption algorithm to decrease the computation cost of this kind of authentication.

Security and Communication Networks

However, Ku et al. To enhance the security of the above password-based authentication schemes for multiserver environment, in 2009 Liao and Wang [ 33 ] proposed the first password and smart card based authentication scheme in the multiserver environment using dynamic identity. But Hsiang and Shih [ 34 ] immediately noted that Liao et al.

Although Hsiang and Shih gave an improved scheme, Sood et al. Recently, motivated by security requirements from different areas, a few of new two-factor authentication schemes [ 151636 — 40 ] for multiserver environment have been put forward. These schemes are mainly built upon elliptic curve cryptosystem.

Selecting the scheme with policies

In addition, there are several works that introduce biometrics into the design of authentication scheme for multiserver environment. For example, Odelu et al. He and Wang [ 42 ] presented a biometrics-based three-factor authentication scheme for multiserver environment using elliptic curve cryptography.

Moreover, there are a few similarly schemes [ 43 — 46 ] that are put forward recently. Although there have been various multifactor authentication schemes for multiserver environment, how to design a secure and efficient authentication scheme remains challenging. Outline The remainder of this paper is organized as follows.

Section 2 briefly reviews Truong et al. Two kinds of practical attack against their scheme are provided in Section 3. We propose a security enhanced password and smart card based authentication scheme in multiserver environment in Section 4 and present the corresponding security analysis in Section 5.

  • The UseIdentity method is replaced with UseAuthentication;
  • To ensure these services can only be accessed conveniently by authorized users, many password and smart card based authentication schemes for multiserver architecture have been proposed;
  • Then, the service provider can ensure that the service can only be accessed by legitimate users; meanwhile, the user can believe that the service provider is legal;
  • Authentication schemes are named when authentication middlewares are configured during authentication;
  • Specifically, Yeh [ 15 ] recently proposed such authentication scheme based on RSA cryptosystem and proved its security in the random oracle model;
  • However, Ku et al.

Section 6 discusses the performance of the proposed scheme. Finally, we give the conclusion in Section 7. Review of Truong et al. We summarize the notations used throughout this paper in Table 1. Specifically, Truong et al. The notations used throughout this paper.

Registration Phase This phase consists of two parts, i.