Improved ECC-Based Three-Factor Multiserver Authentication Scheme

Wu, Tsu-Yang; Yang, Lei; Lee, Zhiyuan; Chen, Chien-Ming; Pan, Jeng-Shyang; Islam, SK Hafizul

doi:https://doi.org/10.1155/2021/6627956

Security and Communication Networks

On this page

Abstract Introduction Conclusion Data Availability Conflicts of Interest References Copyright Related Articles

Research Article | Open Access

Volume 2021 | Article ID 6627956 | https://doi.org/10.1155/2021/6627956

Improved ECC-Based Three-Factor Multiserver Authentication Scheme

Tsu-Yang Wu,¹Lei Yang,¹Zhiyuan Lee,¹Chien-Ming Chen,¹Jeng-Shyang Pan,¹and SK Hafizul Islam²

Academic Editor: Stelvio Cimato

Received20 Oct 2020

Revised25 Nov 2020

Accepted29 Dec 2020

Published19 Jan 2021

Abstract

A multiserver environment can improve the efficiency of mobile network services more effectively than a single server in managing the increase in users. Because of the large number of users, the security of users’ personal information and communication information is more important in a multiserver environment. Recently, Wang et al. proposed a multiserver authentication scheme based on biometrics and proved the security of their scheme. However, we first demonstrate that their scheme is insecure against a known session-specific temporary information attacks, user impersonation attacks, and server impersonation attacks. To solve the security weakness, we propose an improved scheme based on Wang et al.’s scheme. The security of our improved scheme is also validated based on the formal security analysis, Burrows–Abadi–Needham (BAN) logic, ProVerif, and informal security analysis. Security and performance comparisons prove the security and efficiency of our scheme.

1. Introduction

With the development of information technologies [1–8] and the widespread application of the Internet of Things [9–12], mobile communication has emerged in many network communication environments. The multiserver environments in mobile communication improve the efficiency of user communications; therefore, it is more popular than single-server environments for users. The multiserver environment overcomes the limited storage and computing of the single-server environment and can provide more remote services. A typical multiserver environment is shown in Figure 1.

Owing to the convenience of multiserver environments, authentication problems in the communication process cannot be disregarded. To date, three methods can be used to achieve user authentication in the environment. The first is password-based authentication [13–17]. This is the simplest method to perform authentication; however, an attacker can easily guess or steal a password from a party and impersonate as a valid user. The second is two-factor authentication, which is based on a password and a smart card [18–24]. Compared with password-based authentication, two-factor authentication improves security. However, if the smart card is stolen, then the information stored in the smart card may be recovered. This will result in well-known attacks, such as offline guessing attacks. In the past few years, Wang et al. have proposed some two-factor authentication schemes in different application scenarios. In 2014, they proposed an anonymous two-factor authentication scheme in a distributed system [19]. In the same year, they proposed an anonymous two-factor authentication scheme in a wireless sensor network [20]. In 2016, Wang et al. [25] compared and evaluated some representative two-factor authentication schemes and proposed a new evaluation standard for two-factor authentication schemes. In 2018, Wang et al. [26] proposed an evaluation framework for a two-factor authentication scheme for real-time data access in industrial wireless sensor networks and evaluated the relevant schemes. The third is three-factor authentication, which is based on passwords, smart cards, and biometrics [27–39]. In a public channel, an attacker may eavesdrop, modify, or replay transmitted messages. This poses a significant threat to the security of users. Because only the password- or smart card-based authentication scheme exhibits low security, applying biometrics to authentication schemes can overcome the insecurity of password- or smart card-based schemes. Therefore, a secure and efficient authentication scheme based on biometrics must be designed.

Compared with Rivest–Shamir-Adleman (RSA) or ElGaml cryptosystems, elliptic curve cryptography (ECC) provides a small key size and computation efficiency under the same security level. In recent years, several biometric-based authentication schemes based on ECC have been proposed. In 2013, Pippal et al. [27] proposed a three-factor authentication scheme in a multiserver environment and claimed that their scheme can overcome all types of network attacks. In 2014, He and Wang [28] proposed a multiserver environment authentication scheme based on robust biometrics, claiming that their scheme was the first three-factor authentication scheme applicable to multiserver environments. In 2015, Odelu et al. [30] reported that the scheme proposed in [28] was vulnerable to a known session-specific temporary information attack and an impersonation attack and hence did not provide strong user anonymity; therefore, they proposed a secure multiserver authentication protocol based on biometric technology using smart cards. In the same year, Li et al. [31] discovered that Pippal et al.’ s [27] scheme can provide incorrect authentication but could not overcome impersonation, stolen smart card, and internal attacks. Therefore, Li et al. [31] proposed an improved scheme to overcome the problems above. In 2017, Kumari et al. [32] proposed a provable secure multicloud server authentication scheme based on biometrics. However, in 2018, Feng et al. [33] discovered that the scheme presented in [32] could not guarantee user anonymity, three-factor security, perfect forward security, etc.; hence, they proposed a multiserver environment authentication scheme based on anonymous biometrics. In the same year, Ali and Pal [34] analyzed Li et al.’s [31] scheme and discovered that it could not overcome password-guessing, user impersonation, insider, and smart card theft attacks nor could they guarantee user anonymity. Ali and Pal [34] proposed a three-factor multiserver authentication scheme based on an elliptic curve cryptosystem to solve the abovementioned issues. Unfortunately, Wang et al. [36] discovered that the scheme presented in [34] was vulnerable to user impersonation, server impersonation, privileged insider, and denial-of-service attacks, among others, and could not provide both forward and three-factor confidentiality. Therefore, Wang et al. proposed an improved multiserver authentication scheme based on biometrics and claimed that their scheme can overcome offline password-guessing, user impersonation, server impersonation, known specific session temporary information, three-factor security, user anonymity, and privileged internal attacks. Some important related works are summarized in Table 1.

In this study, we investigated Wang et al.‘s scheme subject to known session-specific temporary information, user impersonation, and server impersonation attacks. To overcome the abovementioned attacks, we refer to Wang et al.’s scheme and propose an improved authentication scheme. Finally, we demonstrate that our scheme is semantically secure in the ROR model and overcome known attacks using the ProVerif tool and the BAN logic.

The remainder of this paper is organized as follows. A simple review and cryptanalysis of the scheme proposed by Wang et al. is discussed in Sections 2 and 3, respectively. Section 4 elaborates the proposed scheme in detail. Section 5 demonstrates the security analysis of the proposed scheme. Section 6 presents a comparison of performance and security. Section 7 summarizes the paper.

2. Review of Wang et al.’s Scheme

Wang et al.’s scheme includes initialization, server and user registration, and login authentication phases. Their scheme involves three types of entities: users, servers, and a registration center. The notations used in the scheme and their descriptions are shown in Table 2.

2.1. Initialization

In this phase, the registration center selects an elliptic curve , and the basic point of defines two hash functions and . Subsequently, the selects a random number and computes the public key , where is the ’s secret key and publishes .

2.2. Server and User Registration

The server selects its identity and sends its identity to the through a secure channel. The receives this message, computes , and sends to . When receives , it stores it as the secret key.

The user selects his and and imprints . Subsequently, selects a random number , computes , and sends to the . The receives this message and calculates the following:where . Note that is the technique of fuzzy-verifier [40]. The stores in the smart card and then sends the to in a secure channel. Subsequently, stores in the .

2.3. Login and Authentication

In this phase, and complete a mutual authentication and establish a session key with the aid of the .Step 1 enters and , imprints , and logins the . Subsequently, the computes and verifies if . If they are equal, then generates a random number and computes Next, sends to the in the public channel.Step 2After the receives , it computes and verifies if . If they are equal, then the computes Next, the sends to in the public channel.Step 3After receives , it computes and verifies if . If they are equal, then generates a random number and computes Subsequently, sends to in the public channel.Step 4After receives , he computes and verifies if . If they are equal, then computes Next, sends to in the public channel.Step 5After receives , it computes and verifies if . If they are equal, then is the session key for and .

3. Cryptanalysis of Wang et al.’s Scheme

In this section, we demonstrate Wang et al.’s scheme subject to three security attacks. In our proposed attacks, we assumed that the attacker is a legitimate user and has already registered with the .

3.1. Known Session-Specific Temporary Information Attack

A known session-specific temporary information attack refers to a security attack in which an attacker attempts to obtain the current when temporary secret values such as random numbers are disclosed [41].

In this attack, we assume that the attacker obtains temporary information and captures and , which are transmitted over the public channel. Based on the above, can compute

Subsequently, obtains , , and ; hence, it can determine . Furthermore, based on the formulas above, can obtain the user’s ; in other words, the user’s anonymity is not protected.

3.2. User Impersonation Attack

Step 1Based on Section 3.1, can obtain ,, and . Subsequently, generates a random number and computes fakes to send to the .Step 2Upon receiving , the computes It is clear that . Next, the computes and sends to .Step 3After receiving , computes It is clear that . Next, generates a random number and computes and sends to .Step 4 intercepts the massage and computes It is clear that . Next, computes and sends to .Step 5Upon receiving , computes . It is clear that . During this process, the server regards as .

3.3. Server Impersonation Attack

This attack is also based on , , , and in Section 3.1. When sends to the , eavesdrops the message. Subsequently, when sends to , intercepts the message. generates a random number and computesand sends to .

Upon receiving , computes

It is clear that . Next, computesand sends to . At this point, intercepts the message and computes

It is clear that . During the entire process, the user regards as .

4. Improved Scheme

To overcome the attacks, we proposed an improved scheme based on Wang et al.’s scheme in this section. Our scheme still operates in a multiserver environment, including the initialization, modified server and user registration, and modified login and authentication phases. It is noteworthy that the initialization phase in our scheme is the same as that in Wang et al.’s scheme, and we used a rectangle to denote our modifications.

4.1. Modified Server and User Registration

The server selects its identity and sends its identity to the through a secure channel. The receives this message and selects a random number . Subsequently, the computes , stores , and sends to . When receives , it stores it in the database.

The user selects his and and imprints . Subsequently, selects a random number and computesand sends to the . The receives this message, selects a random number , and computeswhere . The stores in the database, stores in the , and sends the to in a secure channel. Next, stores in the . The complete registration process is shown in Figure 2.

4.2. Modified Login and Authentication

In this phase, and complete a mutual authentication and use the as an information center to establish an . The complete login and authentication processes are shown in Figure 3.Step 1 enters and , imprints , and logins the . Next, the computes and verifies if . If they are equal, generates a random number and computes Subsequently, sends to the in the public channel.Step 2After the receives , it retrieves in the database and computes and verifies if . If they are equal, the computes Next, the sends to in the public channel.Step 3After receives , it computes and verifies if . If they are equal, generates a random number and computes Subsequently, sends to in the public channel.Step 4After receives , it computes and verifies if . If they are equal, is the session key for and .

5. Security Analysis

5.1. Formal Security Analysis

In this section, we show the security analysis of our improved scheme in the random oracle model [42]. First, we define the adversarial model [25, 26, 43–47] and simulate the adversary capabilities in a real attack. In the proposed scheme, three participants, , , and , are involved. We use , , and to represent the th communication of , the th communication of , and the th communication of , respectively. To perform a formal security analysis, we defined the following query model for the attacker . : performs this query to eavesdrop and record the messages transmitted on the public channel, such as the messages between the and the , the messages between the and the , and the messages between the and the : based on this query, can get the hash value if each item in the hash function is known, where : executes this query with message and then receives the response message from the entity : executes this query to obtain the return result of current session key generated by : executes this query to obtain information in the smart card : based on this query, an unbiased coin begins to be flipped. If , returns to a random string, and if , returns to a session key

In the ROR model, the following theorem describes the security of our proposed scheme .

Theorem 1. If runs in an ROR model against a scheme in polynomial time, represents the total number of bits of the biometric. The that ’s advantage breaks the security of in AKE scheme, and then , where and are the number of and ; is the range space of ℎ (∙); C′ and s are parameters of Zipf’s law [48]; is the advantage of breaking the symmetric cipher .

Proof. We define a sequence of five games, namely, . Let represent the event that wins . The represents the advantage of winning , where is the probability of event . The represents the advantage of that breaks the security of in the proposed scheme. The detailed description of is as follows. is the first game that represents a real attack on the ROR model. At this point, select coin to start . From semantic security, we can get . means that can perform the query and get the message and transmitted in the scheme. At the end of the game, will perform and queries to determine whether can be obtained. But cannot derive , so the probability of is the same as that of , that is, . has added and queries, , which are all protected by ℎ (∙). But are not directly obtained in the transmission channel, and according to the birthday paradox, we can get . query is added in and can get the information in the smart card. The uses the password and biometric information to register, and wants to guess , but the probability of guessing the biometrics is [49], which is almost negligible. Using Zipf’s law [48], we can get . is the last part of the game. At this time, attempts to decrypt the information and uses the obtained information to infer . Without the master key of , cannot compute and . According to the security of symmetric encryption algorithm, we can obtain .All queries are performed by . After querying the test query, only the coin of is left. Thus, the probability of guessing coin is . In summary, we can deduceTherefore, the advantage of breaking the scheme is .

5.2. Formal Security Analysis by BAN Logic

In this subsection, we demonstrate through the BAN logic that after our scheme verifies the authenticity of each other’s identity and that the determined will not be obtained by others. In fact, the BAN logic is a rule used to define and analyze the communication process between two parties. Specifically, the conclusions obtained by the BAN logic are through rigorous logic analysis, which further explains the confidentiality and credibility of the communication information. The notations and rules of the BAN logic used in the BAN logic calculation performed in this study are cited in [24, 27, 28, 30, 31, 36, 50, 51]. The proof of our scheme is as follows:

5.2.1. Rules

Nonce verification rule: Message meaning rule: Jurisdiction rule: Jurisdiction rule:

5.2.2. Goals

Goal 1. Goal 2. Goal 3. Goal 4.

5.2.3. Idealize the Communication Messages

5.2.4. Initial Assumptions

5.2.5. The Proof of Our Proposed Scheme

For By , we have Based on A₁, S₁, and rule (2), we have Based on A₂ and rule (4), we obtain Using S₃, S₂, and rule (1), Subsequently, we have Based on A₃, S₅, and rule (3), we have By , we have Based on A₄, S₇, and rule (2), we have Based on A₅, S₈, rule (4), and rule (1), we obtain and the following: .

For , based on A₆, S₁₀, and rule (3), we have .

For , based on , we have Subsequently, based on , we have Based on A₇, S₁₃, rule (4), and rule (1), we obtain Therefore, we have .

For , based on A₈, S₁₅, and rule (3), we have .

5.3. Security Verification by ProVerif

We used the verification tool ProVerif to test the security of our proposed scheme. ProVerif is an important verification tool for verifying security fundamentals such as authentication, confidentiality, anonymity, and privacy [11, 24, 51, 52]. Furthermore, ProVerif can automatically verify the security of a scheme. It handles basic elements such as public key cryptography and the Diffie–Hellman mechanism.

The definition of the ProVerif code is shown in Figure 4. Our scheme comprised three entities: , , and . Figures 5–7 show the user, , and server processes in our code, respectively. Five events were involved: UserAuthed, UserStarted, RCAcUser, ServerAcRC, and UserAcServer. Event UserAuthed means that has been successfully authenticated. Event UserStarted means that has started authentication. Event RCAcUser means that the has successfully authenticated the . Event ServerAcRC means that has successfully authenticated the . Event UserAcServer means that has successfully authenticated .

Next, we used ProVerif to query whether the attacker can obtain the identities of and as well as the and whether the events above were executed in sequence. Figure 8 shows the events and queries in the code.

Finally, we executed the code to perform authentication, and the results are shown in Figure 9. The result shows that ProVerif confirmed the security of our scheme. Therefore, the attacker cannot obtain parameters , and all events are executed normally. Note that Figures 4–9 are shown in Appendix.

5.4. Informal Security Analysis

5.4.1. Known Session-Specific Temporary Information Attacks

Upon completing the login and authentication phase, if or is compromised, then intercepts information and computes , but it cannot compute and . Therefore, cannot compute the , and the scheme successfully overcomes known session-specific temporary information attacks.

5.4.2. User Impersonation Attacks

Assume that the pretends to be a user and forges a message . Even if forges a random number , it cannot compute to forge and . cannot obtain for two reasons. First, upon completing the login and entering the authentication phase, is encrypted by , and cannot compute to decrypt ; therefore, cannot be obtained. Second, in the registration phase, if the is stolen by a malicious user, then can obtain . However, because , requires to compute , which is impossible. Therefore, the scheme successfully overcomes user impersonation attacks.

5.4.3. Server Impersonation Attacks

Assume that pretends to be the server and forges a message . Therefore, must generate a random number and compute . However, cannot obtain . Even if can obtain temporary information , it cannot compute , nor can it obtain sensitive information by decrypting . Therefore, the scheme can overcome server impersonation attacks.

5.4.4. Man-in-the-Middle Attacks

Upon completing the login and authentication phase, the intercepts the messages transmitted between and to impersonate the user or server. The may intercept to impersonate . However, cannot compute ; therefore, the session is terminated. In another case, may intercept to impersonate . However, cannot compute ; therefore, it cannot pass the verification. Therefore, the scheme can overcome man-in-the-middle attacks.

5.4.5. Replay Attacks

Suppose that message , , or is replayed by . However, our scheme overcomes this attack by refreshing random numbers . By replaying one of the messages , the mutual authentication values for the user will not pass, and the session will be terminated. Therefore, this scheme can overcome replay attacks.

5.4.6. Stolen Attacks

Suppose that the is stolen by a malicious user who will obtain . However, based on those values, cannot compute . In addition, cannot obtain to compute and . Therefore, cannot compute . Hence, it is clear that the scheme can successfully overcome stolen attacks.

5.4.7. Offline Password-Guessing Attacks

According to, obtains . Moreover, can be biometric by shoulder surfing. launches an offline password-guessing attack by comparing (). In addition, . However, cannot obtain , , and ; therefore, the attacker cannot compute . Hence, the scheme can overcome offline password-guessing attacks.

5.4.8. Privileged Insider Attacks

Assume that the privileged insider is stored in the RC database. However, cannot obtain and the user’s ; therefore, it cannot compute . Because and , cannot compute the . Therefore, the scheme can overcome privileged insider attacks.

5.4.9. Perfect Forward Secrecy

Suppose that obtains the ’s long-term key and attempts to obtain the . If obtains and intercepts , then it computes . However, cannot compute and . In other words, cannot compute . Therefore, this scheme provides perfect forward secrecy.

5.4.10. User Anonymity

In the registration phase of the improved scheme, computes to protect the real identity of the user. In the authentication phase, the user transmits the virtual identity , and the attacker cannot obtain the real identity of the user. Therefore, our scheme provides user anonymity.

5.4.11. Three-Factor Secrecy

The three factors refer to the password, , and biometrics. Based on a previous analysis, and are the key parameters for launching an attack to compute the . obtains two of the three factors, i.e., the password and . Even if obtains the password and extracts the parameters from the , it cannot compute and to perform any attack. Passwords and biometrics: if obtains the password and biometrics to calculate , it must obtain and . However, is stored in an , whereas is protected by a random number. Biometrics and smart cards: if obtains the biometrics and to calculate , it must obtain the . Therefore, cannot compute .

After analyzing the security of our improved scheme, we can conclude that our proposed scheme is “provably secure” against several well-known attacks with a higher probability. However, it not means that our scheme is a “perfectly secure” authentication scheme because many special attack approaches or tricks exist [19].

6. Performance Comparison

In this section, we compare our improved scheme with those of Ali and Pal [34] and Wang et al. [36] in terms of security and efficiency. Table 3 presents a comparison of security among the abovementioned schemes. It is evident that our scheme is secure against well-known attacks. Ali and Pal’s scheme [34] could not overcome known session-specific temporary information, user impersonation, and server impersonation attacks, nor could it provide three-factor and perfect forward secrecy. Although Wang et al.‘s scheme [36] guaranteed perfect forward secrecy, it could not overcome known session-specific temporary information, user impersonation, and server impersonation attacks. Hence, it is clear that only our proposed protocol successfully overcame all known attacks and achieved a certain degree of security.

A comparison of the computational costs is shown in Table 4. We used JPBC-2.0.0 (Pairing-Based Cryptography Library) [53], IntelliJ IDEA 2020.2.1 community edition, and a Windows 10 computer with a 2.3 GHz Intel (R) Core i5 processor and 16 GB of memory to simulate the computational costs. It is noteworthy that a widely accepted Type A pairing was constructed on the curve y² = x³ + x over F_q, where q is a prime satisfying q = 3 mod 4. In our experimental results, was 13.5 ms, was 0.48 ms, and was 0.12 ms. As shown in Table 4, the computational cost of our scheme was lower than that of the scheme in [34], whereas it was 13.5 ms higher than that of the scheme in [36]. However, when our scheme was utilized in a practical application, the 13.5 ms difference was almost negligible. Meanwhile, the scheme in [36] was subject to known session-specific temporary information, user impersonation, and server impersonation attacks. However, our improved scheme overcame all known attacks.

Table 5 shows a comparison of the communication costs. We assumed that the ECC points accounted for 320 bits because two 160-bit parameters form an ECC point. The hash operation was considered to be 256 bits, and the identity was 64 bits. The length of the ciphertext for a symmetric encryption was 256 bits. In Ali et al.’s scheme, the messages in the login and authentication phase were , , and , where {E_i, C_i, K_i, Q_i, Z_i} belong to ECC, {D_i, L_i, M_i} are hash values, and {DID_i, , F_i} are ciphertexts. The total communication cost of Ali et al.’s scheme was 3712 bits. In Wang et al.’s scheme, the messages in the login and authentication phase were , , and , where {R_i, R_S} belong to ECC, {F_i, Q_i} are hash values, and {L_i, M_i} are ciphertexts. The total communication cost of Wang et al.’s scheme was 1664 bits. In our scheme, the messages in the login and authentication phases were , and , where {R_S} belongs to ECC, {D_i, , F_i} are hash values, and {L_i, M_i} are ciphertexts. The total communication cost of our scheme was 1600 bits.

Through the analysis of computation cost and communication cost, the communication cost of our scheme is significantly lower than [34, 36] and the computation cost is also acceptable. Combined with the previous security analysis mentioned in Table 3, our scheme also has strong security. Hence, our scheme is worthy of being adopted in secure three-factor authentication.

7. Conclusion

In this study, we performed a security analysis of Wang et al.’s scheme and discovered that their scheme could not overcome known session-specific temporary information, user impersonation, and server impersonation attacks. Additionally, we have proven the security of our proposed scheme through formal and informal security analysis. Subsequently, the communication security of our scheme was validated by the ProVerif tool, and the BAN logic indicated that mutual authentication can be completed safely. Finally, through a comparison of performance and security, the security and efficiency of our proposed scheme was proven. However, the computational cost of our scheme is still high. It will lead us to design lightweight authentication schemes in the future.

Data Availability

The data used to support the findings of this study are included within the article.

Conflicts of Interest

The authors declare no conflicts of interest.

References

J.-S. Pan, P. Hu, and S.-C. Chu, “Novel parallel heterogeneous meta-heuristic and its communication strategies for the prediction of wind power,” Processes, vol. 7, no. 11, p. 845, 2019.
View at: Publisher Site | Google Scholar
T.-Y. Wu, C.-M. Chen, K.-H. Wang, C. Meng, and E. K. Wang, “A provably secure certificateless public key encryption with keyword search,” Journal of the Chinese Institute of Engineers, vol. 42, no. 1, pp. 20–28, 2019.
View at: Publisher Site | Google Scholar
J. M.-T. Wu, J. C.-W. Lin, and A. Tamrakar, “High-utility itemset mining with effective pruning strategies,” ACM Transactions on Knowledge Discovery from Data, vol. 13, no. 6, pp. 1–22, 2019.
View at: Publisher Site | Google Scholar
Z. Meng, J.-S. Pan, and K.-K. Tseng, “PaDE: an enhanced Differential Evolution algorithm with novel control parameter adaptation schemes for numerical optimization,” Knowledge-Based Systems, vol. 168, pp. 80–99, 2019.
View at: Publisher Site | Google Scholar
A.-Q. Tian, S.-C. Chu, J.-S. Pan, H. Cui, and W.-M. Zheng, “A compact pigeon-inspired optimization for maximum short-term generation mode in cascade hydroelectric power station,” Sustainability, vol. 12, no. 3, p. 767, 2020.
View at: Publisher Site | Google Scholar
S. C. Chu, X. S. Xue, J. S. Pan, and X. J. Wu, “Optimizing ontology alignment in vector space,” Journal of Internet Technology, vol. 21, no. 1, pp. 15–22, 2020.
View at: Google Scholar
Z. G. Du, J. S. Pan, S. C. Chu, H. J. Luo, and P. Hu, “Quasi-affine transformation evolutionary algorithm with communication schemes for application of RSSI in wireless sensor networks,” IEEE Access, vol. 8, pp. 858–8594, 2020.
View at: Publisher Site | Google Scholar
J. Zhang, H. Liu, and L. Ni, “A secure energy-saving communication and encrypted storage model based on RC4 for EHR,” IEEE Access, vol. 8, pp. 38995–39012, 2020.
View at: Publisher Site | Google Scholar
J. Wang, X. Gu, W. Liu, A. K. Sangaiah, and H. J. Kim, “An empower Hamilton loop based data collection algorithm with mobile agent for WSNs,” Human-centric Computing and Information Sciences, vol. 9, no. 1, pp. 1–14, 2019.
View at: Google Scholar
J. Wang, Y. Gao, K. Wang, A. K. Sangaiah, and S.-J. Lim, “An affinity propagation-based self-adaptive clustering method for wireless sensor networks,” Sensors, vol. 19, no. 11, p. 2579, 2019.
View at: Publisher Site | Google Scholar
H. Xiong, Y. Wu, C. Jin, and S. Kumari, “Efficient and privacy-preserving authentication protocol for heterogeneous systems in IIoT,” IEEE Internet of Things Journal, vol. 1, 2020.
View at: Publisher Site | Google Scholar
H. Xiong, Y. Zhao, Y. Hou et al., “Heterogeneous signcryption with equality test for IIoT environment,” IEEE Internet of Things Journal, vol. 1, 2020.
View at: Publisher Site | Google Scholar
J. H. Yang and C. C. Chang, “An id-based remote mutual authentication with key agreement scheme for mobile devices on elliptic curve cryptosystem,” Computers & Security, vol. 28, no. 3-4, pp. 138–143, 2009.
View at: Publisher Site | Google Scholar
S. H. Islam and G. P. Biswas, “A more efficient and secure ID-based remote mutual authentication with key agreement scheme for mobile devices on elliptic curve cryptosystem,” Journal of Systems and Software, vol. 84, no. 11, pp. 1892–1898, 2011.
View at: Publisher Site | Google Scholar
T. T. Truong, M. T. Tran, and A. D. Duong, “Improvement of the more efficient and secure id-based remote mutual authentication with key agreement scheme for mobile devices on ecc,” in Proceedings of the 2012 26th international Conference on Advanced information Networking and Applications Workshops, pp. 698–703, IEEE, Fukuoka, Japan, March 2012.
View at: Google Scholar
E. Erdem and M. T. Sandıkkaya, “OTPaaS—one time password as a service,” IEEE Transactions on Information Forensics and Security, vol. 14, no. 3, pp. 743–756, 2018.
View at: Google Scholar
S. A. Chaudhry, “Correcting “PALK: password-based anonymous lightweight key agreement framework for smart grid,” International Journal of Electrical Power & Energy Systems, vol. 125, p. 106529.
View at: Google Scholar
M. Karuppiah and R. Saravanan, “A secure remote user mutual authentication scheme using smart cards,” Journal of Information Security and Applications, vol. 19, no. 4, pp. 282–294, 2014.
View at: Publisher Site | Google Scholar
D. Wang, D. B. He, P. Wang, and C. H. Chu, “Anonymous two-factor authentication in distributed systems: certain goals are beyond attainment,” IEEE Transactions on Dependable and Secure Computing, vol. 12, no. 4, pp. 428–442, 2014.
View at: Google Scholar
D. Wang and P. Wang, “On the anonymity of two-factor authentication schemes for wireless sensor networks: attacks, principle and solutions,” Computer Networks, vol. 73, pp. 41–57, 2014.
View at: Publisher Site | Google Scholar
R. Amin, S. H. Islam, G. P. Biswas, M. K. Khan, and N. Kumar, “An efficient and practical smart card based anonymity preserving user authentication scheme for TMIS using elliptic curve cryptography,” Journal of Medical Systems, vol. 39, no. 11, pp. 1–18, 2015.
View at: Publisher Site | Google Scholar
Q. Xie, D. S. Wong, G. Wang, X. Tan, K. Chen, and L. Fang, “Provably secure dynamic ID-based anonymous two-factor authenticated key exchange protocol with extended security model,” IEEE Transactions on Information Forensics and Security, vol. 12, no. 6, pp. 1382–1392, 2017.
View at: Publisher Site | Google Scholar
C.-M. Chen, B. Xiang, Y. Liu, and K.-H. Wang, “A secure authentication protocol for Internet of vehicles,” IEEE Access, vol. 7, no. 1, pp. 12047–12057, 2019.
View at: Publisher Site | Google Scholar
T.-Y. Wu, Z. Lee, M. S. Obaidat, S. Kumar, C.-M. Sachin, and C. M. Chen, “An authenticated key exchange protocol for multi-server architecture in 5G networks,” IEEE Access, vol. 8, pp. 28096–28108, 2020.
View at: Publisher Site | Google Scholar
D. Wang, Q. Gu, H. Cheng, and P. Wang, “The request for better measurement: a comparative evaluation of two-factor authentication schemes,” in Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security, pp. 475–486, Xi an, China, June 2016.
View at: Google Scholar
D. Wang, W. Li, and P. Wang, “Measuring two-factor authentication schemes for real-time data access in industrial wireless sensor networks,” IEEE Transactions on Industrial Informatics, vol. 14, no. 9, pp. 4081–4092, 2018.
View at: Publisher Site | Google Scholar
R. S. Pippal, C. D. Jaidhar, and S. Tapaswi, “Robust smart card authentication scheme for multi-server architecture,” Wireless Personal Communications, vol. 72, no. 1, pp. 729–745, 2013.
View at: Publisher Site | Google Scholar
D. He and D. Wang, “Robust biometrics-based authentication scheme for multiserver environment,” IEEE Systems Journal, vol. 9, no. 3, pp. 816–823, 2014.
View at: Google Scholar
X. Huang, Y. Xiang, E. Bertino, J. Zhou, and L. Xu, “Robust multi-factor authentication for fragile communications,” IEEE Transactions on Dependable and Secure Computing, vol. 11, no. 6, pp. 568–581, 2014.
View at: Publisher Site | Google Scholar
V. Odelu, A. K. Das, and A. Goswami, “A secure biometrics-based multi-server authentication protocol using smart cards,” IEEE Transactions on Information Forensics and Security, vol. 10, no. 9, pp. 1953–1966, 2015.
View at: Publisher Site | Google Scholar
X. Li, J. Niu, S. Kumari, J. Liao, and W. Liang, “An enhancement of a smart card authentication scheme for multi-server architecture,” Wireless Personal Communications, vol. 80, no. 1, pp. 175–192, 2015.
View at: Publisher Site | Google Scholar
S. Kumari, X. Li, F. Wu, A. K. Das, K.-K. R. Choo, and J. Shen, “Design of a provably secure biometrics-based multi-cloud-server authentication scheme,” Future Generation Computer Systems, vol. 68, pp. 320–330, 2017.
View at: Publisher Site | Google Scholar
Q. Feng, D. He, S. Zeadally, and H. Wang, “Anonymous biometrics-based authentication scheme with key distribution for mobile multi-server environment,” Future Generation Computer Systems, vol. 84, pp. 239–251, 2018.
View at: Publisher Site | Google Scholar
R. Ali and A. K. Pal, “An efficient three factor–based authentication scheme in multiserver environment using ECC,” International Journal of Communication Systems, vol. 31, no. 4, Article ID e3484, 2018.
View at: Publisher Site | Google Scholar
S. Hussain and S. A. Chaudhry, “Comments on “Biometrics-Based privacy-preserving user authentication scheme for cloud-based industrial Internet of Things deployment”,” IEEE Internet of Things Journal, vol. 6, no. 6, pp. 10936–10940, 2019.
View at: Publisher Site | Google Scholar
F. Wang, G. Xu, C. Wang, and J. Peng, “A provably secure biometrics-based authentication scheme for multiserver environment,” Security and Communication Networks, vol. 2019, Article ID 2838615, pp. 1–15, 2019.
View at: Publisher Site | Google Scholar
C. ., M. Chen, Y. Y. Huang, K. H. Wang, S. Kumari, and M. E. Wu, “A secure authenticated and key exchange scheme for fog computing,” Enterprise Information Systems, vol. 2020, pp. 1–16, 2020.
View at: Publisher Site | Google Scholar
H. Luo, G. Wen, and J. Su, “Lightweight three factor scheme for real-time data access in wireless sensor networks,” Wireless Networks, vol. 26, no. 2, pp. 955–970, 2020.
View at: Publisher Site | Google Scholar
C. Shehzad Ashraf, S. Taeshik, A. T. Fadi, and H. A. Mohammed, “Correcting design flaws: an improved and cloud assisted key agreement scheme in cyber physical systems,” Computer Communications, vol. 153, pp. 527–537, 2020.
View at: Google Scholar
C.-G. Ma, D. Wang, and S.-D. Zhao, “Security flaws in two improved remote user authentication schemes using smart cards,” International Journal of Communication Systems, vol. 27, no. 10, pp. 2215–2227, 2014.
View at: Publisher Site | Google Scholar
R. Canetti and H. Krawczyk, “Analysis of key-exchange protocols and their use for building secure channels,” in Proceedings of the International Conference on the Theory and Applications of Cryptographic Techniques, pp. 453–474, Springer, Austria, May 2001.
View at: Google Scholar
O. Goldreich and S. Halevi, “The random oracle methodology, revisited,” in Proceedings of the 30th ACM Symposium. Theory of Computing (STOC), pp. 209–218, Chicago, IL, USA, June 1998.
View at: Google Scholar
X. Huang, X. Chen, J. Li, Y. Xiang, and L. Xu, “Further observations on smart-card-based password-authenticated key agreement in distributed systems,” IEEE Transactions on Parallel and Distributed Systems, vol. 25, no. 7, pp. 1767–1775, 2013.
View at: Google Scholar
D. Wang, N. Wang, P. Wang, and S. Qing, “Preserving privacy for free: efficient and provably secure two-factor authentication scheme with user anonymity,” Information Sciences, vol. 321, pp. 162–178, 2015.
View at: Publisher Site | Google Scholar
D. Wang and P. Wang, “Two birds with one stone: two-factor authentication with security beyond conventional bound,” IEEE Transactions on Dependable and Secure Computing, vol. 15, no. 4, pp. 708–722, 2016.
View at: Google Scholar
P. Gope, A. K. Das, N. Kumar, and Y. Cheng, “Lightweight and physically secure anonymous mutual authentication protocol for real-time data access in industrial wireless sensor networks,” IEEE Transactions on Industrial Informatics, vol. 15, no. 9, pp. 4957–4968, 2019.
View at: Publisher Site | Google Scholar
S. Qiu, D. Wang, G. Xu, and S. Kumari, “Practical and provably secure three-factor Authentication protocol based on extended chaotic-maps for mobile lightweight devices,” IEEE Transactions on Dependable and Secure Computing, vol. 1, 2020.
View at: Publisher Site | Google Scholar
D. Wang, H. Cheng, P. Wang, X. Huang, and G. Jian, “Zipf’s law in passwords,” IEEE Transactions on Information Forensics and Security, vol. 12, no. 11, pp. 2776–2791, 2017.
View at: Publisher Site | Google Scholar
V. Odelu, A. K. Das, and A. Goswami, “A secure biometrics-based multi-server authentication protocol using smart cards,” IEEE Transactions on Information Forensics and Security, vol. 10, no. 9, pp. 1953–1966, 2015.
View at: Publisher Site | Google Scholar
C.-M. Chen, C.-T. Li, S. Liu, T.-Y. Wu, and J.-S. Pan, “A provable secure private data delegation scheme for mountaineering events in emergency system,” IEEE Access, vol. 5, pp. 3410–3422, 2017.
View at: Publisher Site | Google Scholar
C.-T. Li, T.-Y. Wu, and C.-M. Chen, “A provably secure group key agreement scheme with privacy preservation for online social networks using extended chaotic maps,” IEEE Access, vol. 6, pp. 66742–66753, 2018.
View at: Publisher Site | Google Scholar
C.-M. Chen, K.-H. Wang, K.-H. Yeh, B. Xiang, and T.-Y. Wu, “Attacks and solutions on a three-party password-based authenticated key exchange protocol for wireless communications,” Journal of Ambient Intelligence and Humanized Computing, vol. 10, no. 8, pp. 3133–3142, 2019.
View at: Publisher Site | Google Scholar
A. De Caro, V. Iovino, and jP. B. C. “, “Java pairing based cryptography,” in Proceedings of the 2011 IEEE Symposium on Computers and Communications (ISCC), pp. 850–855, Kerkyra, Greece, July 2011.
View at: Google Scholar

Copyright

Copyright © 2021 Tsu-Yang Wu et al. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

PDF Download Citation

Download other formats

Order printed copies

Views

1290

Downloads

1120

Citations