Next Article in Journal
XML-Based Automatic NIOS II Multi-Processor System Generation for Intel FPGAs
Next Article in Special Issue
Cognitive Adaptive Systems for Industrial Internet of Things Using Reinforcement Algorithm
Previous Article in Journal
Compact Quad-Mode BPF Based on Half-Mode Short-Circuited Semicircular Patch Resonator
Previous Article in Special Issue
A Multi-Dimensional and Multi-Factor Trust Computation Framework for Cloud Services
 
 
Font Type:
Arial Georgia Verdana
Font Size:
Aa Aa Aa
Line Spacing:
Column Width:
Background:
Article

A Secure Authentication Scheme for Teleservices Using Multi-Server Architecture

1
Department of Computer Science & Engineering, Ajay Kumar Garg Engineering College, Ghaziabad 201015, India
2
Department of Computer Science & Engineering, ABES Engineering College, Ghaziabad 201009, India
3
Department of Computer Applications, KIET Group of Institutions, Delhi-NCR, Ghaziabad 201206, India
4
Department of Mathematics, Chaudhary Charan Singh University, Meerut 250004, India
5
Division of Computer Engineering, Dongseo University, 47 Jurye-ro, Sasang-gu, Busan 47011, Korea
*
Author to whom correspondence should be addressed.
Electronics 2022, 11(18), 2839; https://doi.org/10.3390/electronics11182839
Submission received: 1 August 2022 / Revised: 31 August 2022 / Accepted: 3 September 2022 / Published: 8 September 2022
(This article belongs to the Special Issue Novel Methods for Dependable IoT Edge Applications)

Abstract

:
The telecommunications industry covers various sectors and services such as broadband, telecom equipment, telecom infrastructure, telephone service providers, mobile virtual network operators, 5G, and the white space spectrum. Smart Cards may be chosen as one of the best mechanisms for authorized access to these services in the telecom sector. Recently, Jin Kwak proposed a scheme based on dynamic identity for authentication purposes, mentioning that the scheme does not suffer from security breaches and attacks. This paper illustrates Jin Kwak’s technique and finds that it violates the purpose contrary to his claim. Due to a design issue in his scheme, an adversary may guess the password in a polynomial time and impersonate a legal user. Furthermore, other attacks, including replay attack, are also possible, as the time stamp was not protected in this scheme. We propose an improved version of this scheme, and it is free from various attacks, including password guessing by hiding the identity of the user and replay attacks by using the time stamp securely. The results mentioned in performance and efficiency comparison show a faster scheme than many existing schemes.

1. Introduction

A significant increase in revenues and consumer numbers in the telecom industry generates more employment and contributes to India’s GDP. In addition, the tremendous growth in the wireless sector and the availability of high-speed data services allow users to increase data usability. Despite all these, further enhancement can be done in the mobile value-added services (VAS) by including various utility services, like m-governance, m-traffic management, m-education, m-shopping, m-health, etc., and to use any services, including the above services, needs an authentication scheme [1,2,3,4]. Further, sharing towers and other infrastructure among various telecom service providers to reduce the cost spent on the setup and management of the telecom infrastructure seems imminent. Furthermore, the decrease in the prices of the tariffs and the availability of more affordable smartphones will further serve as a booster for the growth of the telecom industry and [5,6,7] can be used for authentication. With time, the telecom domain will increase its reach and connect the rural areas where the telephony services are absent or have a limited presence.
As per the GSMA report, by 2025 [8], it is predicted that India will be the second-largest market in the world and will be using 1 billion smartphones. It is also believed that 88 million 5G will be installed. Currently, the trials of 5G technology are under process across the country, and 5G technology is expected to add $450 billion to the Indian Economy during 2023–2040, as per investindia.
The telecom sector proliferates and faces authentication, privacy, and data security challenges. User authentication is the most crucial task to access any services related to telecom and medical, etc. [9,10,11]. Therefore, single server and multi-servers authentication architecture [12,13] came into the picture. Multi-server architecture mainly produces more productive results. However, a few inherent challenges with multi-server authentication are replay attacks [14], session key leakages [5], and user impersonation attacks [13] during connection establishment and data transfer. In addition to the above, during the connection establishment and communication process, stealing data by sniffing and tinkering or other attacks may also raise serious concerns for multiple server architecture [1,15,16,17,18,19,20]. Therefore, we need a secure and efficient authentication scheme for a multi-server architecture environment, which removes the security vulnerabilities mentioned in [21,22].
In our proposed scheme, a user is authenticated by logging in to a specific server, named an authentication server, by inputting the credentials into a smart card, then the authentication server sends the request to the central server for final authentication. The central server and the authentication server agree to produce the same session key during this process.
We summarize our significant contributions as follows:
In a review of Jin Kewak scheme, it suffers from various attacks.
We propose an improved version of Jin Kewak scheme.
The proposed scheme has essential features of the authentication scheme, such as user anonymity and mutual authentication, and is free from various security attacks, including user impersonation attacks, offline password guessing attacks, replay attacks, and insider attacks.
We also demonstrated that our scheme takes less computational resources from various methods mentioned in [1,18,19,20].
The structure of the remaining section of the paper is as follows: In Section 2, related work was presented, Section 3 has Jin Kwak’s scheme, while Section 4 includes our proposed authentication scheme, an improvement of Jin Kwak’s scheme. Section 5 covers a security analysis of our proposed scheme, mentioning that our scheme has no vulnerabilities and is free from various attacks. The performance of our scheme and comparison with others is demonstrated in Section 6. Finally, we present the conclusion in Section 7.

2. Related Work

In [1], the authors presented an authentication scheme based on the smart card, which allows the user to initiate the authentication process through a smart card to log in to a remote server connected to the Internet of things devices. Furthermore, they have analyzed their work on the Automated Validation of Internet Security Protocols and Applications tool. However, this approach suffers from various attacks, such as offline password guessing attacks, insider attacks, and replay attacks. The authors in [18] presented an authentication scheme for Internet of Things (IoT)-enabled devices and cloud-based servers by using a hash function. This scheme uses limited computation power, a mandatory requirement of IoT-enabled technologies. However, this scheme suffers user impersonation attacks.
With the prevalent usage of IoT-based devices and to secure access to private information from the cloud, the authors in [19] proposed an authentication scheme based on a smartcard. They used AVISPA tool and BABN logic to reveal their work’s strength. The authors have also pointed out a better performance than many existing models. However, this approach did not take care of user anonymity and offline password guessing attack. With the popularity of the IoT and 5G-based heterogeneous networks, and the necessity of a multi-server-based authentication system, the authors in [20] proposed a multi-server-based authentication system for the 5G network by using a smart card. They also did a security analysis on the proposed scheme using the ProVerif tool and BAN logic and carried out an informal security analysis of the proposed work. Moreover, the proposed protocol does not suffer from any significant attacks. However, it takes more computation time and occupies more resources.
In [12], the authors have presented the improved version of Kaul and Awasthi’s approaches for authentication by using the smart card. Per their claim, this approach is free from various stacks such as insider attacks, offline password guessing attacks, and user impersonation attacks, and supports mutual authentication attacks. However, this paper does not use the session key. In [10], the authors have recommended phishing detection algorithms using a support vector machine. However, they did not mention the authentication module in their study. In the study mentioned in [23], the authors have recommended the improved version of Das’s scheme for wireless sensor networks, which removed all the shortcomings of Das’s scheme. In their scheme, they have used three factors for authentication. However, this approach takes more computational resources.
With the continuous growth of internet technologies and acceptable server-side increments to offer users multiple services, the authors in [24] mentioned authentication with the help of various servers. However, the services mentioned in the paper are used in an insecure channel that attackers easily control. This paper uses a biometric and a smart card to use three authentication factors. However, the mentioned scheme suffers from various security attacks. In [17], the authors have improved the version of Jangirala’s scheme, which was various security threats, including user impersonation and server spoofing attacks. The authors have also used BAN logic in support of their claim. However, this scheme is not computationally efficient.
The authors in the paper [25] presented a Lyapunov-based approach that dynamically selects a relevant data communication model by using a transmission queue. The proposed scheme has to minimize power consumption. In [26], the authors have presented a resolution adjustment algorithm for reducing the overhead in video processing. The authors further used the Lyapunov-based algorithm. The mentioned approach achieves approximately 50% reduction in power. The authors in [27] have presented a system based on reinforcement learning-based Multi-Objective Hyper-Heuristic for planning the route in a smart city. The algorithm mentioned in the paper is efficient and produces faster results. In [28], the authors proposed an intelligent traffic controller, which runs based on active queue length. This controller has better performance than manual traffic controllers at intersections. The application mentioned in [25,26,27,28] needs a proper authentication model. Otherwise, severe security lapses may be possible. Therefore, these applications need security solutions.

3. Crypto Analysis of Jin Kwak’s Dynamic-Identity-Based Scheme [1]

In [1], the authors used three entities: the user who needs to be authenticated (Ui), the authentication server (Sj), and the Central server (CS). Furthermore, they have used three different sections: registration, login and verification, and password change. Table 1 represents the various parameters used in [1].
We consider the following significant assumptions made by Xu et al. [29], Kocher et al. [30], and Messages et al. [13] for presenting the threat model before analyzing Jin Kwak’s dynamic-identity-based method:
(1)
An adversary, who may take control of the communication channel as the channel is public, may perform an inserting or listening operation.
(2)
An adversary may get the lost smart card.
(3)
An adversary may obtain the stored parameters by analyzing the card’s power consumption.
We present the security flaws of Jin Kwak’s dynamic-identity-based scheme in the remaining part of Section 3.

3.1. User Impersonation Attack

As per the scheme [1], smart card SCi stores Userinfori, UIDi, Encpassi, h(x) and h(*). If the adversary steals the card, the adversary may easily extract these parameters by analyzing power consumption and recover the Ai, Verui, UIDi, and Ts parameters during the transmission at the login phase.
As per the scheme, the random numbers are stored at the server for meaningful computation. The adversary uses Ni1 and sends the following parameters:
{Ai, Verui, UIDi, Ts new}
Whereas Ai = Userinfori ⊕ h(x) ⊕ Ni1
Verui = h(h(x) || Ni1)
where Ts new is the new timestamp.
At this moment, Verui (Computed) and the Verui (Received) are the same. Therefore, the adversary request is accepted by the server. Moreover, the adversary may generate their random number, say Ni1*.
Then, the adversary may compute,
Ai* = Userinfori ⊕ Ni1* ⊕ h(x)
As the parameters, Userinfori and h(x) are already stored in the card, now
Verui* = h(h(x) || Ni1*)
Now, the adversary user sends {Ai*, Verui*, UIDi, and Ts*}.
Now, CS compares the received Verui* and computed Verui*. The parameters are the same as received Verui*, and calculated Verui* uses the exact computations.
In general, CS authenticates the request if the adversary generates a new random number every time, uses the latest timestamp, and applies the formulas mentioned above.
Therefore, the adversary may impersonate the legal user.

3.2. Replay Attack

As per Section 3.1, the adversary may easily extract stored parameters, and the adversary may also get Ai, Verui, UIDi, Ts.
Since Ai is computed as Ai = Userinfori ⊕ h(x) ⊕ Ni1 and Verui are computed as: Verui = h(h(x) || Ni1). CS compares received Verui and computed Verui. If both the parameters are the same, then CS authenticates the user. Since authentication is based on the value of Verui, it does not depend on the timestamp. CS maintains the verifiable table, and random numbers are not stored at the table, so a previously used random number can be reused.
Therefore, adversary may replay the login request Ai, Verui, UIDi, Ts latest by changing the value of Tslatest, where Tslatest is the variable that contains the latest timestamp.
After storing Ni1 is stored, a replay attack is possible.

3.3. Insider Attack

Any insider may get parameters from CS named as {(IDi, EncPassi*), UID}. After getting these parameters, an insider may guess the password from EncPassi = h(IDi || h(Pi*)), where Pi* is guessed password. If EncPassi*= EncPassi, then the insider comes to know about the correct password of Ui.

4. Proposed Authentication Protocol

After reviewing Jin Kwak’s scheme in Section 3, we need to make a more secure scheme that removes all the shortcomings mentioned in Section 3. Our proposed authentication protocol, similar to other schemes [1,18,19,20,26], has three entities named as the user who needs to be authenticated (Ui), the authentication server (Sj), and the trustworthy Centre server (CS). Initially, Ui inputs his credentials, then these credentials are authenticated by the smart card, followed by the smart card authentication by Sj, and finally, Sj is authenticated by CS. Figure 1 describes Registration phase, Figure 2 presents Log-in and authentication phase, while Figure 3 represents password change phase.

4.1. Registration Phase

The registration phase is the very first stage of our work and covers the registration process of Ui and Sj with CS. We used a secure channel for the registration phase. After that, CS provides a smart card for the user, sharing the required login details with Sj. The Table 2 has various notations used in our prosed scheme. The following steps are used in this phase.

4.2. Registration Phase

Step 1. In step 1, the authentication server Sj transmits the identification value, SIDj, to the CS over a secure communication medium. After that, CS evaluates the Serveinfj from SIDj and x by following the equation and sending it to Sj via a secure channel. Finally, Sj stores the Serverinfoj value.
Serveinfj = h(SIDj || x)
Step 2. In this step, Ui picks the user identification (IDi) and password (Pi,) and evaluates Ai as per the following equation:
Ai = h(IDi || h(Pi))
Step 3. Ui sends IDi, Ai to the CS, and CS computes Bi. SCi (Card) stores Ai, Bi, hash function h(*), Ekpub (IDi), where Ekpub is a public key of the CS.
Bi = Ai ⊕ h(x)
After successful of the above steps, CS issues the card (SCi) to Ui.

4.3. Log-In and Authentication Phase

After completion of the registration phases, the login and authentication process will start to access the server to get various services offered. Ui gives his credentials, which are authenticated by the smart card, followed by authentication of the smart card by the server Sj, and CS authenticates to server Sj. The following steps are used in this phase.
Step 1. Ui puts a given smart card in the card reader by providing his credentials, IDi and Pi.
Now, the smart card finds Ai′ = h (IDi || h (Pi)). Computed value is compared with the stored value. If both are the same, the smart card authenticates to the user.
If both the values are different, the session is frozen.
Step 2. SCi sends Ci and current timestamp (T1) to the server Sj with the help of the public key of server Sj.
Now compute, Ci = {Ekpub (IDi), h (IDi || T1), Bi*, Bi, T1}.
Bi* = h (IDi || T1 || Bi)
Step 3. Sj checks whether T1 is a valid timestamp or not. If valid, Sj sends Di to the CS; otherwise, the session is frozen.
Now Compute, Di = {Ci, Sj, h (h (Sj || x) || T2), T2}
Step 4. After receiving Di, CS checks whether T2 is a valid timestamp or not; if valid, then compute Ei = h (h (Sj || x) || T2), otherwise ignore.
If computed Ei and received Ei are the same, then CS authenticates to Sj.
Step 5. Now from Di = {Ci, Sj, h (h (Sj || x) || T2), T2}, CS computes the valid timestamp from Ci. If it is valid, then CS computes Bi* = h (IDi || T1 || Bi). If computed Bi* and received Bi* are equal, then it is alright; otherwise, terminate the connection.
Step 6. Now CS computes Ai, computes Ai*. CS then sends Fi to the server Sj.
Ai = Bi ⊕ h(x)
Ai* = h(Ai || IDi || T4)
Fi = {Ai*, digsig(CS), T4},
where digsig(CS) is the digital signature of the center server authorized by competitive authority.
Step 7. Sj verifies the digital signature of CS, digsig(CS), and valid timestamp from T4. If both are alright, then Fi is forwarded to (SCi).
Step 8. SCi computes the Ai* = h(Ai || IDi || T4) and check timestamp T4, if computed.
If Ai* and received Ai* are equal, SCi authenticates to the server.

4.4. Password Change Phase

The following steps are mentioned in our password change phase:
Step 1. The Ui scans the smart card through IDi and Pi credentials, and the smart card (SCj) finds Ai′.
Ai′ = h(IDi || h(Pi))
Step 2. If Ai′ = Ai, entered IDi and Pi are valid; otherwise, this phase ends.
Step 3. The Ui provides a new password Pi new, and computes Ai new and Bi new where
Ai new = h(IDi || h (Pi new))
Bi new = Ai new ⊕ h(x)
Step 4. Card SCi stores Ai new, Bi new, h(*), Ekpub (IDi).

5. Security Analysis of Our Scheme

5.1. Free from an Insider Attack

In our scheme, CS does not store passwords, other parameters, and verifiable tables. Therefore, the insider does not have any additional information to find or guess the same password. Hence, our scheme is wholly protected from insider attacks.

5.2. Resists Online Password Guessing Attack

Suppose an adversary gets the smart card and can not make multiple login attempts as the number of attempts is limited to a total of three. However, if they try to log in repeatedly, the smart card will be blocked, and reactivation will be required. Hence, the proposed scheme is safe against an online password guessing attack.

5.3. Resists Offline Password Guessing Attack

It is assumed that if an adversary steals the user’s card, the adversary can compute a few parameters as SCi stores Ai, Bi, hash function h(*), Ekpub (IDi). The adversary may get either a password or an ID but not in polynomial time. Hence, an offline attack is not possible in our approach.

5.4. Resists User Impersonation

The card, authentication server, and central server should authenticate the adversary for claiming as a legal user. As per the login step, we have:
To authenticate the card, an adversary enters IDi, and Pi, and the smart card finds the value of Ai′ as per the below-mentioned equation and compares it with stored Ai. If both values are equal, the adversary may be treated as a genuine user.
It is computed as: Ai′ = h(IDi || h(Pi)).
As mentioned in Section 4.2, either ID or password may be found in polynomial time, but Ai′ depends on both parameters. Therefore, the adversary can not be interpreted as a legal use. Furthermore, there is no need to check the authenticity of the authentication server and central server.

5.5. Resists Server Masquerading Attack

The adversary should be able to compute the following steps as impersonate a legal authentication server or central server:
Step 1. Si verifies the digital signature of the Central Server, digsig(CS), and valid timestamp from T4. If both are correct, then Fi is forwarded to (SCi). We know that nobody can make the digital signature of others. Therefore, the adversary cannot be interpreted as a central server.
Step 2. Additionally, SCi computes the Ai* = h (Ai || IDi || T4) and checks timestamp T4. Here, the adversary can not compute Ai* as it depends on IDi, and Pi. Both are known to the adversary.
Hence, the proposed system provides a safeguard against masquerading server attacks.

5.6. Resists Replay Attack

In our approach, we have login request: Ci = {Ekpub (IDi), h(IDi || T1), Bi*, Bi, T1}. Suppose an adversary changes the value of T1 to get a new timestamp, but the adversary may not compute the new value of h(IDi || T1) as IDi is known. Therefore, no new timestamp can not be created. Hence, our scheme provides complete protection against replay attacks.

5.7. Resists Stolen Verifier Attack

Sj maintains no record in our scheme as a verifiable table is not created. Upon receiving a login request at Sj, the Sj uses the secret key, x, to find out the secret number, Ni1, received from the card. Therefore, our scheme resists the stolen verifier attack.

6. Performance and Efficiency Comparison

We compare our approach with recent techniques, as in Table 3 and Table 4. Table 3 has a comparison of our work based on security parameters, while Table 4 has a comparison based on computation speed.
As per Table 3, our approach maintains user anonymity and mutual authentication and is free from various attacks, including insider guessing attacks, offline password guessing attacks, user impersonation attacks, replay attacks, and server impersonation attacks. While scheme [1] suffered from replay, insider, and user impersonation attacks, Ref. [18] sustained user impersonation attacks, and Ref. [19] did not maintain user anonymity and suffered from user impersonation and offline password guessing attacks. However, Ref. [20] does not suffer from any attack, but takes more computation time.
Table 4 shows that our proposed algorithm takes 12T′ + 2T″ + 2T″ computation efforts with 0.0882 ms, while the algorithm mentioned in [1] takes 25T′ computation efforts with 0.1292 ms time, Ref. [18] takes 36 T′ Computation efforts with 0.1853 ms, Ref. [19] takes 23 T′ computation time with 0.1188 ms time, and [20] takes 40T′ computation efforts with 0.2069 ms time. Therefore, we can claim that our proposed algorithm takes less time. However, we did not consider our operation and concentration operations, as these two operations take minimal time.
Figure 4 explains the computational cost of [1,18,19,20] and our proposed scheme. The figure shows that our scheme takes a total of 0.0882 ms while others take 0.1292, 0.1853, 0.1188, and 0.2069 ms. On the client side, the computational cost of our scheme is 0.0314, while others take 0.0258, 0.056, 0.0465, and 0.0772 ms. Similarly, on the server side, our scheme runs in 0.0568 ms, while others execute in 0.1034, 0.1293, 0.0723, and 0.1397 ms. The result shows that our scheme is efficient and has less computational time to authenticate to the user.

7. Conclusions

This paper presented an efficient and secure authentication scheme by using a multi-server scheme to access any teleservice. Through the reasoning mentioned in the paper, we claim that our proposed scheme does not suffer from security attacks, including insider attacks, offline password guess attacks, impersonating legal user attacks, server masquerade attacks, and replay attacks. We have also computed that our scheme supports efficient operations for both the operations on the user side and server side. Therefore, the proposed verification protocol supports instant authentication and resists various security attacks.

Author Contributions

S.K. (Sachin Kumar) contributed the main idea of the paper, including the proposed approach. K.A. has contributed to the introduction and related work. A.K.G. completed the result analysis part. Problem statement and weakness of exiting work was carried out by S.K. (Saru Kumari) while writing—review and editing, project administration, funding acquisition done by M.S. All authors have read and agreed to the published version of the manuscript.

Funding

This work was supported by Dongseo University, “Dongseo Cluster Project” Research Fund of 2022 (DSU-20220006).

Institutional Review Board Statement

Not Applicable.

Informed Consent Statement

Not Applicable.

Data Availability Statement

Not Applicable.

Conflicts of Interest

The authors declare no conflict of interest.

References

  1. Bae, W.-I.; Kwak, J. Smart card-based secure authentication protocol in multi-server IoT environment. Multimed. Tools Appl. 2017, 79, 15793–15811. [Google Scholar] [CrossRef]
  2. Odelu, V.; Das, A.K.; Goswami, A. A Secure Biometrics-Based Multi-Server Authentication Protocol Using Smart Cards. IEEE Trans. Inf. Forensics Secur. 2015, 10, 1953–1966. [Google Scholar] [CrossRef]
  3. Kumari, S.; Khan, M.K.; Li, X. An improved remote user authentication scheme with key agreement. Comput. Electr. Eng. 2014, 40, 1997–2012. [Google Scholar] [CrossRef]
  4. Sethi, P.; Sarangi, S.R. Internet of Things: Architectures, Protocols, and Applications. J. Electr. Comput. Eng. 2017, 25, 9324035. [Google Scholar] [CrossRef]
  5. Sood, S.; Sarje, A.K.; Singh, K.D. A secure dynamic identity based authentication protocol for multi-server architecture. J. Netw. Comput. Appl. 2011, 34, 609–618. [Google Scholar] [CrossRef]
  6. Maitra, T.; Islam, S.H.; Amin, R.; Giri, D.; Khan, M.K.; Kumar, N. An enhanced multi-server authentication protocol using password and smart-card: Cryptanalysis and design. Secur. Commun. Netw. 2016, 9, 4615–4638. [Google Scholar] [CrossRef]
  7. El-Emam, E.; Koutb, M.; Kelash, H.M.; Faragallah, O.S. An Authentication Protocol Based on Kerberos 5. I. J. Netw. Secur. 2011, 12, 159–170. [Google Scholar]
  8. GSMA Report Shows 5G Coverage is Set to Accelerate Across Asia Pacific—But the Usage Gap Remains Significant. Available online: https://www.gsma.com/newsroom/press-release/gsma-report-shows-5g-coverage-is-set-to-accelerate-across-asia-pacific-but-the-usage-gap-remains-significant/ (accessed on 30 July 2022).
  9. Hwang, M.-S.; Chong, S.-K.; Chen, T.-Y. DoS-resistant ID-based password authentication scheme using smart cards. J. Syst. Softw. 2010, 83, 163–172. [Google Scholar] [CrossRef]
  10. Seth, J.K.; Kumar, S.; Chandra, S. Nophish: A Phish Detector in Cloud services. Telecommun. Radio Eng. 2018, 77, 1055–1069. [Google Scholar] [CrossRef]
  11. Chang, C.; Wu, H.; Wang, Z.; Mao, Q. An Efficient Smart Card Based Authentication Scheme Using Image Encryption. J. Inf. Sci. Eng. 2013, 29, 1135–1150. [Google Scholar]
  12. Kumar, S.; Singh, V.; Sharma, V.; Singh, V.P. Advance remote user authentication scheme using smart card. Telecommun. Radio Eng. 2019, 78, 957–971. [Google Scholar] [CrossRef]
  13. Messerges, T.; Dabbish, E.; Sloan, R. Examining smart-card security under the threat of power analysis attacks. IEEE Trans. Comput. 2002, 51, 541–552. [Google Scholar] [CrossRef] [Green Version]
  14. Amin, R.; Islam, S.H.; Karati, A.; Biswas, G.P. Design of an enhanced authentication protocol and its verification using AVISPA. In Proceedings of the 2016 3rd International Conference on Recent Advances in Information Technology (RAIT), Dhanbad, India, 3–5 March 2016; pp. 404–409. [Google Scholar]
  15. Zhao, Y.; Li, S.; Jiang, L. Secure and Efficient User Authentication Scheme Based on Password and Smart Card for Multiserver Environment. Secur. Commun. Netw. 2018, 2018, 9178941. [Google Scholar] [CrossRef]
  16. Chen, C.M.; Chen, L.; Huang, Y.; Kumar, S.; Wu, J.M.T. Lightweight authentication protocol in edge-based smart grid environment. J Wireless Com Netw. 2021, 68. [Google Scholar] [CrossRef]
  17. Wang, H.; Guo, D.; Wen, Q.; Zhang, H. A Robust Authentication Scheme for Multiple Servers Architecture. IEEE Access 2019, 7, 111222–111231. [Google Scholar] [CrossRef]
  18. Wu, F.; Li, X.; Xu, L.; Sangaiah, A.K.; Rodrigues, J.J. Authentication Protocol for Distributed Cloud Computing: An Explanation of the Security Situations for Internet-of-Things-Enabled Devices. IEEE Consum. Electron. Mag. 2018, 7, 38–44. [Google Scholar] [CrossRef]
  19. Amin, N.R.; Kumar, G.; Biswas, R.; Iqbal; Chang, V. A light weight authentication protocol for IoT-enabled devices in distributed cloud com puting environment. Future Gener Comput. Syst. 2018, 78, 1005–1019. [Google Scholar] [CrossRef]
  20. Wu, T.-Y.; Lee, Z.; Obaidat, M.S.; Kumari, S.; Kumar, S.; Chen, C.-M. An Authenticated Key Exchange Protocol for Multi-Server Architecture in 5G Networks. IEEE Access 2020, 8, 28096–28108. [Google Scholar] [CrossRef]
  21. Thorwat, P.D.; Shetty, S.A. Implementation of Multilevel Authentication Scheme for Multicloud Environment. Int. J. Comput. Appl. 2014, 975, 8887. [Google Scholar]
  22. Martínez-Peláez, R.; Toral-Cruz, H.; Parra-Michel, J.R.; García, V.; Mena, L.J.; Felix, V.G.; Ochoa-Brust, A.M. An Enhanced Lightweight IoT-based Authentication Scheme in Cloud Computing Circumstances. Sensors 2019, 19, 2098. [Google Scholar] [CrossRef]
  23. Renuka, K.; Kumar, S.; Kumari, S.; Chen, C.-M. Cryptanalysis and Improvement of a Privacy-Preserving Three-Factor Authentication Protocol for Wireless Sensor Networks. Sensors 2019, 19, 4625. [Google Scholar] [CrossRef] [PubMed]
  24. Kumar, A.; Om, H. An improved and secure multi-server authentication scheme based on biometrics and smartcard. Digit. Commun. Netw. 2017, 4, 27–38. [Google Scholar] [CrossRef]
  25. Li, J.; Peng, Z.; Gao, S.; Xiao, B.; Chan, H. Smartphone-assisted energy efficient data communication for wearable devices. Comput. Commun. 2017, 105, 33–43. [Google Scholar] [CrossRef]
  26. Li, J.; Peng, Z.; Xiao, B. Smartphone-assisted smooth live video broadcast on wearable cameras. In Proceedings of the 2016 IEEE/ACM 24th International Symposium on Quality of Service (IWQoS), Beijing, China, 20–21 June 2016; pp. 1–6. [Google Scholar] [CrossRef]
  27. Yao, Y.; Peng, Z.; Xiao, B.; Guan, J. An efficient learning-based approach to multi-objective route planning in a smart city. In Proceedings of the 2017 IEEE International Conference on Communications (ICC), Paris, France, 21–25 May 2017; pp. 1–6. [Google Scholar] [CrossRef]
  28. Kumar, S.; Baliyan, A.; Tiwari, A.; Tripathi, A.K.; Jaiswal, B. Intelligent traffic controller. Int. J. Inf. Technol. 2019, 14, 2141–2153. [Google Scholar] [CrossRef]
  29. Xujing, Z.-T.; Guo, F. An improved smart card based password authentication scheme with provable security. Comput. Stand. Interfaces 2009, 31, 723–728. [Google Scholar]
  30. Kocher, P.C.; Jaffe, J.; Jun, B. Differential Power Analysis. In Annual International Cryptology Conference; Springer: Berlin/Heidelberg, Germany, 1999. [Google Scholar]
Figure 1. Registration Phase.
Figure 1. Registration Phase.
Electronics 11 02839 g001
Figure 2. Login and Authentication Phase.
Figure 2. Login and Authentication Phase.
Electronics 11 02839 g002
Figure 3. Password Change Phase.
Figure 3. Password Change Phase.
Electronics 11 02839 g003
Figure 4. Computational Cost.
Figure 4. Computational Cost.
Electronics 11 02839 g004
Table 1. Various notation used in [1].
Table 1. Various notation used in [1].
NotationDescription
UiThe ith User
SjThe jth server
CSThe Central server for authentication
IdiThe identity of the user i
PiThe used password
UIDiThe anonymous identity of the user i
SIDjThe identity of SIDj
XThe central server’s master key
TSThe used timestamp
Ni1The random number used by the smart card
Ni2The random number used by the server Sj
Ni3The random number used by the Center server
SKSession key among all the parties
h(*)Used hash function, the one-way collision-free hash function
Exclusive or gate operation
||The concatenation operation used to concatenate two strings
Table 2. Notation used in the authentication protocol.
Table 2. Notation used in the authentication protocol.
NotationDescription
UiThe ith User
SjThe jth server
CSThe Central server for authentication
IdiThe identity of the user i
PiThe used password
UIDiThe anonymous identity of the user i
SIDjThe identity of SIDj
XThe central server’s master key
TSThe used timestamp
Ni1The random number used by the smart card
SKSession key among all the parties
h(*)Used hash function, the one-way collision-free hash function
Exclusive or gate operation
||The concatenation operation used to concatenate two strings
digsig(CS)Digital Signature of Central Server
Table 3. Comparisons of our scheme with others based on various security parameters.
Table 3. Comparisons of our scheme with others based on various security parameters.
Schemes→
↓Security Characteristics
[1][18][19][20]Our Proposed Scheme
User AnonymityYesYesNoYesYes
Mutual Authentication YesYesYesYesYes
User impersonation attackYesYesYesNoNo
Offline Password Guessing AttackNoNoYesNoNo
Replay attackYesNoNoNoNo
Server impersonation attackNoNoNoNoNo
Insider AttackYesNoNoNoNo
Table 4. Comparisons of performance analysis based on computation time with other state-of-art works (T′: Computation time to compute the one hash function, T′: Time in encryption and decryption algorithms, T‴ Time in digital signature.
Table 4. Comparisons of performance analysis based on computation time with other state-of-art works (T′: Computation time to compute the one hash function, T′: Time in encryption and decryption algorithms, T‴ Time in digital signature.
Computation Cost[1][18][19][20]Our Proposed Scheme
Operations on the User side5T′/0.025811T′/0.0569T′/0.0465T′/0.06724T′ + 1T″/0.0314
Operation on the Server side20T′/0.103425T′/0.129314T′/0.072327T′/0.13978T′ + 1T″ + 2T‴/0.0568
Total25T′/0.129236T′/0.185323T′/0.118840T′/0.206912T′ + 2T″ + 2T″/0.0882
Publisher’s Note: MDPI stays neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Share and Cite

MDPI and ACS Style

Kumar, S.; Agarwal, K.; Gupta, A.K.; Kumari, S.; Sain, M. A Secure Authentication Scheme for Teleservices Using Multi-Server Architecture. Electronics 2022, 11, 2839. https://doi.org/10.3390/electronics11182839

AMA Style

Kumar S, Agarwal K, Gupta AK, Kumari S, Sain M. A Secure Authentication Scheme for Teleservices Using Multi-Server Architecture. Electronics. 2022; 11(18):2839. https://doi.org/10.3390/electronics11182839

Chicago/Turabian Style

Kumar, Sachin, Kadambri Agarwal, Amit Kumar Gupta, Saru Kumari, and Mangal Sain. 2022. "A Secure Authentication Scheme for Teleservices Using Multi-Server Architecture" Electronics 11, no. 18: 2839. https://doi.org/10.3390/electronics11182839

APA Style

Kumar, S., Agarwal, K., Gupta, A. K., Kumari, S., & Sain, M. (2022). A Secure Authentication Scheme for Teleservices Using Multi-Server Architecture. Electronics, 11(18), 2839. https://doi.org/10.3390/electronics11182839

Note that from the first issue of 2016, this journal uses article numbers instead of page numbers. See further details here.

Article Metrics

Back to TopTop