Browse > Article
http://dx.doi.org/10.7840/kics.2013.38B.3.190

A Brokered Authentication Scheme Based on Smart-Card for Multi-Server Authentication  

Kim, Myungsun (수원대학교 IT대학 정보보호학과)
Publication Information
The Journal of Korean Institute of Communications and Information Sciences / v.38B, no.3, 2013 , pp. 190-198 More about this Journal
Abstract
Since the facilities for the remote users tend to be deployed in distributed manner, authentication schemes for multi-server communication settings, which provide various web services, are required for real-world applications. A typical way to authenticate a remote user relies on password authentication mostly. However, this method is vulnerable to attacks and inconvenient as the system requires users to maintain different identities and corresponding passwords. On the other hand, the user can make use of a single password for all servers, but she may be exposed to variants of malicious attacks. In this paper, we propose an efficient and secure authentication scheme based on a brokered authentication along with smart-cards in multi-server environment. Further we show that our scheme is secure against possible attacks and analyze its performance with respect to communication and computational cost.
Keywords
Brokered Authentication; Multi-server Authentication; Security Token; Smart-card;
Citations & Related Records
Times Cited By KSCI : 2  (Citation Analysis)
연도 인용수 순위
1 ANSI, Public-key Cryptography for the Financial Services Industry: Elliptic Curve Key Agreement and Key Transport Schemes, ANSI X.963, 1998.
2 R. Avanzi, C. Doche, T. Lange, K. Nguyen and F. Vercauteren, Handbook of Elliptic and Hiperelliptic Curve Cryptography, Chapman & Hall/CRC Press, 2006.
3 I. Blake, G. Seroussi and N. Smart, Elliptic Curve in Cryptography, Cambridge Press, 1999.
4 C. Chang and J. Lee, "An efficient and secure multi-server password authentication scheme using smart cards,"in Proc. 2004 Int. Conf. Cyberworlds (CW'04), pp. 417-422, Tokyo, Japan, Nov. 2004.
5 K. Chatterjee, A. De, and D. Gupta, "Timestamp based authentication protocol for smart card using ECC," in Proc. Web Inform. Syst. Mining (WISM), pp. 368-375, Taiyuan, China, Sep. 2011.
6 Y. Chen, C. Huang and J. Chou. (2009, Apr 21). A novel multi-server authentication protocol [Online], retrieved (2013, January 11), available: http://eprint.iacr.org/2009/176.
7 J. H. Cheon, H. Kim, S. G. Hahn, and C. Park, "On the discrete logarithm of an elliptic curve," Korean Inst. Inform. Security (KIISC), vol. 8, no. 3, pp. 95-104, Sep. 1998.   과학기술학회마을
8 S. M. Cho, S. C. Seo, T. H. Kim, Y. H. Park, and S. Hong, "New efficient scalar multiplication algorithms based on Montgomery ladder method for elliptic curve cryptosystems," Korean Inst. Inform. Security (KIISC), vol. 19, no. 4, pp. 3-19, Aug. 2009.   과학기술학회마을
9 W. Diffie and M. Hellman, "New directions in cryptography," IEEE Tran. Inform. Theory, vol. 22, no. 6, pp. 644-654, Nov. 1976.   DOI
10 IEEE, Standard specifications for public-key cryptography, IEEE P1363, 1999.
11 W. Juang, "Efficient multi-server password authenticated key agreement using smart cards," IEEE Trans. Comsum. Electron., vol. 50, no. 1, pp. 252-255, Feb. 2004.
12 Y. H. Kim, Y. H. Park, S. Lee, J. Y. Hwang, C. H. Kim, and J. Lim, "An improved method of scalar multiplication on elliptic curve cryptosystems over small fields of odd characteristic," Korean Inst. Inform. Security (KIISC), vol. 12, no. 6, pp. 105-113, Dec. 2002.   과학기술학회마을
13 N. Koblitz, "Elliptic curve cryptosystems," Math. Comp., vol. 48, no. 177, pp. 203-209, Jan. 1987.   DOI   ScienceOn
14 KISA (2009, Apr 21), Development of improved Korean digital signature algorithm and standard [Online], retrieved (2012, November 21), available: http://www.kisa.or.kr/.
15 V. Miller, "Use of elliptic curves in cryptography," in Proc. Advances Cryptology (CRYPTO 2005), pp. 417-426, L.A., U.S.A., Aug. 1985.
16 Y. Lao and S. Wang, "A secure dynamic ID based remote user authentication scheme for multi-server environment," Computer Standards and Interfaces, vol. 13, no. 1, pp. 24-29, Jan. 2009.
17 I. Lin, M. Hwang and L. Li, "A new remote user authentication scheme for multi-server architecture," Future Generation Computer Systems, vol. 19, no. 1, pp. 13-22, Jan. 2003.   DOI   ScienceOn
18 Microsoft Corporation (2005), Web service security: scenarios, patterns and implementation guidance for web service enhancement (WSE) [Online], retrieved (2012, Oct. 12), available: http://msdn.microsoft.com/en-us.
19 NIST, Secure hash standard, NIST FIPS 180-4, 2012.
20 A. Pathan and C. Hong, "An improved timestamp-based password authentication scheme," The 9th Int. Conf. Advanced Commun. Technol. (ICACT 2007), pp. 804-809, Gangwon, Korea, Feb. 2007.
21 R. Rivest, A. Shamir and L. Adleman, "A method for obtaining digital signatures and public-key cryptosystems," Comm. ACM, vol. 21, no. 2, pp. 120-126, Feb. 1978.   DOI   ScienceOn
22 J. Tsai, "Efficient multi-server authentication scheme based on one-way hash function without verification table," Comput. Security, vol. 27, no 3-4. pp. 115-121, June 2008.   DOI   ScienceOn
23 B. Wang and M. Ma, "A smart card based efficient and secured multi-server authentication scheme," Wireless Pes. Commun., vol. 63, no. 3, pp. 361-378, Jan. 2013.
24 X. Wang, J. Zhang, W. Zhang, and M. Khan, "Cryptanalysis and improvement on two efficient remote user authentication schemes using smart cards," Computer Standards and Interfaces, vol. 29, no. 52, pp. 507-512, July 2007.   DOI   ScienceOn