JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE) ›› 2019, Vol. 54 ›› Issue (5): 44-51.doi: 10.6040/j.issn.1671-9352.2.2018.207

•   • Previous Articles     Next Articles

An anonymous and provably remote user authentication protocol using extended chaotic maps for multi-server system

Juan QU1(),Yu-ming FENG2,Yan-ping LI3,Li LI1   

  1. 1. School of Mathematics and Statistics, Chongqing Three Gorges University, Chongqing, 404100, China
    2. Key Laboratory of Intelligent Information Processing and Control of Chongqing Municipal Institutions of Higher Education, Chongqing Three Gorges University, Chongqing, 404100, China
    3. College of Mathematics and Information Science, Shaanxi Normal University, Xi'an 710062, Shannxi, China
  • Received:2018-09-20 Online:2019-05-20 Published:2019-05-09
  • Supported by:
    国家自然科学基金资助项目(61402275);重庆市教委科学技术研究基金资助项目(KJ1501019);重庆三峡学院项目(14QN29)

Abstract:

The existing remote user authentication schemes for multi-server environment are not resilient to defend against various security attacks and does not provide user anonymity. Therefore, a remote user authentication scheme for multi-server environment based on biometric and chaotic maps is proposed to realize authentication between the user and multi-server. The user and multi-server can authenticate each other and share a session key for subsequent secure communication. The proposed scheme is proved to be secure using the BAN logic. Additionally, analysis results show that the proposed protocol can resist masquerade attack, offline password guessing attack, stolen smart card attack, etc. Finally, comparing the scheme with other relevant schemes and the comparative results show that our scheme is efficient in terms of computation cost, communication cost, it can be more suitable for practical application.

Key words: multi-server system, chaotic maps, user authentication, key agreement, biometric

CLC Number: 

  • TP309

Table 1

Notations and its description"

符号含义
Ui用户Ui
Sj服务器Sj
IDi用户Ui的身份
PWi用户Ui的口令
BIOi用户Ui的生物特征
h(·)单向哈希函数
异或运算
串联运算
Ti用户Ui当前时刻时间戳
Tj远程服务器Sj的当前时刻时间戳
p大素数
Tn(x)切比雪夫多项式x∈(-∞, +∞)
SKij用户Ui和服务器Sj共同协商的会话密钥
A攻击者
s注册中心RC的密钥
RC注册中心

Table 2

The notations and implications of BAN logic"

符号含义
P |≡XP相信X或相信X是真的
P?XP看见了X
PXPX有裁判权, P有权给出X
P|~XP说过X
$A \stackrel{K}{\leftrightarrow} B$KAB的共享密钥
#(X)X是新鲜的
(X, Y)K用哈希函数作用密钥K和(X, Y)得到的数据
X, YK表示公式X和公式Y相结合

Table 3

Computation cost comparison"

方案[10]文献[12]文献[14]本文提出的方案
总的时间计算复杂度18Th+3TRe+3TRd=61.2 ms18Th+TRe+TRd=26.4 ms14Th+4Tpm=259 ms12Th+4Tc=90 ms

Table 4

Security and functionality comparison"

安全属性协议[10]协议[12]协议[14]本文提出的协议
相互认证
密钥协商
抵抗口令猜测攻击
抵抗用户冒充攻击
抵抗服务器冒充攻击
匿名性
抵抗智能卡丢失攻击
前向安全性
抵抗重放攻击
1 LAMPORT L . Password authentication with insecure communication[J]. Communications of the ACM, 1981, 24 (11): 770- 772.
doi: 10.1145/358790.358797
2 FAN C I , CHAN Y C , ZHANG Z K . Robust remote authentication scheme with smart cards[J]. Computers & Security, 2005, 24 (8): 619- 628.
3 DAS A K . A secure user anonymity-preserving three-factor remote user authentication scheme for the telecare medicine information systems[J]. Journal of Medicine System, 2015, 39 (3): 1- 20.
4 HE D B , ZEADALLY S , KUMAR N , et al. Efficient and anonymous mobile user authentication protocol using self-certified public key cryptography for multi-server architectures[J]. IEEE Transactions on Information Forensics & Security, 2016, 11 (9): 2052- 2064.
5 JIANG Q , CHEN Z R , LI B Y , et al. Security analysis and improvement of bio-hashing based three-factor authentication scheme for telecare medical information systems[J]. Journal of Ambient Intelligence and Humanized Computing, 2018, 9 (4): 1061- 1073.
doi: 10.1007/s12652-017-0516-2
6 LI X , XIONG Y P , MA J , et al. An efficient and security dynamic identity based authentication protocol for multi-server architecture using smart cards[J]. Journal of Network and Computer Applications, 2012, 35 (2): 763- 769.
doi: 10.1016/j.jnca.2011.11.009
7 李艳平, 刘小雪, 屈娟, 等. 基于智能卡的多服务器远程匿名认证密钥协商协议[J]. 四川大学学报(工程科学版), 2016, 48 (1): 91- 98.
LI Yanping , LIU Xiaoxue , QU Juan , et al. Multi-server anonymous remote authenticated key agreement protocol based on smart card[J]. Journal of Sichuan University(Engineering Science Edition), 2016, 48 (1): 91- 98.
8 XUE K P , HONG P L , MA C S . A lightweight dynamic pseudonym identity based authentication and key agreement protocol without verification tables for multi-server architecture[J]. Journal of Computer and System Sciences, 2014, 80 (1): 195- 206.
doi: 10.1016/j.jcss.2013.07.004
9 GUPTA P C , DHAR J . Hash based multi-server key exchange protocol using smart card[J]. Wireless Personal Communications, 2016, 87 (1): 225- 244.
doi: 10.1007/s11277-015-3040-8
10 LU Y R , LI L X , PENG H P , et al. A biometrics and smart cards-based authentication scheme for multi-server environments[J]. Security and Communication Networks, 2015, 8 (17): 3219- 3228.
doi: 10.1002/sec.v8.17
11 CHANDRAKAR P , OM H . A secure and robust anonymous three-factor remote user authentication scheme for multi-server environment using ECC[J]. Computer Communications, 2017, 110: 26- 34.
doi: 10.1016/j.comcom.2017.05.009
12 GUO H , WANG P , ZHANG X Y , et al. A robust anonymous biometirc-based authenticated key agreement scheme for multi-server environments[J]. PLoS one, 2017, 12 (11): 1- 19.
13 YANG L , Zhang Z M . Cryptanalysis and improvement of a biometric-based authentication and key agreement scheme for multi-server environments[J]. PLoS one, 2017, 13 (3): 1- 27.
14 LU Y R , LI L X , PENG H P , et al. An enhanced biometric-based authentication scheme for telecare medicine information systems using elliptic curve cryptosystem[J]. Journal of Medical Systems, 2015, 39 (3): 32.
doi: 10.1007/s10916-015-0221-7
15 YEH K H . A provably secure multi-server based authentication scheme[J]. Wireless Personal Communications, 2014, 79 (3): 1621- 1634.
doi: 10.1007/s11277-014-1948-z
16 PIPPAL R S , JAIDHAR C D , TAPASWI S . Robust smart card authentication scheme for multi-server architecture[J]. Wireless Personal Communications, 2013, 72 (1): 729- 745.
doi: 10.1007/s11277-013-1039-6
17 MISHRA D . Design and analysis of a provably secure multi-server authentication scheme[J]. Wireless Personal Communications, 2016, 86 (3): 1095- 1119.
doi: 10.1007/s11277-015-2975-0
18 汪定, 李文婷, 王平, 等. 对三个多服务器环境下匿名认证协议的分析[J]. 软件学报, 2018, 29 (7): 1937- 1952.
WANG Ding , LI Wenting , WANG Ping , et al. Crytanalysis of three anonymous authentication schemes for multi-server environment[J]. Journal of Software, 2018, 29 (7): 1937- 1952.
19 REDDY A G , YOON E J , DAS A K , et al. Design of mutually authenticated key agreement protocol resistant to impersonation attacks for multi-server environment[J]. IEEE Access, 2017, 5: 3622- 3639.
doi: 10.1109/ACCESS.2017.2666258
20 万涛, 刘遵雄, 马建峰, 等. 多服务器架构下认证与密钥协商协议[J]. 计算机研究与发展, 2016, 53 (11): 2446- 2453.
doi: 10.7544/issn1000-1239.2016.20150107
WAN Tao , LIU Zunxiong , MA Jianfeng , et al. Authentication and key agreement protocol for multi-server architecture[J]. Journal of Computer Research and Development, 2016, 53 (11): 2446- 2453.
doi: 10.7544/issn1000-1239.2016.20150107
21 AMIN R . Cryptanalysis and efficient dynamic ID based remote user authentication scheme in multi-server environment using smart card[J]. International Journal of Network Security, 2016, 18 (1): 172- 181.
22 DODIS Y , OSTROVSKY R , REYZIN L , et al. Fuzzy extractors:how to generate strong keys from biometrics and other noisy data[J]. SIAM Journal on Computing, 2008, 38 (1): 97- 139.
doi: 10.1137/060651380
23 RIVLIN T J . The chebyshev polynomials[M]. New York: Wiley, 1974.
24 ZHANG L H . Cryptanalysis of the public key encryption based on multiple chaotic systems[J]. Chaos, Solitons & Fractals, 2008, 37 (3): 669- 674.
25 BURROWS M , ABADI M , NEEDHAM R M . A logic of authentication[J]. Proceedings of the Royal Society A:Mathematical, Physical and Engineering Sciences, 1989, 426 (1871): 233- 271.
doi: 10.1098/rspa.1989.0125
26 SUTRALA A K , DAS A K , ODELU V , et al. Secure anonymity-preserving password-based user authentication and session key agreement scheme for telecare medicine information systems[J]. Computer Methods and Programs in Biomedicine, 2016, 135: 167- 185.
doi: 10.1016/j.cmpb.2016.07.028
[1] YAO Ke, ZHU Bin-rui, QIN Jing. Verifiable public key searchable encryption protocol based on biometrics [J]. JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE), 2017, 52(11): 11-22.
[2] QU Juan, LI Yan-ping. A secure dynamic identity-based remote user authentication scheme [J]. JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE), 2017, 52(1): 37-42.
[3] ZHU Bin-rui, QIN Jing, HAN Fei. Searchable encryption scheme based on biometrics [J]. JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE), 2016, 51(5): 78-86.
[4] NI Liang1,2,3, CHEN Gong-liang3, LI Jian-hua3. Security analysis of the eCK model [J]. J4, 2013, 48(7): 46-50.
[5] ZHENG Shi-hui,WANG Shao-hui and ZHANG Guo-yan . A dynamic secure and efficient group key agreement protocol [J]. J4, 2006, 41(2): 89-93 .
Viewed
Full text


Abstract

Cited

  Shared   
  Discussed   
[1] HE Hai-lun, CHEN Xiu-lan* . Circular dichroism detection of the effects of denaturants and buffers on the conformation of cold-adapted protease MCP-01 and  mesophilic protease BP01[J]. JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE), 2013, 48(1): 23 -29 .
[2] ZHAO Jun1, ZHAO Jing2, FAN Ting-jun1*, YUAN Wen-peng1,3, ZHANG Zheng1, CONG Ri-shan1. Purification and anti-tumor activity examination of water-soluble asterosaponin from Asterias rollestoni Bell[J]. J4, 2013, 48(1): 30 -35 .
[3] SUN Xiao-ting1, JIN Lan2*. Application of DOSY in oligosaccharide mixture analysis[J]. J4, 2013, 48(1): 43 -45 .
[4] LUO Si-te, LU Li-qian, CUI Ruo-fei, ZHOU Wei-wei, LI Zeng-yong*. Monte-Carlo simulation of photons transmission at alcohol wavelength in  skin tissue and design of fiber optic probe[J]. J4, 2013, 48(1): 46 -50 .
[5] YANG Lun, XU Zheng-gang, WANG Hui*, CHEN Qi-mei, CHEN Wei, HU Yan-xia, SHI Yuan, ZHU Hong-lei, ZENG Yong-qing*. Silence of PID1 gene expression using RNA interference in C2C12 cell line[J]. J4, 2013, 48(1): 36 -42 .
[6] MAO Ai-qin1,2, YANG Ming-jun2, 3, YU Hai-yun2, ZHANG Pin1, PAN Ren-ming1*. Study on thermal decomposition mechanism of  pentafluoroethane fire extinguishing agent[J]. J4, 2013, 48(1): 51 -55 .
[7] SUN Liang-ji,JI Guo-xing . Jordan(α,β)-derivations and generalized Jordan(α,β)-derivations on upper triangular matrix algebras[J]. J4, 2007, 42(10): 100 -105 .
[8] WANG Yi ,LIU Ai-lian . Cobweb models on time scales[J]. J4, 2007, 42(7): 41 -44 .
[9] YUAN Hun-ping . Schur factorization and normal matrices factorization of row (column) symmetric matrices[J]. J4, 2007, 42(10): 123 -126 .
[10] QU Xiao-ying ,ZHAO Jing . Solution of the Klein-Gordon equation for the time-dependent potential[J]. J4, 2007, 42(7): 22 -26 .