Research On Smart Card Based Remote Authentication Scheme For Multi-server Architecture

Recently, with the rapid development of electronic technique and information network,network architectures used in multi-server environment have been applied universally in thepractical application. The smart card based remote authentication scheme for multi-serverarchitecture is an important mechanism for safeguarding the security of information network,which has become an important and hot research topic.In this paper, we research on three types of smart card based remote authenticationschemes for multi-server architecture and state several security vulnerabilities briefly. In orderto eliminate these flaws, a range of new schemes with high level security, efficiency andpracticality utilizing hash function, random number, public key cryptosystem, etc. areproposed. The security analysis under exist network attack models is also provided in this papersystematically.(1) We research Li et al.’s dynamic ID-based multi-server authentication scheme and showthat their scheme is vulnerable to impersonation attack, server spoofing attack. The major issueis the identical key is utilized for all users, which result in the mentioned securitysusceptibilities. Further, we proposed a new dynamic ID based multi-server authenticationscheme, which does not only resolve the above weaknesses, but also improve the efficiency.(2) We analyze Li et al.’s dynamic ID-based multi-server authentication scheme. In theirscheme, the registration center administrates all the registered users and servers and does notparticipate in the concrete mutual authentication process. In spite of this measure can improvethe effectiveness of the protocol, it also has an intrinsic vulnerability, the authorized butmalicious server can utilize the shared secret value assigned by registration center to spoofothers. If the malicious server could get the secret information stored in the smart card someway,it also can impersonate legal users to login the servers. In the proposed scheme, we introducethe elliptic curve cryptosystem in order to improve the security and increase the efficiency.Moreover, registration center authorize each server a unique secret key to handle the serverspoofing attack. Besides, Diffie-Hellman key exchange method is also employed in our schemefor achieving forward secrecy.(3) We cryptanalyze Pippal et al.’s remote user multi-server authentication protocol, in which, the trusted third party isn’t involved in the concrete mutual authentication process yet.While each registered server is assigned a unique secret key to settle the server spoofing attack.However, their scheme cannot resist against impersonation attack and off-line passwordguessing attack. Therefore, we present a modified scheme to overcome the identified securitypitfalls. In the modification, the verification information and secret values are hidden in thesmart card with the features of hash function. Furthermore, the security analysis demonstratedthat the proposed scheme achieved the authentication goals through the BAN-logic.(4) We research a range of the biometrics based remote authentication scheme formulti-server environment and point out that several security pitfalls in these schemes. Besides,the security analysis demonstrated that the malicious servers can launch server spoofing attackwith the granted secret keys and the adversary can launch the impersonation attack with theleaked data stored in the smart cards.