Remote Three-Factor Authentication Protocol with Strong Robustness for Multi-Server Environment

Min Zhang, Jiashu Zhang, Wenrong Tan

1 Sichuan Province Key Lab of Signal and Information Processing, Southwest JiaoTong University, Sichuan, 610031, China.

2 School of Foreign Languages, Southwest Minzu University, Sichuan, 610041, China.

3 School of Computer Science and Technology Southwest Minzu University, Sichuan, 610041 China

I. INTRODUCTION

In the single-server authentication environment, each user needs to register for every single server. Thus, one user must remember various passwords for different application servers. This case may bring a lot of inconvenience and new security threats. To solve these problems, many scholars began to pay attention to authentication schemes for multi-servers environment [1]-[8]. Most of these schemes are based on username/password or smart card along with various cryptographic algorithms, such as Elliptic Curve Cryptography or Bilinear Pairings [5-6], Chebyshev chaotic map [7-8]. However, compared with password and smart card, biometric keys have many advantages shown as follows [9]: 1) Biometric keys cannot be lost or forgotten; 2) Biometric keys are not easily to be shared or copied; 3)Biometric keys are difficult to be fabricated or distributed; 4) Biometric keys are difficult to be guessed. Due to the above advantages,the biometrics-based authentication scheme is more reliable than traditional password-based authentication scheme. However, if we only use biometrics for remote authentication, there will be some security risks as shown in literature [10].

The secure biometric-based remote three-factor authentication with Chebyshev chaotic map and secure sketch scheme is proposed.

In order to solve the problems in the authentication phase only based on biometrics,a lot of three-factor authentication schemes based on biometric, smart card and password have been proposed [11]-[21]. Lee et al. [11]proposed a three-factor authentication scheme based on fingerprint and smart card. However,Lin et al. [12] and Chang et al. [13] pointed out that Lee et al.’s scheme cannot resist the conspiring attack and masquerade attack. In order to overcome these problems, Kim et al.’s [14] proposed a new scheme. Scott [15]found that Kim’s scheme has some secure problems. In 2010, Li and Hwang [16] proposed a three-factor authentication scheme.However, Li et al.[17] pointed out that Li-Hwang’s scheme cannot resist man-in-themiddle and denial-of-service attacks. In 2013,Yoon and Yoo [18] proposed a new three-factor authentication scheme using elliptical curve cryptosystem (ECC). However, he [19]pointed out Yoon-Yoo’s scheme cannot resist privileged insider attack and impersonation attack. In 2014, He-Wang proposed a new three-factor authentication scheme based on ECC and smart cards [20]. However, Odelu et al. [21] pointed out that He-Wang’s scheme is vulnerable to known session-specific temporary information attack and impersonation attack in 2015. After analysis, we can see that Odelu et al.’s scheme has a lot of disadvantages such as: 1) The scheme may suffer Denial of Service (Dos) attack. 2) The scheme may suffer insider attack; 3) This scheme doesn’t have strong robustness. In order to solve these problems, a new three-factor authentication based on secure sketch and chebyshev chaotic map has been proposed in this paper.

1.1 Our contributions

Besides the contributions in Odelu-Das-Goswami’s scheme, other contributions in this paper are outlined as followings: 1) In order to prevent attacker to sponsor repeat registered attack, RC must maintain a data table for every registered user and application server.However, this case may lead to other security problems such as attacker or the administrator of RC can delete user’s information stored in data table and then register to RC by the victim’s identity. In our scheme, we introduce timestamp to perfectly solve this problem. 2)During the login and authentication phase, we can complete the authentication between the user and the application without the participation of the RC. This case can increase greatly the robustness of the whole system. 3) In order to solve the problem of fuzzy character of biometrics, we introduce the secure sketch scheme [22]. From the analysis, we can see that secure sketch scheme consume less computational work than fuzzy extractors scheme.

1.2 The organization of the paper

The remainder of this paper is organized as follows. The details of Odelu-Das-Goswami’s scheme are shown in references [21], we don’t give detailed introduce in this paper. In Sect.2 we show the weaknesses of the Odelu-Das-Goswami’s scheme. And the proposed scheme is presented in Sect.3. Then, we analyze the performance of this proposed scheme and show that the scheme can resist several attacks in Sect. 4. Our conclusion is given in Sect.5.

II. WEAKNESSES OF THE ODELU-DASGOSWAMI’S SCHEME

The details of Odelu-Das-Goswami’s scheme are shown in references [21]. We only show the weaknesses of Odelu-Das-Goswami’s scheme in this paper.

2.1 This scheme may suffer Denial of service (Dos) attack

During the registration phase of Odelu-Das-Goswami’s scheme, different people cannot use the same identity for registration because there is an identity-verifier tableτin RC. RC must check whether the hash valueH(IDi||k)matches with any existing entry inτ. However,this case may lead to (Denial of service) Dos attack if a large number of users using the same identity sponsor registration for RC at the same time.

2.2 This scheme may suffer privilege attack

Apart from external attacks, some true threats come from insider. In the Odelu-Das-Goswami’s scheme, the administrator of registration center (RC) can delete or modify data stored in identity-verifier table τ. For example, if the administrator knows a user identityIDihe/she can delete the datastored in tableτ. The attacker can useIDifor registration again and disguise as the victim whose identity is IDi.

2.3 This scheme is not robust

During the login and authentication phase of Odelu-Das-Goswami’s scheme, the RC must participate in the authentication processes in every login and authentication phase. However, the RC may work improperly because of some unpredictable reasons. This case may lead to the whole system cannot provide services. In order to solve this problem, RC should not participate in the login and authentication phase.

2.4 User cannot freely select his/her identity

There are some design flaws in Odelu-Das-Goswami’s scheme. For example, the user cannot select his/her identity randomly. This case not only lead to some inconveniences for users during the registration phase but also bring difficulties for users during the re-registration phase. According to the Odelu-Das-Goswami’s scheme, if a user wants to re-register for RC using the same identity, he/she must execute a complicated process.

In order to solve these problems in Odelu-Das-Goswami’s scheme, we propose a new thee-factor based multi-server authentication protocol using Chebyshev chaotic map algorithm and secure sketch algorithm. Our scheme consists of the six phases, namely mathematical preliminaries phase, initialization phase, registration phase, login and authentication phase, password change phase,revocation and re-registration phase.

III. THE PROPOSED SCHEME

3.1 Mathematical preliminaries

3.1.1 Chebyshev chaotic map[23]

In order to better understand Chebyshev polynomial and chaotic maps, the definitions are shown as follows.

Definition 1: The Chebyshev polynomial with semigroup feature can be defined on an intervaldefining

Definition 2: [Chaotic map-based discrete logarithm problem] It is a hard problem to get S with the valueand

Definition 3: [Chaotic map-based Diffe-Hellman problem] It is a hard problem to computeusingand x.

3.1.2 Secure Sketch[22]

As shown in figure 1, secure sketch algorithm consists of SS and Rec. During the registration phase, we can get S by inputtingfor SS algorithm. Then, we can recoverby inputting S andfor Rec algorithm in the login phase if the value ofBlogis close to

3.2 The proposed scheme

3.2.1 The Notations Used in the Proposed Scheme

Please find the notations description in Table 1.

3.2.2 Initialization phase

Fig. 1 The secure sketch algorithm

Table I Notations description

Fig. 2 The application server registration phase of our scheme

Table II Users’ information stored in RC

The Register Center (RC) generates a long private key k (e.g. 2048 bits) and selects a seed x for generating Chebyshev Chaotic Map. Then,the register center publishesin public directory. RC must ensure the security of k.

3.2.3 Registration Phase

1)The application server registration phase(As shown in fig. 2)

Step 1.The application serversends its identityand the current registration time to RC for registration via a secure channel;

Step 2.After receivingfromthe RC checks whether the value ofexceeds the maximum range. RC cannot permit different users to select the same identity during the time intervalIf the result holds, the RC gets its private key k and acquires the private key ofby computingThen the RC acquires the public key ofby computingAt last, the RC sends S andtovia secure channel;

Step 3.After receivingfrom the RC,must ensure that the value ofis treated with strictest confidentiality and then publishes his/her identitythe public keyregistration time

2)The user registration phase (As shown in fig.3)

Step 1. Firstly, the user selects his/her identitypasswordand extracts his/her biometricand the current time

Step 2.According to the scheme of secure sketch, we can get the median valueif we inputfor thealgorithm. Smart card computesand sendsto RC for registration;

Step 3.After receivingfrom user, RC checks the whether the value ofexceeds the maximum rangefor the RC cannot permit different users to select the same identity during the time intervalIf the result holds,RC gets the private key k of Sjand computes user’s private keyAt the same time, the RC computesa n d storesthe value ofand a large prime number P in smart card. The information of user stored in RC as shown in table 2.In our scheme, the information stored in table 2 would not be used until application server needs to confirm user’s identity.

Step 4.After receiving smart card from RC, the user writesin smart card. All the information having been stored in smart card contains

3.2.4 Login and authentication phase (as shown in fig.4)

Step 1.Firstly, the user selects his /her identitypasswordand extracts his/her biometricAt the same time, user gets identityand public key,registration timeof the application server which he/she wants to visit.

Step 2.According to the scheme of secure sketch, we can recover the value of user’s biometricin the registration phase by inputtingand

Step 4.After receivingfrom the user, the application server checks the validity of.If the result holds, the application server getswith its private key s andThen,the application servergetsby computingand getsA t la s t,g e tsAt the same time,getsand comparesIf the result holds,we execute step 5.

Step 5.The application servergenerates a random number b and computesandThencomputesandThen, the application server sendsto the user;

Fig. 3 The user registration phase of our scheme

Step 6.After receivingfrom the application server, the user computesusing the random number a. Then, the user computesand.At last, the user comparesIf the result holds, the user computesand sends it to the application server;

Step 7.After receivingfrom user, the application server computesand comparesIf the result holds, the authentication progress is success and the session key between the user and the application server isand

3.2.5 Password change phase

Step 1.Firstly, the user selects his/her identitypasswordand extracts his/her biometric

Step 2.According to the theory of secure sketch algorithm, we can recover the value of user’s biometricin the registration phase by inputtingand

3.2.6 Revocation and re-registration phase

If the user lost his/her smart card, he/she may want to register for RC with the same previous identity. In our scheme, the user can select the same identity to sponsor the registration phase without proving his/her passport or authorized identities. It provides a lot of convenience for users.

IV. ANALYSIS OF THE PROPOSED SCHEME

4.1 Security analysis

4.1.1 Denial of service (Dos) attack

During the registration phase in our scheme,RC needn’t to query database frequently because there is no data table in RC. Even a large number of users using the same identity to sponsor registration, the RC can also deal with it because the power of RC’s computation can overcome the computation work during the time interval

Fig. 4 The login and authentication phase of our scheme

4.1.2 Privileged insider attack

In our scheme, we don’t need a data table in RC. So the administrator of RC cannot modify or delete any data about the user’s registration information. At the same time,a legal user sends his/her identityandto RC for registration instead of sendingandin plaintext. The administrator of RC cannot get any valuable information.

4.1.3 The robustness of the scheme

Compared with the Odelu-Das-Goswami’s scheme, our scheme doesn’t need the RC to participate in the login and authentication phase. This design can greatly improve the robustness of our scheme because improper work has slightest effect on the whole scheme.

4.1.4 Whether the user can select his/her identity freely

In order to overcome repeat registration attack, odelu et. al introduce data table to RC.However, it may bring new threats such as privileged insider attack. In our scheme, we introduce timestamp to solve this problem perfectly. User can select his/her identityrandomly while sending the current timeandto RC for registration. Then, RC firstly checks whether other user has been registered using the same identityduring the time intervalIf the result holds, RC computesas the user’s private key. Different users can select the same identity because the registration time is different.

4.1.5 Smart card lost attack

Through the power analysis attack [24],attacker can extract all the informationfrom smart card. However,due to the value of u is protected in the form ofSo the user cannot get user’s private keywithout the right bio-metric and password. Therefore, our scheme can resist smart card lost attack.

4.1.6 Strong user anonymity

During the login and authentication phase in our scheme, the identityof a legal user is protected in the form ofAn adversary cannot getbecause he/she cannot get the value of

4.1.7 Mutual authentication

During the login and authentication phase in our scheme, only a legal application server can compute the value ofwith its private key S. At the same time, only a legal user can compute the value ofwith its random number a and private key u.

4.1.8 Perfect forward secrecy

Forward attack secrecy defines that an adversary cannot compute the session key between user and application server even if the adversary gets all the secret keys of participants.In the proposed scheme, the session key isHowever,and a are both random numbers which are used only one time. As a result, our scheme can provide the prefect forward secrecy.

4.1.9 Man-in-the-middle attack

In the proposed scheme, an attacker may try to impersonate the user or the application server by intercepting message. However,is protected by hash function whileis protected by a random numberand hash function. From the analysis we can see that the attacker cannot get any valuable information from the transferred information via public channel. So our scheme can resist man-in-themiddle attack.

4.1.10 Impersonation attack

In the proposed scheme, the attacker cannot get user’s private key u without right password and biometrics. At the same time, the attacker cannot get any valuable information from the transferred information via public channel.Therefore, the attacker cannot sponsor impersonation attack.

4.1.11 Whether consider the fuzzy of biometrics

To many existing remote authentication schemes, hash function is a basic method to protect information security. However, the fundamental property of the hash function is that the output is very sensitive to their input even small perturbation. Generally speaking,the hash function cannot be input directly with biometric because of the fuzzy of biometric.In our scheme, we introduce secure sketch to solve these problems.

4.1.12 Whether resist repeat registered attack

In the proposed scheme, the user can select his/her identity randomly. So there is a case that different people may select the same identity. The attacker can get user’s private key by repeat registered attack. In order to solve this problem, some schemes introduce data table in RC. However, this case may bring other new problems such as privilege attack or user cannot re-register with previous identity. Our scheme can overcome this problem by timestamp.

4.1.13 Whether the user select the identity freely

In the proposed scheme, the user can select his/her identity randomly. Even the attacker select the same identity register for RC, he/she cannot get the victim’s private key because the time is different. So the user can select his/her identity freely in the proposed scheme.

All the details about security properties are shown in table 3.

C1: Dos Attack; C2: Privileged Insider Attack; C3: The Fuzzy of Biometrics; C4: Robustness; C5: Repeat Registered Attack; C6:Select The Identity Freely; C7: Smart Card Lost Attack; C8: User Anonymity; C9: Mutual Authentication; C10: Perfect Forward Secrecy; C11: Man-In-The-Middle Attack; C12:Impersonation Attack.

Table III Comparison of security properties

Table IV BAN logic notations

4.2 BAN logic

In this section, we adopt Burrows-Abadi-Needham (BAN) logic [25-26] to prove that the proposed scheme can achieve a session key between user and application server. The BAN logic notations are shown in table 4.

● BAN logical postulates

● Idealized scheme

In order to conveniently describe, we denotesandthe proposed scheme can be idealized as follows.

● Establishment of security goals

● Initiative premises

● Scheme analysis

From F1 and V1, we apply P2 and P4 rules to get

G1. From V2 and F3, we apply P3 rule to get

G2.From F5 and G1, we apply P3 rule to get

G3.From V4 and F4, we apply P3 rule to get

G4.From G3 and F6, we apply P5 rule to get

From the analysis with BAN logic, we can be sure that the proposed scheme is securely achieving the goals.

4.3 Formal security validation using proverif

In this section, we prove the security of our proposed scheme using ProVerif which is automated formal tool [27]. ProVerif is based on applied calculus and can be used to verify authentication and secrecy properties [28]. There are three parts in the ProVerif: (1) declaration part; (2) process part; and (3) main part. We perform the ProVerif code in the online demo for ProVerif (http://proverif.rocq.inria.fr/index.php). The performance results as shown in the Fig 5. From the experimental results, we can see that our proposed scheme is security.

4.4 Performance analysis

4.4.1 Communication cost( As shown in table 5)

S1: Server Registration Phase; U2: User Registration Phase; C3: Login And Authentication Phase; C4: Total

We measure the consumption time Fuzzy Extractors algorithm, Secure Sketch algorithm, MD5 and DES algorithm on an Intel Core i5-3470 platform. The details are shown as follows.the time of executing an XOR operation;the time of executing MD5 operation;the time of executing a symmetric decryption/encryption operation;the time of secure sketch generatingfrom client’s biometric informationduring the registration phase;time of secure sketch recoveringfrom the sketchand the user login biometric informationthe time for obtaining help data P and secret key R from w by fuzzy extractors algorithm;the time for recovering R from w′ and for helping string P by fuzzy extractors algorithm;the time of executing the Chebyshev Chaotic polynomial mappingtime of an elliptic curve point multiplication.

4.4.2 Computational cost

The details about computational cost are shown in table 6 and table 7.

V. CONCLUSION AND FUTURE WORKS

In this paper, we have presented some flaws of the Odelu-Das-Goswami’s scheme. In order tosolve these problems, secure biometric-based remote three-factor authentication with Chebyshev chaotic map and secure sketch scheme has been proposed. From the analysis, we can see that the proposed scheme has higher security and deals with biometric more appropriately compared with Odelu-Das-Goswami’s scheme and other similar schemes. What’s more, the proposed scheme has less computation cost than Odelu-Das-Goswami’s scheme.At the same time, our scheme can achieve session key agreement and has stronger robustness than Odelu-Das-Goswami’s scheme also.

Table V Comparison of performance

Fig. 5 The user registration phase of our scheme

Table VI Comparison of computational cost in the registration phase

Table VII Comparison of computational cost in the login and authentication phase

In the future, we will continue to further study three-factor schemes in multi-server environment. These schemes should become more reasonable and more effective compared with the proposed scheme in this paper. Moreover, we will build a biometric-based authentication tested and extend our scheme for body area network.

ACKNOWLEDGEMENTS

This work has been supported by Southwest University for Nationalities Foundation(No.2016NZYQN41), and by Key Technology Support Program of Sichuan Province(No.2014GZ0006), and by the Education Department of Sichuan Province (No.15ZB0489)and by Science and Technology Department in Sichuan province (No. 2017JY0230).

[1] Wang B, Ma M. “A smart card based efficient and secured multi-server authentication scheme”. Wireless Personal Communications,vol.68, no. 2, pp. 361-378, 2013.

[2] Li X, Xiong Y, Ma J, et al. “An efficient and security dynamic identity based authentication protocol for multi-server architecture using smart cards”. Journal of Network and Computer Applications, vol. 35, no. 2, pp. 763-769, 2012.

[3] Li X, Ma J, Wang W, et al. “A novel smart card and dynamic ID based remote user authentication scheme for multi-server environments”.Mathematical and Computer Modelling, vol. 58,no. 1, pp. 85-95, 2013.

[4] Yoon E J, Yoo K Y. “Robust biometrics-based multi-server authentication with key agreement scheme for smart cards on elliptic curve cryptosystem”. The Journal of Supercomputing, vol.63, no. 1, pp 235-255, 2013.

[5] Shen H, Gao C, He D, et al. “New biometrics-based authentication scheme for multi-server environment in critical systems[J].Journal of Ambient Intelligence and Humanized Computing”, vol. 6, no. 6, pp. 825-834, 2015.

[6] Tsai J L, Lo N W. “A chaotic map‐based anonymous multi‐server authenticated key agreement protocol using smart card”. International Journal of Communication Systems, vol. 28, no.13, pp. 1955-1963, 2015.

[7] Jiang P, Wen Q, Li W, et al. “An anonymous and efficient remote biometrics user authentication scheme in a multi server environment”. Frontiers of Computer Science, vol. 9, no. 1, pp. 142-156, 2015.

[8] Zhu H. “A Provable One-way Authentication Key Agreement Scheme with User Anonymity for Multi-Server Environment”. TIIS, vol. 9, no. 2, pp 811-829, 2015.

[9] Zhang M, Zhang J, Zhang Y. “Remote three‐factor authentication scheme based on Fuzzy extractors”. Security and Communication Networks, vol. 8, no. 4, pp. 682-693, 2015.

[10] Uludag U, Jain A K. “Attacks on biometric systems: a case study in fingerprints”, Electronic Imaging 2004. International Society for Optics and Photonics, pp. 622-633, 2004;

[11] J.-K. Lee, S.-R. Ryu, and K.-Y. Yoo, “Fingerprint-based remote user authentication scheme using smart cards,” Electron. Lett., vol. 38, no.12, pp. 554–555, 2002

[12] C.-H. Lin and Y.-Y. Lai, “A flexible biometrics remote user authentication scheme,” Comput.Standards & Interfaces, vol. 27, no. 1, pp. 19–23,Nov. 2004.

[13] C.-C. Chang and I.-C. Lin, “Remarks on fingerprint-based remote user authentication scheme using smart cards,” ACM SIGOPS Oper. Syst.Rev. vol. 38, no. 4, pp. 91–96, Oct. 2004.

[14] H.-S. Kim, S.-W. Lee, and K.-Y. Yoo, “ID-based password authentication scheme using smart cards and fingerprints,” ACM SIGOPS Oper. Syst.Rev., vol. 37, no. 4, pp. 32–41, Oct. 2003.

[15] M. Scott, “Cryptanalysis of an ID-based password authentication scheme using smart cards and fingerprints,” ACM SIGOPS Oper. Syst.Rev.,vol. 38, no. 2, pp. 73–75, Apr. 2004.

[16] C.-T. Li and M.-S. Hwang, “An efficient biometrics-based remote user authentication scheme using smart cards,” J. Netw. Comput. Appl., vol.33,no. 1, pp. 1–5, Jan. 2010.

[17] X. Li, J. Niu, J. Ma, W. Wang, and C. Liu,“Cryptanalysis and improvement of a biometrics-based remote user authentication scheme using smart cards,” J. Netw. Comput. Appl., vol.34, no. 1, pp. 73–79, Jan. 2011.

[18] E. Yoon and K. Yoo, “Robust biometrics-based multi-server authentication with key agreement scheme for smart cards on elliptic curve cryptosystem,” J. Supercomput., vol. 63, no. 1, pp.235–255, Jan. 2013.

[19] D. He, Security flaws in a biometrics-based multi-server authentication with key agreement scheme, Tech. Rep. 2011/365, ePrint Archive. [On-line]. Available: http://eprint.iacr.org/2011/365.pdf.

[20] He D, Wang D. Robust biometrics-based authentication scheme for multiserver environment[J]. Systems Journal, IEEE, vol. 9, no. 3, pp.816-823, 2015

[21] Odelu V, Das A K, Goswami A. A secure biometrics-based multi-server authentication protocol using smart cards[J]. Information Forensics and Security, IEEE Transactions on, 2015, 10(9):1953-1966.

[22] Dodis Y, Reyzin L, Smith A. Fuzzy extractors:How to generate strong keys from biometrics and other noisy data[C]//Advances in cryptology-Eurocrypt 2004. Springer Berlin Heidelberg,2004: 523-540.

[23] Kocarev, Ljupco, and Shiguo Lian, eds.Chaos-based cryptography: Theory, algorithms and applications. Vol. 354. Springer, 2011.

[24] T. S. Messerges, E. A. Dabbish, and R. H. Sloan,“Examining smart-card security under the threat of power analysis attacks,” IEEE Trans. Comput.,vol. 51, no. 5, pp. 541–552, May 2002.

[25] Lu Y, Li L, Peng H, et al. “Robust and efficient biometrics based password authentication scheme for telecare medicine information systems using extended chaotic maps”. Journal of medical systems, vol. 39, no. 6, pp. 1-10, 2015.

[26] Burrow, M., Abadi, M., Needham, R., “A logic of authentication”.ACM Trans. Compu. Syst. vol. 8,pp. 18–36, 1990.

[27] Blanchet B, Smyth B. ProVerif: Automatic Cryptographic Protocol Verifier User Manual & Tutorial (2011)[J]. URL http://scholar. google. com/scholar.

[28] Chaudhry S A, Mahmood K, Naqvi H, et al. “An improved and secure biometric authentication scheme for telecare medicine information systems based on elliptic curve cryptography”.Journal of Medical Systems, vol. 39, no. 11, pp.1-12, 2015.

[29] Irshad A, Sher M, Chaudhary S A, et al. “An efficient and anonymous multi-server authenticated key agreement based on chaotic map without engaging Registration Centre”. The Journal of Supercomputing, vol. 72, no. 4, pp.1623-1644, 2016.

[30] Chuang M C, Chen M C. “An anonymous multi-server authenticated key agreement scheme based on trust computing using smart cards and biometrics”. Expert Systems with Applications, vol. 41, pp. 4, pp. 1411-1418, 2014.

[31] Chaudhry S A, Farash M S, Naqvi H, et al. “An enhanced privacy preserving remote user authentication scheme with provable security”.Security and Communication Networks, vol. 8,pp. 18, pp. 3782-3795,2015..