A Multi-Server Two-Factor Authentication Scheme with Un-Traceability Using Elliptic Curve Cryptography
1
School of CyberSpace Security, Beijing University of Posts and Telecommunications, Beijing 100876, China
2
Elementary Educational College, Jiangxi Normal University, Nanchang 330022, China
3
Department of Computer Science, National Textile University, Faisalabad 37610, Pakistan
4
High-Tech Research and Development Center, the Ministry of Science and Technology, Beijing 100044, China
*
Author to whom correspondence should be addressed.
Sensors 2018, 18(7), 2394; https://doi.org/10.3390/s18072394
Received: 2 July 2018
/
Revised: 18 July 2018
/
Accepted: 20 July 2018
/
Published: 23 July 2018
(This article belongs to the Section Internet of Things)
To provide secure communication, the authentication-and-key-agreement scheme plays a vital role in multi-server environments, Internet of Things (IoT), wireless sensor networks (WSNs), etc. This scheme enables users and servers to negotiate for a common session initiation key. Our proposal first analyzes Amin et al.’s authentication scheme based on RSA and proves that it cannot provide perfect forward secrecy and user un-traceability, and is susceptible to offline password guessing attack and key-compromise user impersonation attack. Secondly, we provide that Srinivas et al.’s multi-server authentication scheme is not secured against offline password guessing attack and key-compromise user impersonation attack, and is unable to ensure user un-traceability. To remedy such limitations and improve computational efficiency, we present a multi-server two-factor authentication scheme using elliptic curve cryptography (ECC). Subsequently, employing heuristic analysis and Burrows–Abadi–Needham logic (BAN-Logic) proof, it is proven that the presented scheme provides security against all known attacks, and in particular provides user un-traceability and perfect forward security. Finally, appropriate comparisons with prevalent works demonstrate the robustness and feasibility of the presented solution in multi-server environments.
View Full-Text
Keywords:
multi-server; authentication; key agreement; elliptic curve cryptography (ECC); BAN-Logic; wireless sensor networks (WSNs)
▼
Show Figures
Figure 1
This is an open access article distributed under the Creative Commons Attribution License which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited
MDPI and ACS Style
Xu, G.; Qiu, S.; Ahmad, H.; Xu, G.; Guo, Y.; Zhang, M.; Xu, H. A Multi-Server Two-Factor Authentication Scheme with Un-Traceability Using Elliptic Curve Cryptography. Sensors 2018, 18, 2394. https://doi.org/10.3390/s18072394
AMA Style
Xu G, Qiu S, Ahmad H, Xu G, Guo Y, Zhang M, Xu H. A Multi-Server Two-Factor Authentication Scheme with Un-Traceability Using Elliptic Curve Cryptography. Sensors. 2018; 18(7):2394. https://doi.org/10.3390/s18072394
Chicago/Turabian StyleXu, Guosheng, Shuming Qiu, Haseeb Ahmad, Guoai Xu, Yanhui Guo, Miao Zhang, and Hong Xu. 2018. "A Multi-Server Two-Factor Authentication Scheme with Un-Traceability Using Elliptic Curve Cryptography" Sensors 18, no. 7: 2394. https://doi.org/10.3390/s18072394
Find Other Styles
Note that from the first issue of 2016, MDPI journals use article numbers instead of page numbers. See further details here.
