Skip to main content
SpringerLink
Log in

ELAKA: Energy-Efficient and Lightweight Multi-Server Authentication and Key Agreement Protocol Based on Dynamic Biometrics

  • Published:
Wireless Personal Communications Aims and scope Submit manuscript

Abstract

Authentication and key agreement (AKA) provides flexible and convenient sercices. Most traditional AKA protocols are designed to apply in single-server environment, where a user has to register at different servers to access different types of network services and the user have to remember or manage a large number of usernames and passwords. Later, multi-server AKA protocols resolve the repeated registration problem of single-server AKA protocols, where a user can access different servers to get different services using a single registration and the same username and password. Recently, in 2015, Lu et al proposed a light-weight ID based authentication and key agreement protocol for multi-server architecture, referred to as LAKA protocol. They claimed their protocol can overcome all shortcomings which existed in Xue et al’s protocol. Unfortunately, our further research shows that LAKA protocol still suffers from server spoofing attack, stolen smart card attack etc. To overcome the weakness of LAKA protocol, an energy-efficient and lightweight authentication and key agreement protocol for multi-server architecture is proposed (abbreviated to ELAKA). The ELAKA protocol not only provides the security features declared by LAKA protocol, but also has some other advantages. First, the ELAKA protocol can realize authentication and key agreement just by three handshakes with extremely low communication cost and computation cost between users and servers, which can achieve a delicate balance of security and performance. Second, ELAKA protocol can enable the user enjoy the remote services with privacy protection. Finally the ELAKA protocol is proved secure against known possible attacks by using BAN logic. As a result, these features make ELAKA protocol is very suitable for computation-limited mobile devices (such as smartphone, PAD, tablets) in comparison to other related existing protocols.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5

Similar content being viewed by others

References

  1. Florencio, D., & Herley, C. (2007). A large-scale study of web password habits. In Proceedings of the 16th international conference on world wide web (pp. 657–666).

  2. Liao, Y., & Wan, S. (2009). A secure dynamic ID based remote user authentication scheme for multi-server environment. Computer Standards & Interfaces., 31(1), 24–29.

    Article  Google Scholar 

  3. He, D., & Wang, D. (2015). Robust biometrics-based authentication scheme for multiserver environment. IEEE Systems Journal, 9(3), 816–823.

    Article  Google Scholar 

  4. Odelu, V., Das, A. K., & Goswami, A. (2015). A secure biometrics-based multi-Server authentication protocol using smart cards. In Information forensics and security, IEEE transactions (pp. 1953–1966).

  5. Shen, H., Gao, C., He, D., et al. (2015). New biometrics-based authentication scheme for multi-server environment in critical systems. Journal of Ambient Intelligence and Humanized Computing, 6(6), 825–834.

    Article  Google Scholar 

  6. Chuang, M., & Chen, M. (2014). An anonymous multi-server authenticated key agreement scheme based on trust computing using smart cards and biometrics. Expert Systems with Applications, 41(4), 1411–1418.

    Article  MathSciNet  Google Scholar 

  7. Mishra, D., Das, A. K., & Mukhopadhyay, S. (2014). A secure user anonymity-preserving biometric-based multi-server authenticated key agreement scheme using smart cards. Expert Systems with Applications, 41(18), 8129–8143.

    Article  Google Scholar 

  8. Choi, Y., Nam, J., Lee, D., et al. (2014). Security enhanced anonymous multiserver authenticated key agreement scheme using smart cards and biometrics. The Scientific World Journal, 2014(4), 281305. https://doi.org/10.1155/2014/281305.

    Google Scholar 

  9. Lin, H., Wen, F., Du, C. (2015). An improved anonymous multi-server authenticated key agreement scheme using smart cards and biometrics. Wireless Personal Communications, 84(4), 2351–2362. https://doi.org/10.1007/s11277-015-2708-4.

    Article  Google Scholar 

  10. Li, C., Lee, C., Chen, H., et al. (2015). Cryptanalysis of an anonymous multi-server authenticated key agreement scheme using smart cards and biometrics. In IEEE international conference on information networking (ICOIN)2015 (pp. 498–502).

  11. Zan, Y., Liu, W., & Wei, J. (2014). Negotiation sheme of multi-server authentication key based on dynamic ID. Journal of Information Engineering University, 15(6), 654–663.

    Google Scholar 

  12. Baruah, K., Banerjee, S., & Dutta, M. (2015). An improved biometric-based multi-server authentication scheme using smart card. International Journal of Security and its Applications, 9(1), 397–408.

    Article  Google Scholar 

  13. Kuo, W., Wei, H., & Chen, Y. et al. (2015). An enhanced secure anonymous authentication scheme based on smart cards and biometrics for multi-server environments. In IEEE 10th Asia joint conference on information security (AsiaJCIS), 2015 (pp. 1–5).

  14. Chaudhry, S. A. (2015). A secure biometric based multi-server authentication scheme for social multimedia networks. Multimedia Tools and Applications, 75(20), 1–16. https://doi.org/10.1007/s11042-015-3194-0.

    Google Scholar 

  15. Chaudhry, S.A., Naqvi, H., Farash, M. S., et al. (2015). An improved and robust biometrics-based three factor authentication scheme for multiserver environments. Journal of Supercomputing, 1–17. https://doi.org/10.1007/s11227-015-1601-y.

  16. Chaudhry, S. A., Naqvi, H., Sher, M., et al. (2015). An improved and provably secure privacy preserving authentication protocol for SIP. Peer-to-Peer Networking and Applications pp. 1–15.

  17. Chaudhry, S. A., Farash, M. S., Naqvi, H., et al. (2015). An enhanced privacy preserving remote user authentication scheme with provable security. Security and Communication Networks, 8(18), 3782–3795.

    Article  Google Scholar 

  18. He, D., Kumar, N., & Chilamkurti, N. (2015). A secure temporal-credential-based mutual authentication and key agreement scheme with pseudo identity for wireless sensor networks. Information Sciences, 321, 263–277.

    Article  Google Scholar 

  19. Farash, M. S., Turkanovi, M., Kumari, S., et al. (2016). An efficient user authentication and key agreement scheme for heterogeneous wireless sensor network tailored for the internet of things environment. Ad Hoc Networks, 36, 152–176.

    Article  Google Scholar 

  20. Xue, K., Hong, P., & Ma, C. (2014). A lightweight dynamic pseudonym identity based authentication and key agreement protocol without verification tables for multi-server architecture. Journal of Computer and System Sciences, 80(1), 195–206.

    Article  MathSciNet  MATH  Google Scholar 

  21. Lu, Y., Li, L., & Peng, H., et al. (2015). A lightweight ID based authentication and key agreement protocol for multiserver architecture. International Journal of Distributed Sensor Networks, 1–9. https://doi.org/10.1155/2015/635890

  22. Lin, H., Wen, F., & Du, C. (2016). An improved lightweight pseudonym identity based authentication scheme on multi-server environment. In Wireless communications, networking and applications (pp. 1115–1126). Springer, New Delhi.

  23. Dawson, E., Lopez, J., Montenegro, J. A. et al. (2004). BAAI: biometric authentication and authorization infrastructure proc. In IEEE International conference information technology: research and education (ITRE) (pp. 274–278).

  24. Li, X., Niu, J., & Khan, M. K., et al. (2013). Robust biometrics based three-factor remote user authentication scheme with key agreement proc. In IEEE international symposium biometrics security technologies (pp. 105–110).

  25. Makrushin, A., Scheidat, T., & Vielhauer, C. (2012). Improving reliability of biometric hash generation through the selection of dynamic handwriting features[M]//Transactions on data hiding and multimedia security VIII (pp. 19–41). Berlin: Springer.

    Google Scholar 

  26. Zhang, Q., Yin, Y., Zhan, D., et al. (2014). A novel serial multimodal biometrics framework based on semisupervised learning techniques. IEEE Trans Inf Forensic Secur, 9(10), 1681–1694.

    Article  Google Scholar 

  27. Pathak, M. A., Raj, B., Rane, S. D., & Smaragdis, P. (2013). Privacy-preserving speech processing: cryptographic and string-matching frameworks show promise. IEEE Signal Process, 30(2), 62–74.

    Article  Google Scholar 

  28. Wang, Y. (2012). Password protected smart card and memory stick authentication against off-line dictionary attacks. In 27th IFIP TC 11 information security and privacy conference, SEC 2012. Boston: Springer, pp. 489–500.

  29. Wang, D., Ma, C., & Wang, P. et al. (2012). Robust smart card based password authentication scheme against smart card security breach. Cryptology ePrint Archive, Report 2012/439.

  30. Xie, Q., Liu, W., Wang, S., et al. (2014). Robust password and smart card based authentication scheme with smart card revocation. Journal of Shanghai Jiaotong University, 19(4), 418–424.

    Article  Google Scholar 

  31. Pippal, R., Jaidhar, C., & Tapaswi, S. (2013). Robust smart card authentication scheme for multi-server architecture. Wireless Personal Communications, 72(1), 729–745.

    Article  Google Scholar 

  32. Taylor, G., Moore, S., Anderson, R. et al. (2012). Improving smart card security using self-timed circuits. In IEEE 18th international symposium on asynchronous circuits and systems. IEEE computer society (pp. 211–211).

  33. Zhang, N., Zang, Y., & Tian, J. (2015). The integration of biometrics cryptography a new solution for secure identity authentication. Journal of Cryptologic Research, 2(2), 159–176.

    Google Scholar 

  34. Li, X., Niu, J., Kumari, S., et al. (2015). An enhancement of a smart card authentication scheme for multi-server architecture. Wireless Personal Communications, 80(1), 175–192.

    Article  Google Scholar 

  35. Kilinc, H., & Yanik, T. (2014). A survey of SIP authentication and key agreement schemes. IEEE Communications Surveys & Tutorials, 16(2), 1005–1023.

    Article  Google Scholar 

  36. Wander, A. S., Gura, N., & Eberle, H. et al. (2005). Energy analysis of public-key cryptography for wireless sensor networks. In Third IEEE international conference on pervasive computing and communications, PerCom.

Download references

Acknowledgements

This work was partly supported by the National Natural Science Foundation of China under Grant 61402275, 61402015, 61373150, 61572246, 61272436, Shaanxi Province Natural Science Basic Research Program Funded Project 2016JM6069, the Scientific Research Foundation for the Returned Overseas Chinese Scholars of MOHRSS, the Fundamental Research Funds for the Central Universities under Grant GK201603012, GK201402004, the Innovation Fund Designated for Graduate Students of Shaanxi Normal University (2015CXS022).

Author information

Authors and Affiliations

  1. School of Mathematics and Information Science, Shaanxi Normal University, Xi’an, 710062, China

    Xiaoxue Liu, Yanping Li & Laifeng Lu

  2. School of Mathematics and Statistics, Chongqing Three Gorges University, Wanzhou, 414100, China

    Juan Qu

Authors
  1. Xiaoxue Liu
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Yanping Li
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Juan Qu
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Laifeng Lu
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Yanping Li.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Liu, X., Li, Y., Qu, J. et al. ELAKA: Energy-Efficient and Lightweight Multi-Server Authentication and Key Agreement Protocol Based on Dynamic Biometrics. Wireless Pers Commun 100, 767–785 (2018). https://doi.org/10.1007/s11277-018-5348-7

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11277-018-5348-7

Keywords

Search

Navigation