Secure Smart Card Based Remote User Authentication Scheme for Multi-Server Environment to Eliminate Smart Card Security Breach

摘要

Remote user authentication technique based on smart card is a simple two-factor authentication technique that ensures secured access through insecure channels. Many smart card based remote user authentication schemes for single server and multi-server environments are proposed. In thispaper, we focus on the remote user authentication scheme for the multi-server environment. Recently, Banerjee et al. analyze the capability of Li et al. scheme and find out that it is vulnerable to stolen smart card and user impersonate attack. Banerjee et al. propose a new scheme and claimthat their scheme provides protection against various attacks. Braeken's analysis on Banerjee et al. shows that the scheme is not resistant to insider attack and also does not provide perfect forward secrecy. Our analysis on Braeken scheme shows that it is susceptible to impersonation attack,provides poor reparability and has no strong two factor security. Our analysis on these schemes shows that various attacks are possible as few parameters are insecurely stored in the smart card and are directly used in authentication phases. The dynamic property imposed in these schemes isbased on a random number—nonce and this is either passed as plaintext or hidden by known parameters. We propose a new remote user multi-server authentication scheme based on Diffie-Hellman problem (DHP) and the one-way hash function to provide security to the data when transmitted. Ourscheme fulfills the requirements of the multi-server authentication scheme and provides secure communication.