A secure and improved multi server authentication protocol using fuzzy commitment

The advancement in communication and computation technologies has paved a way for connecting large number of heterogeneous devices to offer specified services. Still, the advantages of this advancement are not realized completely due to inherent security issues. Most of the existing authentication m...

Full description

Saved in:
Bibliographic Details
Published in:Multimedia tools and applications 2021-05, Vol.80 (11), p.16907-16931
Main Authors: Rehman, Hafeez Ur, Ghani, Anwar, Chaudhry, Shehzad Ashraf, Alsharif, Mohammed H., Nabipour, Narjes
Format: Article
Language:English
Subjects:
Access control
Authentication
Authentication protocols
Automation
Computer Communication Networks
Computer Science
Data Structures and Information Theory
Fuzzy logic
Multimedia
Multimedia Information Systems
Privacy
Servers
Service introduction
Smart cards
Special Purpose and Application-Based Systems
Citations: Items that this one cites
Items that cite this one
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:The advancement in communication and computation technologies has paved a way for connecting large number of heterogeneous devices to offer specified services. Still, the advantages of this advancement are not realized completely due to inherent security issues. Most of the existing authentication mechanisms ensure the legitimacy of requesting user thorough single server leading towards multiple registrations and corresponding credentials storage on user side. Intelligent multimedia networks (IMN) may encompass wide range of networks and applications. However, the privacy and security of IMN cannot be apprehended through traditional multi sign on/single server authentication systems. The multi-server authentication systems can enable a user to acquire services from multiple servers using single registration and with single set of credentials (i.e.Password/smart card etc.) and can be accomplish IMN security and privacy needs. In 2018, Barman et al. proposed a multi-server authentication protocol using fuzzy commitment. The authors claimed that their protocol provides anonymity while resisting all known attacks. In this paper, we analyze that Barman et al.’s protocol is still vulnerable to anonymity violation attack and impersonation based on stolen smart card attack; moreover, it has incomplete login request and is prone to scalability issues. We then propose an enhanced protocol to overcome the security weaknesses of Barman et al.’s scheme. The security of the proposed protocol is verified using BAN logic and widely accepted automated AVISPA tool. The BAN logic and automated AVISPA along with the informal analysis ensure the robustness of the scheme against all known attacks.
ISSN:1380-7501
1573-7721
DOI:10.1007/s11042-020-09078-z