. Recently, more and more people have relied on computer networks to access information, exchange knowledge, and process data in distributed network environments, and then the network security has been becoming important. User authentication is an important technology to guarantee that only the legal users can access resources from the remote server. To achieve simplicity, efficiency and low-communications, the techniques of user authentication based on smart cards are becoming more and more important in today’s network environment.
1.1 Research Motivation and Background
With rapid development of the network technology, password based authentication has been widely used in many areas, such as the remote access control systems, medical systems, banking and payment systems and so on [1]. Currently, due to the cryptographic capacity, low cost, and the portability, the smart card-based authentication scheme is becoming more and more important and functional [2,3,5,7]. There are many remote user authentication protocols with smart card have been proposed to improve security, efficiency, and functionality extensively by many scholars in recent years [2-14]. Moreover, the compromise of user’s identity would lead to the tracing of the previous network communications for the same user. To protect from the risk of ID-theft, the user anonymity property is required for the privacy protection user [9,10]. In 2008, Juang et al.’s [12]
proposed a new password-authenticated key agreement protocol based on elliptic curve cryptosystems. Their scheme not only could provide identity protection but also construct the session key agreement and enhance efficiency by using elliptic curve cryptosystems.
Unfortunately, Sun et al.’s proposed an improved scheme to overcome the weakness of Juang et al.’s, including inability of the password-changing and the session key problem
[13]. Later, there are many password based authentications with smart card have been proposed to achieve the user anonymity [9,10,11,16,17,20].
Due to the smart card usually does not support powerful computation capability, new secure authentication protocols with less calculation in the smart cards are required[12,13,16,17,20]. In 2013, based on Chebyshev chaotic maps, Guo and Chang firstly proposed password-authenticated key agreement protocol using smart card [20].Their scheme is efficient since no time-consuming modular exponential computing and scalar multiplication on elliptic curve cryptosystem are involved in the authentication processes. They claimed that their protocol is able to provide user anonymity even though the adversary could extract the data stored in the smart card. However, we will show that Guo and Chang’s scheme is still vulnerable to the impersonation attack by using data extracted from his own smart card, and do not allow changing password freely for the user.
Moreover, their scheme cannot provide the user anonymity. Then, in this study, we will propose improved method to overcome Guo and Chang’s security weaknesses. And our improved scheme needs not to create public key cryptosystems in advance.
Nowadays, ubiquitous computing has become very popular where multiple servers are involved in authenticating their users. Namely, a user can login different servers through mobile networks to obtain diversified services. In traditional remote login methods for a multi-server architecture, a user not only has to log into various remote servers with repetitive registration, but also needs to remember the various user identities and passwords.
This will make password authentication extremely inconvenient. In 2004, Lee and Chang proposed a user identification and key distribution scheme for multi-server networks [29]. In their scheme, the user registered at the registration center once and can use all the designated servers for the services. Later, many convenient authentication schemes with smart cards have subsequently been proposed for the multi-server environments [30-34]. In multi-server environments, single registration to a trusted registration center is the most
important feature and any user could receive desired services from various service providers without repeating registration. Due to the limitation of computational power, a smart card may not be able to afford heavy computations. In 2008, for enhancing the system performance, Tsai suggested lightweight computations such as one-way hash function during multi-server authentication processes using smart cards [28]. Recently, there are many hash-based authentication schemes with smart card have been proposed in multi-server environments. Unfortunately, most of them are vulnerable to masquerade attack, insider attack, and the server or the registration center spoofing attack [21,27,35-36].
For enhancing the security of multi-server networks, in 2011, Chang and Cheng proposed a secure and lightweight user authentication method for multi-server architecture [35]. Unfortunately, Li et al. pointed out that Chang and Cheng’s scheme still suffers from insider attack, smart card lost attack, and session key disclosure attack, and then they also proposed an improvement to overcome Chang and Cheng’s problems [36]. Furthermore, we will find that Li et al.’s scheme is still vulnerable the off-line password guessing attack.
Moreover, in Li et al.’s scheme, it is required registration center to join the authentication and construct the common session key for user and the remote service providers. It will make the registration center to be another security and performance bottleneck, which will bring more communication and computing overlay. Therefore, based on the Chebyshev chaotic maps [15,19], we will propose a new efficient user authentication protocol for multi-server networks in this dissertation.
1.2 Organization
The remainder of this study is organized as follows. In the next chapter, we give some related works that will allow us to discuss the security in this dissertation. Based on chaotic maps, we will present a new user authentication with smart card in chapter 3. In chapter 4,
we will design an efficient user authentication with smart cards for the multi-server environment. Finally, some conclusions and future researches are stated in the last chapter.