Skip to main content
SpringerLink
Log in

A secure biometric based multi-server authentication scheme for social multimedia networks

  • Published:
Multimedia Tools and Applications Aims and scope Submit manuscript

Abstract

Social networking is one of the major source of massive data. Such data is not only difficult to store, manipulate and maintain but it’s open access makes it security prone. Therefore, robust and efficient authentication should be devised to make it invincible against the known security attacks. Moreover, social networking services are intrinsically multi-server environments, therefore compatible and suitable authentication should be designed accordingly. Sundry authentication protocols are being utilized at the moment and many of them are designed for single server architecture. This type of remote architecture resists each user to get itself register with each server if multiple servers are employed to offer online social services. Recently multi-server architecture for authentication has replaced the single server architecture, and it enable users to register once and procure services from multiple servers. A short time ago, Lu et al. presented two authentication schemes based on three factors. Furthermore, both Lu et al.’s schemes are designed for multi-server architecture. Lu et al. claimed the schemes to be invincible against the known attacks. However, this paper shows that one of the Lu et al.’s scheme is susceptible to user anonymity violation and impersonation attacks, whereas Lu et al.’s second scheme is susceptible to user impersonation attack. Therefore an enhanced scheme is introduced in this paper. The proposed scheme is more robust than subsisting schemes. The proposed scheme is thoroughly verified and validated with formal and informal security discussion, and through the popular automated tool ProVerif. The in-depth analysis affirms that proposed scheme is lightweight in terms of computations while attaining mutual authentication and is invincible against the known attacks, hence is more suitable for automated big data analysis for social multimedia networking environments.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4

Similar content being viewed by others

References

  1. Awasthi AK, Srivastava K (2013) A biometric authentication scheme for telecare medicine information systems with nonce. J Med Syst 37(5):1–4

    Article  Google Scholar 

  2. Belguechi R, Rosenberger C, Ait-Aoudia S (2010) Biohashing for securing minutiae template. In: 20th International Conference on Pattern Recognition (ICPR), 2010. IEEE, pp 1168–1171

  3. Chaudhry S, Naqvi H, Shon T, Sher M, Farash M (2015) Cryptanalysis and improvement of an improved two factor authentication protocol for telecare medical information systems. J Med Syst 39(6):66. doi:10.1007/s10916-015-0244-0

    Article  Google Scholar 

  4. Chaudhry SA, Farash MS, Naqvi H, Kumari S, Khan MK (2015) An enhanced privacy preserving remote user authentication scheme with provable security. Secur Commun Netw 1–13. doi:10.1002/sec.1299

  5. Chaudhry SA, Mahmood K, Naqvi H, Sher M (2015) A secure authentication scheme for session initiation protocol based on elliptic curve cryptography. In: The 13th IEEE International Conference on Dependable, Autonomic and Secure Computing (DASC 2015). IEEE, pp 1–5

  6. Chaudhry SA, Mahmood K, Naqvi H, Khan MK (2015) An improved and secure biometric authentication scheme for telecare medicine information systems based on elliptic curve cryptography. Journal of Medical Systems 66. doi:10.1007/s10916-015-0335-y

  7. Chaudhry SA, Naqvi H, Sher M, Farash MS, HassanM(2015) An improved and provably secure privacy preserving authentication protocol for SIP. Peer-to-Peer Netw Appl. doi:10.1007/s12083-015-0400-9

  8. Chuang MC, Chen MC (2014) An anonymous multi-server authenticated key agreement scheme based on trust computing using smart cards and biometrics. Expert Syst Appl 41(4):1411–1418

    Article  MathSciNet  Google Scholar 

  9. Cao X, Zhong S (2006) Breaking a remote user authentication scheme for multi-server architecture. IEEE Commun Lett 10(8):580–581. doi:10.1109/LCOMM.2006.1665116

    Article  Google Scholar 

  10. Chaudhry S, Farash M, Naqvi H, Sher M (2015) A secure and efficient authenticated encryption for electronic payment systems using elliptic curve cryptography. Electron Commer Res:1–27. doi:10.1007/s10660-015-9192-5

  11. Das AK (2015) A secure and effective biometric-based user authentication scheme for wireless sensor networks using smart card and fuzzy extractor. Int J Commun Syst. doi:10.1002/dac.2933

  12. Dolev D, Yao AC (1983) On the security of public key protocols. IEEE Trans Inf Theory 29(2):198–208. doi:10.1109/TIT.1983.1056650

    Article  MathSciNet  MATH  Google Scholar 

  13. Eisenbarth T, Kasper T, Moradi A, Paar C, Salmasizadeh M, Shalmani M (2008) On the power of power analysis in the real world: A complete break of the KeeLoq code hopping scheme. In: Advances in Cryptology, CRYPTO 2008, Lecture Notes in Computer Science, vol 5157, pp 203–220, DOI doi:10.1007/978-3-540-85174-5

  14. Farash MS, Attari MA (2014) A secure and efficient identity-based authenticated key exchange protocol for mobile client–server networks. J Supercomput 69(1):395–411

    Article  MathSciNet  Google Scholar 

  15. Farash MS, Attari MA (2014) An anonymous and untraceable password-based authentication scheme for session initiation protocol using smart cards. Int J Commun Syst. doi:10.1002/dac.2848

  16. Farash MS, Attari MA (2014) Cryptanalysis and improvement of a chaotic map-based key agreement protocol using chebyshev sequence membership testing. Nonlinear Dyn 76(2):1203–1213

    Article  MathSciNet  MATH  Google Scholar 

  17. He D, Zeadally S (2015) Authentication protocol for an ambient assisted living system. IEEE Commun Mag 53(1):71–77

    Article  Google Scholar 

  18. He D, Kumar N, Chen J, Lee CC, Chilamkurti N, Yeo SS (2013) Robust anonymous authentication protocol for health-care applications using wireless medical sensor networks. Multimed Syst 21(1):49–60

    Article  Google Scholar 

  19. He D (2012) An efficient remote user authentication and key agreement protocol for mobile client–server environment from pairings. Ad Hoc Netw 10(6):1009–1016

    Article  Google Scholar 

  20. He D, Kumar N, Chilamkurti N (2015) A secure temporal-credential-based mutual authentication and key agreement scheme with pseudo identity for wireless sensor networks. Inf Sci 321:263–277. doi:10.1016/j.ins.2015.02.010.

    Article  Google Scholar 

  21. He D, Wang D (2015) Robust biometrics-based authentication scheme for multi server environment. IEEE Syst J 9(3):816–823

    Article  Google Scholar 

  22. Heydari M, Sadough SMS, Farash MS, Chaudhry SA, Mahmood K (2015) A secure and efficient authenti-cated encryption for electronic payment systems using elliptic curve cryptography. Wirel Person Comm 2015. doi:10.1007/s11277-015-3123-6

    Google Scholar 

  23. He D, Kumar N, Lee JH, Sherratt R (2014) Enhanced three-factor security protocol for consumer usb mass storage devices. IEEE Trans Consum Electron 60(1):30–37. doi:10.1109/TCE.2014.6780922

    Article  Google Scholar 

  24. Irshad A, Sher M, Faisal MS, Ghani A, Hassan M, Ch SA (2013) A secure authentication scheme for session initiation protocol by using ecc on the basis of the Tang and Liu scheme. Secur Commun Netw 7(8):1210–1218. doi:10.1002/sec.834

    Article  Google Scholar 

  25. Irshad A, Sher M, Rehman E, Ch SA, Hassan M, Ghani A (2014) A single round-trip sip authentication scheme for voice over internet protocol using smart card. Multimed Tools Appl 74(11):3967–3984. doi:10.1007/s11042-013-1807-z

    Article  Google Scholar 

  26. Islam S, Khan M (2014) Cryptanalysis and improvement of authentication and key agreement protocols for telecare medicine information systems. J Med Syst 38 (10):135. doi:10.1007/s10916-014-0135-9

    Article  Google Scholar 

  27. Islam SH (2015) Design and analysis of a three party password-based authenticated key exchange protocol using extended chaotic maps. Inf Sci 312:104–130

    Article  MathSciNet  Google Scholar 

  28. Islam SH (2014) Provably secure dynamic identity-based three-factor password authentication scheme using extended chaotic maps. Nonlinear Dyn 78(3):2261–2276

    Article  MathSciNet  Google Scholar 

  29. Islam SH (2014) A provably secure id-based mutual authentication and key agreement scheme for mobile multi-server environment without esl attack. Wirel Person Commun 79(3):1975–1991

    Article  MathSciNet  Google Scholar 

  30. Islam S, Khan MK (2014) Provably secure and pairing-free identity-based handover authentication protocol for wireless mobile networks. Int J Commun Syst. doi:10.1002/dac.2847

    Google Scholar 

  31. Jiang Q, Ma J, Tian Y (2014) Cryptanalysis of smart-card-based password authenticated key agreement protocol for session initiation protocol of zhang et al. Int J Commun Syst. doi:10.1002/dac.2767

  32. Jin ATB, Ling DNC, Goh Ax (2004) Biohashing: two factor authentication featuring fingerprint data and tokenised random number. Pattern Recogn 37(11):2245–2255

    Article  Google Scholar 

  33. Kocher P, Jaffe J, Jun B (1999) Differential power analysis. Advances in Cryptology CRYPTO 99, Springer, pp 388–397

  34. Kilinc HH, Yanik T (2014) A survey of sip authentication and key agreement schemes. IEEE Commun Surv Tutorials 16(2):1005–1023

    Article  Google Scholar 

  35. Lamport L (1981) Password authentication with insecure communication. Commun ACM 24(11):770–772

    Article  MathSciNet  Google Scholar 

  36. Lu R, Lin X, Liang X, Shen X. (2012) A dynamic privacy-preserving key management scheme for location-based services in vanets. IEEE Trans Intell Trans Syst 13(1):127–139

    Article  Google Scholar 

  37. Lu Y, Li L, Yang Y (2015) Robust and efficient authentication scheme for session initiation protocol. Math Probl Eng. doi:10.1155/2015/894549

    MathSciNet  Google Scholar 

  38. Lu Y, Li L, Peng H, Yang Y (2015) An enhanced biometric-based authentication scheme for telecare medicine information systems using elliptic curve cryptosystem. J Med Syst 39(3):1–8

    Article  Google Scholar 

  39. Li X, Niu J, Khan MK, Liao J, Zhao X (2014) Robust three-factor remote user authentication scheme with key agreement for multimedia systems. Secur Comm Netw. doi:10.1002/sec.961

  40. Li X, Khan M, Kumari S, Liao J, Liang W (2014) Cryptanalysis of a robust smart card authentication scheme for multi-server architecture. In: International Symposium on Biometrics and Security Technologies (ISBAST), 2014,. doi:10.1109/ISBAST.2014.7013106, pp 120–123

  41. Lu Y, Li L, Yang X, Yang Y (2015) Robust biometrics based authentication and key agreement scheme for multi-server environments using smart cards. PloS ONE 10(5). doi:10.1371/journal.pone.0126323

  42. Lu Y, Li L, Peng H, Yang Y (2015) A biometrics and smart cards-based authentication scheme for multi-server environments. Secur Commun Netw 1–10. doi:10.1002/sec.1246

  43. Lumini A, Nanni L (2007) An improved biohashing for human authentication. Pattern Recogn 40(3):1057–1065

    Article  MATH  Google Scholar 

  44. Mehmood Z, uddin N, Ch SA, Nasar W, Ghani A (2012) An efficient key agreement with rekeying for secured body sensor networks. In: Second International Conference on Digital Information Processing and Communications (ICDIPC), 2012. IEEE, pp 164–167

  45. Mishra D, Kumari S, Khan MK, Mukhopadhyay S (2015) An anonymous biometric-based remote user authenticated key agreement scheme for multimedia systems. Int J Commun Syst. doi:10.1002/dac.2946

    Google Scholar 

  46. Mishra D, Das AK, Mukhopadhyay S (2014) A secure user anonymity-preserving biometric-based multi-server authenticated key agreement scheme using smart cards. Expert Syst Appl 41(18):8129– 8143

    Article  Google Scholar 

  47. Messerges TS, Dabbish EA, Sloan RH (2002) Examining smart-card security under the threat of power analysis attacks. IEEE Trans Comput 51(5):541–552

    Article  MathSciNet  Google Scholar 

  48. Mir O, Nikooghadam M (2015) A secure biometrics based authentication with key agreement scheme in telemedicine networks for e-health services. Wirel Person Comm 83(4):2439–2461

    Article  Google Scholar 

  49. Sun DZ, Huai JP, Sun JZ, Li JX, Zhang JW, Feng ZY (2009) Improvements of juang’s password-authenticated key agreement scheme using smart cards. IEEE Trans Indust Electron 56(6):2284–2291

    Article  Google Scholar 

  50. Ul Amin N, Asad M, Din N, Ch SA (2012) An authenticated key agreement with rekeying for secured body sensor networks based on hybrid cryptosystem. In: 9th IEEE International Conference on Networking, Sensing and Control (ICNSC), 2012. IEEE, pp 118–121

  51. Xie Q, Dong N, Wong DS, Hu B (2014) Cryptanalysis and security enhancement of a robust two-factor authentication and key agreement protocol. Int J Commun Syst. doi:10.1002/dac.2858

  52. Zhao D, Peng H, Li L, Yang Y (2014) A secure and effective anonymous authentication scheme for roaming service in global mobility networks. Wirel Person Commun 78(1):247–269

    Article  Google Scholar 

  53. Zhang L, Tang S, Cai Z (2014) Robust and efficient password authenticated key agreement with user anonymity for session initiation protocol-based communications. IET Commun 8(1):83– 91

    Article  Google Scholar 

  54. Zhang M, Zhang J, Zhang Y (2015) Remote three-factor authentication scheme based on fuzzy extractors. Secur Commun Netw 8 (4):682–693. doi:10.1002/sec.1016

    Article  Google Scholar 

Download references

Acknowledgments

Author would like to thank Prof. Muhammad Arshad Zia, Mr, Shahzad Saddique Chaudhry, the anonymous reviewers and the editor for their valuable suggestions to improve the quality, correctness, presentation and readability of the manuscript.

Author information

Authors and Affiliations

  1. Department of Computer Science and Software Engineering, International Islamic University Islamabad, Islamabad, Pakistan

    Shehzad Ashraf Chaudhry

Authors
  1. Shehzad Ashraf Chaudhry
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Shehzad Ashraf Chaudhry.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Chaudhry, S.A. A secure biometric based multi-server authentication scheme for social multimedia networks. Multimed Tools Appl 75, 12705–12725 (2016). https://doi.org/10.1007/s11042-015-3194-0

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11042-015-3194-0

Keywords

Search

Navigation