Article Preview
Top1. Introduction
Authentication is a security mechanism that checks the validity of an individual. Generally, remote user authentication schemes depend on various factors like password, biometric, smart card, etc. In 1981, Lamport devised firstly remote user authentication which is based on password verifier table. In 2000, Hwang et al. examined that his scheme is not defending stolen verifier attack and then proposed an improvement scheme using ElGamal public key encryption in which the server is not holding any type of password verification table. In 2000, Chan et al. find out impersonation attack in Hwang et al., 2000. Followed their work, various authentication schemes are devised by so many authors (Das et al., 2006; Giri et al., 2006; Goriparthi et al., 2009; Islam et al., 2013; Li, 2013; Xu et al., 2015; He et al., 2015).
In 2006, Das et al. suggested an authentication protocol by the help of bilinear pairing and proclaimed that it is able to prevent many logged in users by one login id. In addition, it provides password change facility without intervening server. In 2006, Giri et al. devised an improvement of Das et al. (2006). In 2009, Goriparthie et al. also reviewed of Das et al. (2006) and found that it suffers from replay and forgery attacks. To solve these security pitfalls, they suggested an extended authentication protocol and proclaimed that it is completely safe against various kinds of security attacks.
In 2013, Islam et al. devised remote user authentication protocol by using ECC and claiming that it is able to defend against various security threats. However, Li reviewed Islam et al.’s protocol and found that it is suffering to three attacks (i.e., password guessing, stolen verifier and insider). In order to solve those security threats, they developed an extended remote user authentication protocol by the help of ECC. It includes two versions: (1) First version does not facilitate user anonymity property; (2) Second version facilitates the user anonymity property. Li (2013) asserted that their scheme is secure from various spiteful security threats with efficient complexity. Unfortunately, Xu et al. (2015) found three attacks (i.e., password guessing, user impersonation and denial of service) in the scheme (Li, 2013). To surmount these security weaknesses, they introduced an enhancement of remote user authentication scheme by the help of ECC.
In recent time, many user authentication protocols are developed by so many authors (He et al., 2015; Odelu et al., 2014; Om et al., 2013; Chandrakar et al., 2016; Wen et al., 2012; Chandrakar et al., 2015; Chen et al., 2012; Arshad et al., 2014; Kumar et al., 2014). In 2015, He at al. proposed authentication protocol in multi-server platform and proclaimed that it is safe from various security threats. But, Odelu et al. (2014) find out two threats (i.e., known session temporary information and user impersonation) in the scheme (He et al., 2015). Moreover, this scheme is not providing user-anonymity, smartcard revocation and re-registration property. In 2013, Om et al. developed biometric based remote user authentication scheme and proclaimed that the protocol is fully secure from various security attacks. In this article, we cryptanalysis of and explained that it is not defending password guessing, user-impersonation and denial of service attacks. Moreover, does not providing user anonymity property. To remove these security shortcomings, we project an enhanced three-factor based remote user authentication protocol based on ECC usable in multi-server environment.