Open Access  Subscription or Fee Access

Secure multi server strong-password authentication using two factor approaches is a very practical solution to validate the eligibility of a remote user and provide secure communication later. Also, due to fast progress of networks and information technology, most of provided services are in multi-server environments. In this paper, we propose a novel user authentication using graphical passwords and key agreement scheme using service messages to mobiles for multi-server environments with much less computational cost and more functionality. It uses algorithms to generate image passwords for authentication and to generate passwords for sending to mobiles. The major merits include: (1) users only need to register at the registration centre once and can use permitted services in eligible servers; (2) users can freely choose their passwords; (3) the computation and communication cost is very low; (4) servers and users can authenticate each other; (5) it generates a session key agreed by the user and the server.

Password, Remote Authentication, Session Key, Mobile, Multi Server.

Petr Nova, Milan Rollo, Jiri Hodik, Tomas Vlcek: Communication Security in Multi-agent Systems, CEEMAS 2003, Springer-Verlag Berlin Heidelberg 2003.

William Stallings, Cryptography and Network Security: Principles and Practice, Fourth Edition;, Prentice Hall: 2005.

Somchart Fugkeaw, Piyawit Manpanpanich, and Sekpon Juntapremjitt, Multi-Application Authentication based on Multi Agent System, Proceedings of IAENG International Conference on Communication Systems and Applications (ICCSA'07), HongKong, March 2007.

Smart Card Technology: New Methods for Computer Access Control, National Institute of Standards and Technology, NIST Special Publication 500-157, National Technical Information Service, Springfield, VA, September 1988. Horn G. and Preneel B., ―Authentication and payment in future mobile systems‖, Proc. of ESORICS‘98, Louvainla- Neuve, Belgium, Sep. 6–8, LNCS, Springer Verlag, 1998, 277 293.

Herzberg Amir, ―Payments and Banking with mobile personal devices‖, Communications of the ACM, May 2003, Vol. 46 No. 5

ISO/IEC 7810, Identification cards - Physical characteristics, Third ed. 2003-11-01, Ref. no. ISO/IEC 7810:2003(E)

Adi, A. Mabrouk, A. Al-Qayedi, A. Zahro (2004), Combined Web/Mobile Authentication for Secure Web Access.

Control, Wireless communications and Networking conference, IEEE Communications Society, pp. 677- 681.

S. Kungpisdan, B. Srinivasan and P.D. Le, (2004), A Secure Account-Based Mobile Payment Protocol, Proceedings of the International Conference on Information Technology: Coding and Computing, IEEE CS press, pp. 35-39.

N. M. Haller. A one-time password system,". Tech. Rep. RFC 1938, May 1996.

M. S. Hwang, J. W. Lo, C. Y. Liu, and S. C. Lin, Cryptanalysis of a user friendly remote authentication scheme with smart card," Pakistan Journal of Applied Sciences, vol. 5, no. 1, pp. 99{100, 2005.

L. Lamport, Password authentication with inse- cure communication," Communications of the ACM, vol. 24, pp. 770{772, November 1981.

C. C. Lee, M. S. Hwang, and W. P. Yang, A °exible remote user authentication scheme using smart cards," ACM Operating Systems Review, vol. 36, no. 3, pp. 46{52, 2002.

C. C. Lee, L. H. Li, and M. S. Hwang, A remote user authentication scheme using hash functions," ACM Operating Systems Review, vol. 36, no. 4, pp. 23{29, 2002.

L. H. Li, I. C. Lin, and M. S. Hwang, A remote pass- word authentication scheme for multi-server architecture using neural networks," IEEE Transactions on Neural Networks, vol. 12, no. 6, pp. 1498{1504, 2001.

C. W. Lin, J. J. Shen, and M. S. Hwang, Security enhancement for optimal strong-password authentication protocol," ACM Operating Systems Review, vol. 37, no. 2, pp. 7{12, 2003.

I. C. Lin, M. S. Hwang, and L. H. Li, A new remote user authentication scheme for multi-server architecture," Future Generation Computer Systems, vol. 19, no. 1, pp. 13{22, 2003.

M. H. Lin and C. C. Chang, A secure one-time pass-word authentication scheme with low-computation for mobile communications," ACM SIGOPS Operating Systems Review, vol. 38, no. 2, pp. 76{84, Apr.2004.

Y.B. Lin, M.F. Chang, H. C.H. Rao, (2000), Mobile prepaid phone services, IEEE Personal Communications, vol. 7, pp.6 14.

A. Fourati, H.K.B. Ayed, F. Kamoun, A. Benzekri, (2002), A SET Based Approach to Secure the Payment in Mobile Commerce, In Proceedings of 27th Annual IEEE Conference on Local Computer Networks, pp. 136 – 140.

Huang Z., Chen K., (2002), Electronic Payment in Mobile Environment, In Proceedings of 13th International Workshop on Database and Expert Systems Applications (DEXA'02), pp. 413 – 417.

J. Hall, S. Kilbank, M. Barbeau, E. Kranakis (2001), WPP: A Secure Payment Protocol for Supporting Credit- and Debit Card Transactions over Wireless Networks, IEEE International Conference on Telecommunications (ICT).

V. Pasupathinathan, J. Pieprzyk, H. Wang and J.Y. Cho, (2006), Formal Analysis of Card-based Payment Systems in Mobile devices, Fourth Australasian Information Security Workshop, Conferences in Research and Practice in Information Technology, Vol.54, pp. 213-220.

Halevi Shai, Krawczyk Hugo, (1999), Public-key cryptography and password protocols, Proceedings of the 5th ACM conference on Computer and communications security, San Francisco, Vol. 2, Issue 3, pp. 230 - 268.

Albert, K. C. Kaya, (2001), CONSEPP: CONvenient and Secure Electronic Payment Protocol Based on X9.59, 17th Annual Computer Security Applications Conference, IEEE press, pp. 286-295.

Soriano M. and Ponce D., (2002), A Security and Usability Proposal for Mobile Electronic Commerce, IEEE Communication Magazines, Vol. 40, pp. 62- 67.

C. C. Yang, T. Y. Chang, J. W. Li, and M. S.Hwang, Security enhancement for protecting pass-word transmission," IEICE Transactions on Communications, vol. E86-B, no. 7, pp. 2178{2181, 2003.

T. C. Yeh, H. Y. Shen, and J. J. Hwang, A se-cure one time password authentication scheme using smart cards," IEICE Transactions on Communications, vol. E85, no. 11, pp. 2515{2518, 2002}.

M. Papadopouli, H. Shen and M. Spanakis, ―Characterizing the duration and association patterns of wireless access in a campus―, in 11th European Wireleshobbies will be deleted from the biography.

T. Henderson, D. Kotz, and I. Abyzov, ―The changing usage of a mature campuswide wireless network‖, In ACM/IEEE International Conference onMobile Computing and Networking (MobiCom), Philadelphia, Sep.2004.

M. Ploumidis, M. Papadopouli, and T. Karagiannis, ―Multi level application-based traffic characterizationin a large-scale wireless network‖, in Proc. of the IEEE International Symposium on aWorld of Wireless, Mobile and Multimedia Networks (WoWMoM), Helsinki, Finland, June 2007