A Secure Three-Factor Authentication Protocol for E-Governance System Based on Multiserver Environments

Yeongjae Cho; Jihyeon Oh; Deokkyu Kwon; Seunghwan Son; Sungjin Yu; Yohan Park; Youngho Park

doi:10.1109/ACCESS.2022.3191419

IEEE Access (Jan 2022)

A Secure Three-Factor Authentication Protocol for E-Governance System Based on Multiserver Environments

Yeongjae Cho,
Jihyeon Oh,
Deokkyu Kwon,
Seunghwan Son,
Sungjin Yu,
Yohan Park,
Youngho Park

Affiliations

Yeongjae Cho: ORCiD; School of Electronic and Electrical Engineering, Kyungpook National University, Daegu, South Korea
Jihyeon Oh: School of Electronic and Electrical Engineering, Kyungpook National University, Daegu, South Korea
Deokkyu Kwon: ORCiD; School of Electronic and Electrical Engineering, Kyungpook National University, Daegu, South Korea
Seunghwan Son: ORCiD; School of Electronic and Electrical Engineering, Kyungpook National University, Daegu, South Korea
Sungjin Yu: ORCiD; School of Electronic and Electrical Engineering, Kyungpook National University, Daegu, South Korea
Yohan Park: ORCiD; School of Computer Engineering, Keimyung University, Daegu, South Korea
Youngho Park: ORCiD; School of Electronic and Electrical Engineering, Kyungpook National University, Daegu, South Korea

DOI: https://doi.org/10.1109/ACCESS.2022.3191419
Journal volume & issue: Vol. 10
pp. 74351 – 74365

Abstract

Read online

In electronic governance (e-governance) system, citizens can access government services such as transportation, licensing and immigration remotely over the Internet. With the development of information and communication technology, usage of the e-governance system has been increased. To efficiently provide citizens with various e-governance services, multi-server environments can be applied to the e-governance system. However, messages can be inserted, deleted, and modified by a malicious adversary since these are transmitted through a public channel. Therefore, many researchers have suggested mutual authentication protocols for secure communication in multi-server environments. In 2020, Sudhakar et al. proposed a smart card based lightweight authentication protocol for multi-server environments. We analyze Sudhakar et al.’s protocol to propose a secure mutual authentication protocol in the e-governance system based on multi-server environments. However, we disclosure that their protocol is not resistant to smart card stolen, insider, man-in-the-middle, user impersonation, and session key disclosure attacks. Moreover, Sudhakar et al.’s protocol does not provide mutual authentication. To improve these security problems, we suggest a secure three-factor mutual authentication protocol for the e-governance system based on multi-server environments. We prove our protocol’s security using informal security analysis, Burrows-Abadi-Needham (BAN) logic, and Real-or-Random (ROR) model. We also simulate our protocol utilizing Automated Validation of Internet Security Protocols and Applications (AVISPA) tool. We estimate the proposed protocol’s security functionalities, computation costs, and communication overheads compared with existing related protocols. Consequently, we demonstrate that our protocol is secure and suitable for the e-governance system.

Published in IEEE Access

ISSN: 2169-3536 (Online)
Publisher: IEEE
Country of publisher: United States
LCC subjects: Technology: Electrical engineering. Electronics. Nuclear engineering
Website: https://ieeexplore.ieee.org/xpl/RecentIssue.jsp?punumber=6287639

About the journal

Abstract

Keywords