Compare Authentication Algorithms for Mobile Systems in Order to Introduce the Successful Characteristics of these Algorithms against Attacks

Transcription

1 Compare Authentication Algorithms for Mobile Systems in Orer to Introuce the Successful Characteristics of these Algorithms against Attacks Shahriar Mohammai Assistant Professor of Inustrial Engineering Department, KN Toosi University of Technology, Tehran, Iran Abstract Nowaays use of Ecommerce with mobile evices through the special capabilities, such as mobility an wiely use become more popular. The security of transactions in these evices is a great challenge ue to limite computing power an relatively weak processors. Mutual authentication an session key agreement can be very influential in term of security. Algorithms introuce in the 1990s ha major rawbacks. In the 2000s, a new algorithm base on hash functions were introuce, which ha a small computational loa, but not a high security an mutual authentication cannot fully support. Algorithms introuce from 2010 onwars ue to a combination of hash functions Salt an Nonce are safer. This paper examines the success of the algorithms introuce in this fiel since 2004 eals. Hakimeh Ameri M.Sc. in E-Commerce, Department of Inustrial Engineering, KN Toosi University of Technology, Tehran, Iran hameri@mail.kntu.ac.ir such as ubiquity an mobility. These characteristics have le to extremely rapi growth in mobile commerce transactions. Due to the limitations of mobile networks an mobile evices, the Mobile Services Commission has the simpler instruction, slower pace an a simpler interface because of less banwith. An Given that smaller evices, smaller screens are use an ata entry is inappropriate [4]. As mobile applications become more evelope an use in various forms of trae, criminals are more willing to enter this space. II. PRELIMINARIES Keywors e-commerce, Mobile Devices, Mutual Authentication, Security, Session Key Agreement. I. INTRODUCTION E-commerce Describe the processes of business, incluing buying an selling goos an services over the internet. Since the 1990s, the Internet an a variety of telecommunications have been promote in many aspects of aily life. Accoring to Internet Telecommunications Union In 2011, there are nearly 7 billion internet users an 5.95 billion mobile phone users worlwie (2013). Mobile broaban subscribers have grown 45% a year in the last four years, an Toay s mobile broaban subscribers are twice as fixe broaban subscribers [1]. Development of the Internet an relate technologies has reveale new opportunities for business. This le to fining new ways to manage the business an communicate information through the evelopment an expansion of e-commerce. Progress in the E-Commerce has create significant evelopments in relation to guielines an strategies, requirements, an evelopment of e-business applications. Consequently, new types of communication services using Internet have emerge through mobile evices. These evelopments le to the emergence of new opportunities an various services or igital content, calle mobile commerce (M-commerce) [2]. Consiering that Mobile evices only belong to a particular person, a mobile evice allows users better an easier access to services than those use the wire Internet. Mobile evices such as smart cars, mobile phones an PDA ue to the limite memory an computing power, face with the flaws an shortcomings [3]. Compare with online brokerage services an telephone-base traing services, brokerage mobile services have unique features, 131 A. Self-certifie public key Self-certifie public key proceure inclues initialization, public key certificates, an partial private keys, generate a private key an extraction the public key. B. Collision resistant one-way hash function One-way hash functions are the original Preparations for authentication. A family of hash functions calle collision resistant if after applying a ranom function H, fining two ifferent inputs x an y that H (x) = H (y) is not practical for an attacker. In other wors, fining the input value x is not possible from the outputs of the function H [5]. C. Salte Hash Aing a ranom string (0, 1) to the Salt before hashing the passwor can prouce more ranom hash output an enhance security. This leas to totally ifferent hash output for the same passwor string. No nee to hie the Salt content. Salt is neee to unlock the passwor. Salt is often store associate with a hash or as part of the account [6]. D. Encryption base on nonce The nonce is a value like a counter that can be use once per session. Using Nonce ensure that unauthorize users cannot access encrypte text without relating Nonce [6]. III. COMPARING ALGORITHMS FOR USER AUTHENTICATION IN MULTI-SERVER ENVIRONMENTS With the avent of the Internet tow-way authentication lost its effectiveness. Generally remote systems, provie ifferent services that create a variety of sources. Efficient multi-server authentication systems have features such as single registration, mutual authentication, session key

2 agreement, prouctivity an security. Single registration is a very important feature in multi-server environments because users nee to register once to access all the servers. So o not have too many passwors to remember to communicate with each server. On the other han Single registration raises Security because the possibility of isclosing passwors in various servers is further. Secure authentication of users in multi-server systems is very important. For greater security, single server registration in this type of networks is an important issue. Recently, remote user authentication protocols base on passwor an smart cars are highly regare ue to lower costs. Each multi user authentication algorithm base on smart car involves six basic steps: the lunch algorithm to ajust the parameters of the overall system that is one by the server, the key generation algorithm for istribute servers, registration algorithms for the users, Log in algorithm, authentication algorithm, an change passwors. In this paper we try to review an compare the provie algorithms for mutual authentication in multi-server environments that are suitable for mobile evices. The features that have been improve algorithms are investigate. One of the first propose remote authentication algorithms was introuce by Lee an et al. In 2003 is base on the iscrete logarithm problem in a multi-server environment. But Jung prove that this moel is not efficient. That shoul be store plenty of parameters for authentication in applications that are not suitable for smart cars an also i not support mutual authentication an session key agreement. In 2004, Jung improve Lee an et AL s authentication scheme. In This scheme user has one registration at the registration center but its rawback is that each server must hol the approve table that store several key share between users [7]. In the same year, C. C. Chang an et al prove that Jung s moel has not suitable functionality for registration an authentication, so a new moel base on Jung s moel provie that ha little computational cost [8]. Wang an et al in 2007 introuce a secure algorithm with acceptable efficiency for mobile authentication systems to solve the security problems in the algorithm propose by Yoon et al [9]. In 2008 J. H. Lee an D. H. Lee presente one of the first schemes base on secure an efficient authentication key agreement between a remote user an multi-server environment. The moel esigne for mutual authentication an session key agreement among users of mobile systems specifically the smart car an server applications. Due to The low-power mobile processors, XOR an Hash functions are use in this system an therefore very suitable for the mobile environment [10].C- C.Chang an T-F.Cheng in 2011 prove that Lee an Lee moel is not stable against forgery attack an users ha to re-registration in orer to use ifferent servers. To resolve these problems, a new metho provie base on mutual authentication an session key agreement. BAN logic was use for mutual authentication an claiming their moel can resist against forgery attack, Replay, Server Spoofing loss of smart car an coul not [11]. C.T.Li an et alin 2012 prove that Chang-Cheng moel is not secure against the smart car loss attacks, guessing offline ictionary attacks an expose session key. Then propose a moel base on that moel that woul have fixe security bugs [12]. C.T.Li an et al. Demonstrate that Chang-Cheng moel In aition to these bugs are not secure against internal attacks. Then presents a moel an claim their moel is secure against the smart car loss attacks, insier attacks, guessing offline Dictionary attack, forgery an Replay attack, an support mutual authentication, session key agreement an once registration. The computation cost is light because of Hash functions an XOR [13]. Y.P.Liao an S-Sh.Wang in 2009 presente a moel base on ynamic ID for secure mutual authentication in a multi - server environment. To avoi the problem of time synchronization, use Nonce-base metho to an argue their moel is resistance against attacks such as Replay, Two-factor an Server spoofing [14]. H-C Hsiang an WK. Shih the same year emonstrate that the moel propose by La-Wang's is not secure against insier attack, Server spoofing, Replay, Two-factor an forgery attack an not easily moifiable. As a result the new moel offers that can resolve better features for multi-server authentication system an eliminates security problems in previous moel [15]. In 2008 Tseng an et al. offere a plan to authenticate users with respect to their limite computational power an Claime their scheme for remote authentication of users in a multi - server environment works pretty well [16]. But Y.P.Liao an CM. Hsiao in 2013 prove that this scheme oes not have mutual authentication an session key agreement an faile against insier attacks, guessing offline ictionary attacks an malicious server. The new esign for remote user authentication base on the strong coupling provie an claime the scheme is robust against all types of attacks [3]. In the same year P. Jiang an et al. state Liao- Hsiao moel fails against guessing offline ictionary attacks, Server Spoofing, forgery attack an in aition it oes not support user anonymity. Jiang an et al. presente a new moel for authentication in multi-server environments that oes not require the pairing an supports user anonymity. They also claim that their moel resists against a variety of attacks an has low computational cost [17]. In 2012 C. C. Lee an et.al prove that the moel propose by Lee et al in 2011 that is base on a ynamic ID to authenticate users in multiserver environment [18] is not secure from Replay attacks an loss of smart car an oes not support user anonymity. Therefore a new moel was introuce an claime is safe against a variety of attacks; this moel also supports user anonymity an meets the highest stanars of efficiency [19]. In 2011 T. H. Chen emonstrate, the Wang et al moel is vulnerable against forgery an parallel session s attacks. Therefore presents a moel an claim meets all the security requirements of a session key agreement an authentication as well [20]. But S.Kumari an et al In 2012 emonstrate Chen moel is vulnerable against legitimate user attacks, loss of smart car an know the key, has serious consequences to 132

3 Row International Journal of Artificial Intelligence an Mechatronics passwor guessing attacks, Replay an forgery attack. Therefore a new moel was presente an argue is safe against guessing offline ictionary attacks, insier attack, forgery attack an Replay an meets all the esirable features [21]. In 2008, Jung et al moel was introuce for user authentication using smart cars that require features like low computational cost, freely chosen passwor, no synchronization problem, an the agreement of a session key but not secure against anonymity an guessing offline ictionary attacks [22]. To resolve this problem, China an et al (2012) have evelope a moel base on Jung moel that woul overcome this problem [23]. Yoon an et al in 2005, submitte a proposal for smart car authentication [24], which i not support mutual authentication, To resolve this problem, Li et al in 2010 provies a moel base on two-factor authentication scheme for mutual authentication an session key agreement between the user an unsecure channels [25].In 2012 Qiuyan an et al prove the moel propose by Lee an et al is not secure against lost smart car attack an the Yoon et al. moel oes not prevent against Denial of Service attacks (DOS) an Fail [26].Zhu et al (2008) prove that Hwang an Yeh moel that was a recovery for Peyravian-Zunic passwor authentication scheme is not secure against attacks. So, introuce a new moel for enhance security base on collision-resistant hash functions, an Salt techniques with time stampe an claim their moel is robust against a variety of attacks [27]. But in 2011 Islam an Biswas expresse Zhu an et al. moel ue to the timestamp has synchronization problem an is not secure against forgery attack [28]. Xu an et al (2009) claime the moel propose by Lee-Kim- Yoo an Lee-Chiu in 2005 that were esigne to Improve remote authentication scheme with smart car [29] ifthe information store on the smart car is isclose by the aversary are not secure against Forgery attacks. The new moel propose an provies the security in the ranom oracle moel uner the assumption for computational Diffie-Hellman algorithm [30]. In 2010 Song prove that the moel propose by Xu et al. is vulnerable against internal attacks an forgery attacks. Presente a new moel base on Xu moel an claime that the new protocol satisfies the security requirements an smart car authentication, are highly efficient [31].Hu et al (2007) introuce a new moel base on Liu an et al an argue that is safe against forgery, parallel sessions, lost smart car, interior an Replay attack [32]. In Table I, the performance of algorithms from 2004 to 2013 in terms of the require calculations is compare. Table I: Comparing the performance of the propose algorithm from 2004 to 2013 in terms of computation require. Computations in Amount of Computations in Computations in Authors an year authentication computation registration phase login phase phase cost Jang s algorithm(2004)[7] C.C.Chang an Lee s algorithm(2004)[8] X-M.Wang et al. s algorithm(2007)[9] Hu,Niu an Yans s algorithm(2007)[32] Tseng et al s algorithm(2008)[16] J.H.Lee an D.H.Lee s algorithm (2008)[10] Zhu an et al. s algorithm (2008)[28] Y. P. Liao an S. S. Wang s algorithm (2009)[14] Xu an et.al s algorithm (2009)[30] Hsiang an Shih s algorithm (2009)[15] Li,Lee an Wang s algorithm (2010)[26] C.C.Chang an Cheng s algorithm (2011)[11] Chen et al s algorithm (2011)[21] S.Kumari an et al. s algorithm (2012)[22] Li an et al. s algorithm (2012)[12] C.Li an C.C.lee s algorithm (2012)[13] n * syn (n+1) Hash 5 Hash 1 Hash 5 Hash 1 syn 1 syn 7 XOR 1 syn 6 XOR 1 EXP 3 XOR 7 Hash 6 XOR 6 XOR 5 Hash 7 Hash 6 syn 5 syn 7 XOR 1 syn 10 Hash 7 EXP 2 8 XOR 10 Hash 3 XOR 1 13 XOR 7 Hash 1 17 XOR 5 Hash 7 Hash 21 Hash 20 XOR 15 Hash 18 XOR n+7 syn n+ 6 syn 10 Hash 15 Hash 18 XOR 2 syn XOR 8 EXP 28 Hash 10 XOR 21 Hash 8 XOR 11 Hash 29 Hash 2 9 Hash 19 Hash XOR 1 8 XOR

4 Row International Journal of Artificial Intelligence an Mechatronics 17 C.C.Lee,Y-M.Lai,C-T.Li s algorithm 5 Hash (2012)[20] 3 XOR 18 Server: Y-P Liao, C-M Hsiao s algorithm User: (2013)[17] Server: 19 P.Jiang an et al. s algorithm (2013)[18] User: 3 XOR *here n refers to number of service proviers 15 Hash 9 Hash 7 Hash 3 XOR Hash 10 XOR Consiering that the XOR computational cost is minimal, the XOR operation is ignore in calculation the amount cost. Chart 1, compare the amount of computation require for this algorithm. In this chart algorithms that only use XOR an Hash functions are compere. Accoring to the chart this is obvious that Computations in authentication phase are more than the other phases an play a great rule to proviing security against attacks an critical features of these environments registration phase login phase authentication phase total Chart 1: Comparison the computational cost for use algorithms IV. KEY CONCEPTS FOR SECURING COMMUNICATION IN MULTI-SERVER ENVIRONMENTS Lee an et al. introuce necessary factors to create a secure communication in a multi - server environment. These features inclue the lack of verification table, passwors, user frienliness, mutual authentication an session key agreement, prouctivity, security an easy change an freely chosen passwor, iniviual registration an lightweight computational functions. For more etails see [7] Table II: Compares the performance of the propose algorithms from 2004 to Session Once No nee Mutual Lack of Main Computation cost agree- key Authors an Year registrat to synchronize cation on Table authenti verificati functions -ion ment Jang s algorithm Symmetric High (2004)[7] C.C.Chang an Lee s algorithm (2004)[8] X-M.Wang et al. s algorithm (2007)[9] Hu,Niu an Yans s algorithm(2007[32] Tseng et al s algorithm (2008)[16] J.H.Lee an D.H.Lee s algorithm (2008)[10] Zhu an et al. s algorithm (2008)[28] Y. P. Liao an S. S. Wang s algorithm (2009)[14] Cryptography Symmetric Cryptography, Symmetric Cryptography Discrete logarithm, High Mile Mile 134 Easy to change the passwor Freely chosen passwor

5 Row International Journal of Artificial Intelligence an Mechatronics Xu an et.al s algorithm (2009)[30] Hsiang an Shih s algorithm(2009)[15] Li,Lee an Wang s algorithm(2010)[26] C.C.Chang an Cheng s algorithm (2011)[11] Chen et al s algorithm(2011)[21] S.Kumari an et al. s algorithm (2012)[22] Li an et al. s algorithm (2012)[12] C.Li an C.C.lee s algorithm(2012)[13] C.C.Lee,Y-M.Lai,C- T.Li s algorithm (2012) [20] Y-P Liao, C-M Hsiao s algorithm (2013) [17] P.Jiang an et al. s algorithm (2013)[18], Asymmetric encryption Very low low V. ATTACKS Creating a formal prove security with encryption an authentication protocols is very important. Introuction of a formal suitable technology, efficient, safe an simple to correct security protocol analysis is not yet possible.security vulnerabilities in multi-server environments are ivie into four categories: insecure channel attacks, vulnerabilities of client-relate, vulnerabilities in register server an vulnerabilities in service provier. For more information see [14]. In general attacks relate to authentication ivie into two categories: the offline theft of confiential information an theft of internet channels. Steal confiential information relate to the Users login attacks on a security system. The information collecte is one withexceeing the user's personal systems that are unprotecte like Shouler surfing attacks or eceive to the user that voluntarily gives information to the attacker such as social engineering. InInternet channel attacks, attacker gathers ata transferre between the client an the server by eavesropping or replacement as one of the two parties. The following are some of the kins of attacks we escribe more etail. Comparison between Algorithms in terms of security attacks from 2004 to 2013 is presente in the table III Table III: Comparison of the performance of the propose algorithms from 2004 to 2013 in terms of security Authors an Year Offline passwor Loss of Replay Forgery Server Insier ictionary smart car attack attack spoofing attack Jang s algorithm(2004)[7] C.C.Chang an Lee s algorithm(2004)[8] Unefine X-M.Wang et al. s algorithm(2007)[9] Hu,Niu an Yans s algorithm(2007)[32] Unefine Tseng et al s algorithm(2008)[16] J.H.Lee an D.H.Lee s algorithm(2008)[10] Zhu an et al. s algorithm(2008)[28] Y. P. Liao an S. S. Wang s algorithm(2009)[14] Xu an et.al s algorithm(2009)[30] Unefine 10 Hsiang an Shih s algorithm(2009)[15] Unefine 11 Li,Lee an Wang s algorithm(2010)[26] 12 C.C.Chang an Cheng s algorithm(2011)[11] 13 * Chen et al s algorithm(2011)[21] Unefine S.Kumari an et al. s 14 algorithm(2012)[22] 15 * Li an et al. s algorithm(2012)[12] 16 * C.Li an C.C.lee s algorithm(2012)[13] 17 * C.C.Lee,Y-M.Lai,C-T.Li s 135

6 algorithm(2012)[20] 18 Y-P Liao, C-M Hsiao s algorithm(2013)[17] 19* P.Jiang an et al. s algorithm(2013)[18] *Repuiation of the claime Accuracy an security of these algorithms not foun yet in any article The success rate of propose algorithms against 6 review attacks is shown in chart 2. Chart 2: The success rate of analysis algorithms against six presente attacks VI. INVESTIGATE THE REASONS FOR THE SUCCESS OF ALGORITHMS Multi-user authentication algorithms are base onsmart cart consist of six main steps, incluing setup algorithm which is performe by the registration server to set the overall system parameters, registration phase for users, login algorithm, authentication algorithm an the change passwor phase. In the following influencing factors on success an security of algorithms are reviewe. A. Registration phase Three types of attacks can occur base on registration algorithm mistakes. 1) Insier attack This type of attack occurs when the information relate to the user's login such as ID or passwor, is store Plaintext on the server. In this case, if a malicious person has access to server information can easily take user passwors an use it illegally. An effective solution to this problem is using Hash algorithm on the user's sie. This encrypte passwor is sent to the server. Registration phase Without Hash One way Hash Salte hash [7], [8], [10],[11],[14],[16],[21],[26],[30] [12], [20] [9], [13], [15],[17],[18],[21],[22],[32] Fail in Insier attack Fig.1. Evaluate the reasons for the success of the algorithm against internal attacks *Number in figures enote the accoring reference As shown in Fig. 1, Accoring to the algorithms being stuie, Algorithms thatuse simple hash functions or salt to sen the passwor to the server have been able to resist these attacksas well. 2) Loss of smart car Resist the Insier attack 136 If the information store on a smart car, have an important role in the Login process computing, an login parameters can be obtain from the store information in the smart car, in the case of an illegal access to smart car information, transaction security is enangere.

7 Loss of smart car Fail Resist Save in smart car Registration phase Save in smart car Registration phase One way Hash Salte hash One way Hash Salte hash [7], [16] Login phase Login phase With nonce With Ranom number Without Hash Without Ranom number [9], [21] With Hash + ranom number+ public key With Hash + ranom number [17] [26] [11], [14],[15] [18] Withnonce [13], [22], [32] Fig.2. Assess reasons for the success of the algorithm against the smart car loss attacks As shown in Fig. 2, the algorithms use simple hash an Salt functions in registration process, an the use of hashing, ranom number, Nonce an public keys in Login phase are secure againstthe missing cars attack an not use any of them in the Login process cause failure in these algorithms. 3) Offline passwor ictionary attack This attack accrue once illegal user can access the passwor files that are store on the server sie an use the same way server generate passwor verification ata,like hash functions, to calculate its own ictionary. Fig.3. Evaluate the reasons for the success of the algorithm against Offline passwor ictionary attack Accoring to fig. 3 algorithms which use hash function or salt without store any ID or passwor table are secure against this attack. Not using hash or use the storing table causes algorithms to fail in the face of these attacks. 137 B. Login phase Forgery attack an replay attackcan be mentione as malicious attacks that occur ue to bugs of login algorithms.

8 1) Forgery attack By revealing the passwor or user ata associate with login process, espite a gap in the program or fin a way to authentication process this type of attack may occur. As it is apparent from Fig. 4, the use of a simple hashfunction with a ranom number an public keyor Salt with Nonce an ranom number an also salt without nonce an with ranom number in login phase can secure algorithms against forgery attack. 2) Reply attack This is also known as Man in the Mile Attack. Attacker by eavesropping the communication between user an server, steal user login information an by sening this information to server repeately Convince the server that is the legal user an start their malicious actions. Fig.4. Evaluate the reasons for the success of the algorithm against forgery attack Fig.5. Evaluate the reasons for the success of the algorithm against Reply attack 138

9 Accoring to fig. 5, use of timestamp with nonce or ranom number in login phase can secure the algorithms against reply attack. If algorithms oes not use time stamp, the use of ranom number in login phase along with checking nonce in authentication phase or use nonce in login phase along with checking nonce or use of time interval in authentication phase can also secure the algorithms against replay attack. C. Authentication phase Server spoofing is one of the highly estructive attacks that woul happen ue to security bugs in authentication algorithms. 1) Server spoofing attack In this type of attack, an attacker server S, plays the role of the user U an tries to access to the primary server S that the user U has account. After communicating, S ' has receive the ranom number store in S an then cut off the connection. The next step, S convinces the user by phishing to enter his system an thereby acquires the passwor associate with that number. In the final stage S ' as the user U enters into the server S by achieve Passwor an can access the user account an perform their malicious actions. To prevent this attack, how the algorithms worke in authentication phaseis very important. In aition, mutual authentication between the client an server an agreement on a common session key for security against this type of attack is vital. Fig.6. Evaluate the reasons for the success of the algorithm againstserver spoofing attack Accoring to fig. 6, use of nonce in authentication phase without mutual authentication or mutual authentication along with common session key agreement can secure algorithms against server spoofing attack. The lack of mutual authentication an nonce make failure against the attack. VII. CONCLUSION This paper iscusse multi-user authentication algorithm in mobile systems. Consiering the mobile evices with limite energy resources an computing capability, the esign of the secure authentication scheme suitable for mobile systems is a big challenge. Hash functions are use to overcome the problem of poor computational power. To have a secure business communication in mobile systems, features an properties have been introuce, such as mutual authentication, session key which algorithms shoul be able to provie them. In this paper, these characteristics are fully explaine an successes of the propose algorithms from 2004 to 2013 to meet these nees are compare. By comparing these algorithms an evaluate their success or failure reasonssome results are obtaine as follows: To prevent insier attacks, passwors shoul be sent in encrypte form to the server. To prevent smart car attacks using hashing, ranom number with the public key or Nonce in login phase has an impact. To prevent offline ictionary attack use of the one-way hash functions without storing passwors table or using a hash function in the registration phase is useful. To prevent forgery attack in login phase, one -way hash functionsor ranom number an public key or use of Salt function with Nonce an ranom number or ranom number without Nonceis use. In login phase, use of time stamp, ranom number an nonce, or use of ranom number an nonce without time stamp in authentication phase use to prevent from reply attack. To prevent server spoofing attack use of ranom number an public key in authentication phase an mutual authentication, the algorithm can reach the esire security level. Accoring to these results an applying them, can improve secure authentication algorithms in mobile systems. 139

10 REFERENCES [1] available [2] Choi, J., Seol, H., Lee, S., Cho, H., & Park, Y. Customer satisfaction factors of mobile commerce in Korea. Internet research, 18 (3), 2008, pp [3] Liao, Y. P., & Hsiao, C. M. A novel multi-server remote user authentication scheme using self-certifie public keys for mobile clients. Future Generation Computer Systems, 29 (3), 2013, pp [4] Lin, J., Lu, Y., Wang, B., & Wei, K. K. "The role of interchannel trust transfer in establishing mobile commerce trust. Electronic Commerce Research an Applications, 10 (6)2011, pp., [5] Li, X., Hess, T. J., & Valacich, J. S. Why o we trust new technology? A stuy of initial trust formation with organizational information systems. The Journal of Strategic Information Systems, 17 (1), 2008, pp [6] Kim, K. K., Park, S. H., Ryoo, S. Y., & Park, S. K. Interorganizational cooperation in buyer supplier relationships: Both perspectives. Journal of Business Research, 63 (8), 2010, pp [7] Juang, W. S. Efficient multi-server passwor authenticate key agreement using smart cars. Consumer Electronics, IEEE Transactions on, 50 (1),2004, pp [8] C. C. Chang an J. S. Lee. An efficient an secure multi-server passwor authentication scheme using Smart car. Proc. Of the 3r International Conference on Cyberworls, Tokyo, Japan,2004, pp [9] Wang, X. M., Zhang, W. F., Zhang, J. S., & Khan, M. K. Cryptanalysis an improvement on two efficient remote user authentication scheme using smart cars. Computer Stanars & Interfaces, 29 (5), 2007, pp [10] Lee, J. H., & Lee, D. H. Efficient an secure remote authenticate key agreement scheme for multi-server using mobile equipment. In Consumer Electronics, ICCE Digest of Technical Papers. International Conference on, January, 2008, pp [11] Chang, C. C., & Cheng, T. F. A robust an efficient smart car base remote login mechanism for multi-server architecture. International Journal of Innovative Computing, Information an Control, 7 (8),2011, pp [12] Li, C. T., Weng, C. Y., & Fan, C. I. Two-factor user authentication in multi-server networks. International Journal of Security an Its Applications, 6 (2), 2012, pp [13] Li, C. T., Lee, C. C., Mei, H., & Yang, C. H. A Passwor an Smart Car Base User Authentication Mechanism for Multi- Server Environments. International Journal of Future Generation Communication an Networking Vol. 5, No. 4, 2012, pp [14] Liao, Y. P., & Wang, S. S. A secure ynamic ID base remote user authentication scheme for multi-server environment. Computer Stanars & Interfaces, 31 (1), 2009, pp [15] Hsiang, H. C., & Shih, W. K. Improvement of the secure ynamic ID base remote user authentication scheme for multiserver environment. Computer Stanars & Interfaces, 31 (6),2009, pp [16] Tseng, Y. M., Wu, T. Y., & Wu, J. D. A pairing-base user authentication scheme for wireless clients with smart cars. Informatica, 19 (2), 2008, pp [17] Jiang, P., Wen, Q., Li, W., Jin, Z., & Zhang, H. An Anonymous User Authentication with Key Agreement Scheme without Pairings for Multi server Architecture Using SCPKs. The Scientific Worl Journal, [18] Lee, C. C., Lin, T. H., & Chang, R. X. A secure ynamic ID base remote user authentication scheme for multi-server environment using smart cars. Expert Systems with Applications, 38 (11), 2011, pp [19] Lee, C. C., Lai, Y. M., & Li, C. T. An improve secure ynamic ID base remote user authentication scheme for multiserver environment. International Journal of Security an Its Applications, 6 (2), 2012, pp [20] Chen, T. H., Hsiang, H. C., & Shih, W. K. Security enhancement on an improvement on two remote user authentication schemes using smart cars. Future Generation Computer Systems, 27 (4), 2011, pp [21] Kumari, S., Gupta, M. K., & Kumar, M. Cryptanalysis an security enhancement of Chen et al. s remote user authentication scheme using smart car. Central European Journal of Computer Science, 2 (1), 2012, pp [22] Juang, W. S., Chen, S. T., &Liaw, H. T. Robust an efficient passwor-authenticate key agreement using smart cars. Inustrial Electronics, IEEE Transactions on, 55 (6), 2008, pp [23] Chain, K., Kuo, W. C., Hsiang, C. P., Cheng, J. C., & Yang, J. F.. Improve Passwor-Authenticate Key Agreement Using Smart Cars. ISA [24] Yoon, E.J,Ryn,E.K,Yoo,K.Y. An improvement of H-Wang- Lee-Tang's simple remote user authentication scheme., Cmputer& security, 24 (1),2005, pp [25] Li,C-T,Lee,C.C,Wang.L-J. A two-factor user authentication scheme proviing mutual authentication an key agreement over insecure channels. Journal of information assurance an security 5, 2010, pp [26] Qiuyan, J., Lee, K., & Won, D. Cryptanalysis of a two-factor user authentication scheme over insecure channels. ISA [27] Zhu, L., Yu, S., & Zhang, X. Improvement upon mutual passwor authentication scheme. In Business an Information Management, ISBIM'08. International Seminar on IEEE,Vol. 1, December 2008, pp [28] Hafizul Islam, S. K., & Biswas, G. P. Design of improve passwor authentication an upate scheme base on elliptic curve cryptography. Mathematical an Computer Moelling,2011. [29] Lee, N. Y., & Chiu, Y. C. Improve remote authentication scheme with smart car. Computer Stanars & Interfaces, 27 (2), 2005, pp [30] Xu, J., Zhu, W. T., &Feng, D. G. An improve smart car base passwor authentication scheme with provable security. Computer Stanars & Interfaces, 31 (4), 2009, pp [31] Song, R. Avance smart car base passwor authentication protocol. Computer Stanars & Interfaces, 32 (5), 2010, pp [32] Hu, L. L., Niu, X. X., & Yang, Y. X. Weaknesses an improvements of a remote user authentication scheme using smart cars. The Journal of China Universities of Posts an Telecommunications, 14 (3), 2007, pp AUTHOR S PROFILE Dr. S. Mohammai is a former senior lecturer at the University of Derby, UK. He also use to be a Network consultant inthe UK for more than fifteen years. He is currently a lecturer in the Inustrial Eng. Department of the University of K.N.Toosi, of Iran. His main research interests an lectures are in the fiels of Networking, Data Security, Network Security, e-commerce an e-commerce Security. He has publishe more than one hunre papers in various ISI, international, an internal ElmiPajoheshi journals as well as conferences. In aition, he has publishe four books an two book chapters in his fiel so far while he is expecting to publish three further books by the Winter 1390 (2012). Mohammai@kntu.ac.ir or smohammai40@yahoo.com Hakimeh Ameri is grauate in M.S at K.N Toosi University of technology in information technology. Her main research interests are in Security, Network Security, an Data mining. hameri@mail.kntu.ac.ir or ha.amery@gmail.com 140