An efficient and secure design of multi-server authenticated key agreement protocol

Multi-server authentication, being a crucial component of remote communication, provides the ease of one-time registration to users from a centralized registration authority. Therefore, the users could avail the offered services after getting authenticated of any service provider using the same registration credentials. In recent years, many multi-server authentication protocols have been demonstrated. Nonetheless, the existing schemes do not meet the security and efficiency requirements of the time. Recently, Chuang et al. presented a multi-server biometric authentication protocol which was later crypt-analysed and improved by Lin et al. with the identification of few attacks. Later, we discover that Lin et al.’s protocol is still prone to replay attack, privileged insider attack, trace attack, de-synchronization attack and key-compromise impersonation attacks. In this study, we present a multi-server authentication protocol which is not only comparable with Lin et al.’s scheme but also efficient than other state-of-the-art multi-server protocols. The security properties of our scheme are proved using formal analysis and evaluated with automated verification tool based on ProVerif.