TY - JOUR
T1 - An efficient and secure design of multi-server authenticated key agreement protocol
AU - Irshad, Azeem
AU - Naqvi, Husnain
AU - Chaudhry, Shehzad Ashraf
AU - Raheem, Shouket
AU - Kumari, Saru
AU - Kanwal, Ambrina
AU - Usman, Muhammad
PY - 2018/9
Y1 - 2018/9
N2 - Multi-server authentication, being a crucial component of remote communication, provides the ease of one-time registration to users from a centralized registration authority. Therefore, the users could avail the offered services after getting authenticated of any service provider using the same registration credentials. In recent years, many multi-server authentication protocols have been demonstrated. Nonetheless, the existing schemes do not meet the security and efficiency requirements of the time. Recently, Chuang et al. presented a multi-server biometric authentication protocol which was later crypt-analysed and improved by Lin et al. with the identification of few attacks. Later, we discover that Lin et al.’s protocol is still prone to replay attack, privileged insider attack, trace attack, de-synchronization attack and key-compromise impersonation attacks. In this study, we present a multi-server authentication protocol which is not only comparable with Lin et al.’s scheme but also efficient than other state-of-the-art multi-server protocols. The security properties of our scheme are proved using formal analysis and evaluated with automated verification tool based on ProVerif.
AB - Multi-server authentication, being a crucial component of remote communication, provides the ease of one-time registration to users from a centralized registration authority. Therefore, the users could avail the offered services after getting authenticated of any service provider using the same registration credentials. In recent years, many multi-server authentication protocols have been demonstrated. Nonetheless, the existing schemes do not meet the security and efficiency requirements of the time. Recently, Chuang et al. presented a multi-server biometric authentication protocol which was later crypt-analysed and improved by Lin et al. with the identification of few attacks. Later, we discover that Lin et al.’s protocol is still prone to replay attack, privileged insider attack, trace attack, de-synchronization attack and key-compromise impersonation attacks. In this study, we present a multi-server authentication protocol which is not only comparable with Lin et al.’s scheme but also efficient than other state-of-the-art multi-server protocols. The security properties of our scheme are proved using formal analysis and evaluated with automated verification tool based on ProVerif.
KW - Multi-server authentication
KW - Biometric verification
KW - Online service providers
KW - Cryptanalysis
KW - Attacks
U2 - 10.1007/s11227-018-2467-6
DO - 10.1007/s11227-018-2467-6
M3 - Article
SN - 0920-8542
VL - 74
SP - 4771
EP - 4797
JO - Journal of Supercomputing
JF - Journal of Supercomputing
IS - 9
ER -