Abstract
Multi-server authentication technology has become more and more popular with the extensive applications of networks. Although it has brought great convenience to people’s life, security becomes a critical issue and attracts lots of attentions in both academia and industry. Over the past two decades, a series of multi-server authentication schemes without communication with the online registration center in each authentication phase using the self-certified public key cryptography have been proposed to enhance security. However, it may cause the single-point failure problem due to the centralized architecture. Besides, user revocation facility is not well resolved in these schemes. To the best of our knowledge, blockchain technology has lots of advantages, bringing a promising solution to the problems of single-point failure and user revocation compared with the traditional cryptography technologies. In this work, we apply the idea of blockchain technology to construct a privacy-awareness authentication scheme for the multi-server environment, which can achieve distributed registry and efficient revocation. Moreover, the proposed scheme not only provides multiple security requirements like mutual authentication, user anonymity and perfect forward secrecy, but also resists various kinds of malicious attacks. The security of the proposed scheme is proved by rigorous formal proof using the random oracle model. Compared with recently related schemes, the proposed scheme has better communication performance, which make it be very suitable for real-life applications.
Highlights
With the rapid development of network and information techniques, many applications and services that are based on the Internet platform are emerging one after another
Odelu et al [3] pointed out that He and Wang’s scheme was vulnerable to known session-specific temporary information attack, impersonation attack, wrong password login attack. They put forward a secure biometrics-based multi-server authentication protocol using smart cards, which can provide the problem of user revocation and resist various attacks
CONTRIBUTIONS In this paper, we present a blockchain-based privacyawareness authentication scheme with efficient revocation for multi-server architectures
Summary
With the rapid development of network and information techniques, many applications and services that are based on the Internet platform are emerging one after another. Odelu et al [3] pointed out that He and Wang’s scheme was vulnerable to known session-specific temporary information attack, impersonation attack, wrong password login attack To address these issues, they put forward a secure biometrics-based multi-server authentication protocol using smart cards, which can provide the problem of user revocation and resist various attacks. To the best of our knowledge, these multi-server authentication schemes using the SCPKC cryptography adopt the black/white list mechanism or expiration time method to revoke users, which may cause communication costs or security problem. All of these multi-server authentication schemes share a common problem: users have to register on a single trust third party.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
