A secure and robust anonymous three-factor remote user authentication scheme for multi-server environment using ECC

Abstract

With the rapid growth of the computer and the Internet technology, various types of services are provided through the Internet such as e-banking, e-rail, e-commerce, online game, etc. Today, they have become an important part of our lives and make life very convenient. However, most of these applications/services operate over an insecure channel therefore authentication is required before permitting the remote access of those services. In this paper, we propose a secure anonymous three-factor based remote user authentication scheme for multi-server environment using ECC. We show that the proposed scheme is accurate and provides mutual authentication and session key agreement securely on the basis of BAN logic. Its formal security analysis, using Random Oracle Model, shows that an attacker cannot retrieve the backbone parameters such as user identity, password, secret keys, and session key. Using informal security analysis, we prove that our scheme defends against various security pitfalls. Additionally, we compare our scheme with other surviving relevant schemes and the comparative results show that our scheme is efficient in terms of computation cost, communication cost, smart card storage cost and estimated time. Specially, the proposed scheme is not only secure against various security threats, but it also facilitates an accurate login phase, robust authentication phase and user friendly password change phase.