A Secure Three-Factor Authentication Protocol for E-Governance System Based on Multiserver Environments

Abstract

In electronic governance (e-governance) system, citizens can access government services such as transportation, licensing and immigration remotely over the Internet. With the development of information and communication technology, usage of the e-governance system has been increased. To efficiently provide citizens with various e-governance services, multi-server environments can be applied to the e-governance system. However, messages can be inserted, deleted, and modified by a malicious adversary since these are transmitted through a public channel. Therefore, many researchers have suggested mutual authentication protocols for secure communication in multi-server environments. In 2020, Sudhakar <i>et al</i>. proposed a smart card based lightweight authentication protocol for multi-server environments. We analyze Sudhakar <i>et al</i>.&#x2019;s protocol to propose a secure mutual authentication protocol in the e-governance system based on multi-server environments. However, we disclosure that their protocol is not resistant to smart card stolen, insider, man-in-the-middle, user impersonation, and session key disclosure attacks. Moreover, Sudhakar <i>et al</i>.&#x2019;s protocol does not provide mutual authentication. To improve these security problems, we suggest a secure three-factor mutual authentication protocol for the e-governance system based on multi-server environments. We prove our protocol&#x2019;s security using informal security analysis, Burrows-Abadi-Needham (BAN) logic, and Real-or-Random (ROR) model. We also simulate our protocol utilizing Automated Validation of Internet Security Protocols and Applications (AVISPA) tool.We estimate the proposed protocol&#x2019;s security functionalities, computation costs, and communication overheads compared with existing related protocols. Consequently, we demonstrate that our protocol is secure and suitable for the e-governance system.