An anonymous authenticated key-agreement scheme for multi-server infrastructure

Muhammad Arslan Akram,Chien-Ming Chen,Kadambri Agarwal,Zahid Ghaffar,Khalid Mahmood,Saru Kumari

doi:10.1186/s13673-020-00227-9

Abstract

Due to single-time registration, the multi-server authentication provides benefit for getting services from different servers through trusted agent. Generally, users feel hesitation for registering themselves individually with all service providers due to the problem of memorizing the multiple passwords. The multi-server authentication allows a quick access to services by real-time customer validation on public channel. Thereafter, hundreds of multi-server authentication protocols have been introduced. However, the more efficient and robust authentication schemes are being explored by the research academia. We introduce an anonymous scheme that resists the major security threats like impersonation attack, insider attack and password modification attacks in viable computing cost. We use random oracle model for formal security analysis of the proposed scheme. The performance analysis shows that the proposed scheme incurs less computation, energy, communication and storage cost as compared to related protocols. This analysis and comparison show that our proposed scheme is quite effective for the purpose of anonymous authentication and key agreement.

Highlights

Multi-server authentication (MSA) allows the abrupt access to various online services as compared to single registration, in peer-to-peer environment
MSA architecture [1, 2] is suitable for both sides, i.e. customers and service providers
The robustness of multi-server authentication is observed as an important requisite for the current remote based authentication paradigm

Summary

Introduction

Multi-server authentication (MSA) allows the abrupt access to various online services as compared to single registration, in peer-to-peer environment. Afterwards, another remote user verified key agreement protocol based on dynamic identity is presented by Liao and Wang [20] for MSA architecture. Irshad et al [25] proves that the protocol [23] is insecure against smart card stolen attack that helps to reveal the session key and password.

Results

Conclusion