Abstract
Most of the password based authentication protocols make use of the single authentication server for user's authentication. User's verifier information stored on the single server is a main point of susceptibility and remains an attractive target for the attacker. On the other hand, multi-server architecture based authentication protocols make it difficult for the attacker to find out any significant authentication information related to the legitimate users. In 2009, Liao and Wang proposed a dynamic identity based remote user authentication protocol for multi-server environment. However, we found that Liao and Wang's protocol is susceptible to malicious server attack and malicious user attack. This paper presents a novel dynamic identity based authentication protocol for multi-server architecture using smart cards that resolves the aforementioned flaws, while keeping the merits of Liao and Wang's protocol. It uses two-server paradigm by imposing different levels of trust upon the two servers and the user's verifier information is distributed between these two servers known as the service provider server and the control server. The proposed protocol is practical and computational efficient because only nonce, one-way hash function and XOR operations are used in its implementation. It provides a secure method to change the user's password without the server's help. In e-commerce, the number of servers providing the services to the user is usually more than one and hence secure authentication protocols for multi-server environment are required.
Highlights
Most of the existing password authentication protocols are based on single-server model in which the server stores the user’s password verifier information in its database
We found that Liao and Wang’s protocol is susceptible to malicious server attack and malicious user attack
This paper presents a novel dynamic identity based authentication protocol for multi-server architecture using smart cards that resolves the aforementioned flaws, while keeping the merits of Liao and Wang’s protocol
Summary
Most of the existing password authentication protocols are based on single-server model in which the server stores the user’s password verifier information in its database. In a single server environment, the issue of remote login authentication with smart cards has already been solved by a variety of schemes These conventional single-server password authentication protocols can not be directly applied to multi-server environment because each user needs to remember different sets of identities and passwords. The aim of this paper is to provide a dynamic identity based secure and computational efficient authentication protocol with user’s anonymity for multi-server environment using smart cards. It protects the user’s identity in insecure communication channel and can be applied directly to e-economic applications.
Sign-in/Register to view highlights & summary Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
