Efficient multi-server authentication scheme based on one-way hash function without verification table

Abstract

Following advances in network technologies, an increasing number of systems have been provided to help network users via the Internet. In order to authenticate the remote users, password-based security mechanisms have been widely used. They are easily implemented, but these mechanisms must store a verification table in the server. If an attacker steals the verification table from the server, the attacker may masquerade as a legal user. To solve the verification table stolen problem, numerous single server authentication schemes without verification tables have been proposed. These single authentication schemes suffer from a shortcoming. If a remote user wishes to use numerous network services, they must register their identity and password in these servers. In response to this problem, numerous related studies recently have been proposed. These authentication schemes enable remote users to obtain service from multiple servers without separately registering with each server. This study proposes an alternative multi-server authentication scheme using smart cards. The proposed scheme is based on the nonce, uses one-way hash function, and does not need to store any verification table in the server and registration center. The proposed scheme can withstand seven well known network security attacks.