Abstract
An anonymous authentication and key agreement (AAKA) protocol provides anonymous members symmetric authentication and establishes a symmetric session key for secure communication in public networks. Today, numerous popular remote services are based on multi-server architecture, such as the internet of things (IoT), smart cities, cloud services, vehicular ad hoc networks (VANET), and telecare medicine information systems (TMIS). Many researchers have attempted to design AAKA protocols in multi-server environments for various applications. However, many of these have security defects, even if they have so-called “formal” security proofs. In this paper, we analyze related AAKA protocols to identify the common design defects, expound the process of designing secure AAKA protocols, and explain why the present AAKA protocols still suffer attacks, despite having security proofs. We instruct readers on how to design a secure AAKA protocol and how to prove the security. This paper will therefore be helpful for the design of new AAKA protocols, and for ensuring their security.
Highlights
An authentication and key agreement (AKA) protocol enables users to log in to remote servers over insecure channels to confirm their symmetric authenticity with each other and create a symmetric session key, which is used to securely communicate in the session
Protocol in 1990, which uses the smart card as the second factor to avoid password replay attack
In a three-factor AKA, the authenticity of the user is confirmed by three distinct factors, which are typically the password, the smart card, and a form of biometric identification
Summary
An authentication and key agreement (AKA) protocol enables users to log in to remote servers over insecure channels to confirm their symmetric authenticity with each other and create a symmetric session key, which is used to securely communicate in the session. The first AKA protocol, which is password-based, with the server verifying a user by username and the corresponding password, was proposed by Lamport [1] in 1981; a password-based authentication protocol requires password tables and is vulnerable to password replay attacks, where an intruder replays the previously intercepted password to successfully log in to the server. In this case, Hwang [2] proposed the first two-factor AKA protocol in 1990, which uses the smart card as the second factor to avoid password replay attack. Many multi-server AKA protocols have been proposed, in which the servers are regarded as independent entities with distinct secret keys
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
