Remote three-factor authentication protocol with strong robustness for multi-server environment

Abstract

If a user wants to acquire different network services from various application servers in a traditional single server environment, the user must register these servers separately and remember different usernames and passwords for different servers. To solve these problems, a lot of authentication schemes for multi-server environment have been proposed. Recently, Odelu and Das et al. proposed a secure multi-server authentication protocol based on smart card, biometric and elliptic curve cryptography (ECC). We firstly analyze Odelu et al.'s scheme and find some flaws as follows: 1) the scheme may suffer Denial of Service (Dos) attack and insider attack; 2) The scheme doesn't have strong robustness because improper work of the register center (RC) may lead to the collapse of the whole system; 3) There are some design flaws in this scheme. For example, the user cannot choose his/her identity randomly and the register center needs to maintain a data table. In order to solve these problems, this paper proposes a new secure three-factor authentication protocol for multi-server environment based on Chebyshev chaotic map and secure sketch algorithm. To verify the security of the proposed scheme, we simulate our scheme using BAN logic and ProVerif tool. Through a thorough analysis, we can see that the proposed scheme not only has stronger security but also has less computation cost than Odelu et al.'s protocol.