Robust anonymous two‐factor authenticated key exchange scheme for mobile client‐server environment

Abstract

AbstractWith the greatest advancement of information technology, mobile communication has become more widespread and prevalent. When a mobile user intends to enjoy the services offered by a remote server, he needs to be authenticated before constructing a session key with the corresponding server. Numerous authentication schemes have been provided with the purpose of validating the legitimacy of a mobile user. Recently, Xie et al. presented a modified two‐factor authenticated key exchange to eliminate the security flaws of Chen et al. Xie et al. claimed that the enhanced design was more secure than the design of Chen et al. Unfortunately, we identified that the proposed scheme by Xie et al. was insecure against user impersonation, insider and trace attacks and did fail to provide verification in login phase. To enhance the security and efficiency, we then proposed an anonymous authenticated key exchange scheme for mobile client‐server environment. We demonstrated that the proposed scheme was immune to many attacks including attacks observed in the scheme of Xie et al. We also use a formal proof, namely Burrows–Abadi–Needham logic, to analyze the proposed scheme. In addition, the proposed scheme possesses a lower computation overheads than the other related schemes. Copyright © 2016 John Wiley & Sons, Ltd.