Privacy Preserving Password-Based Multi-server Authenticated Key Agreement Protocol Using Smart Card

摘要

Clint-server based communication mechanism provides climbable environment for online services, where a user can obtain several services at any time and from anywhere via Internet. As Internet is an insecure communication medium, to achieve security and accountability in data transmission, authentication and key agreement protocols are being adopted. Majority of the existing protocols for mutual authentication are designed for single-server environment, which do not present scalable solution for multi-server environment as multiple registrations are required to perform by the user. Additionally, user must maintain multiple secret keys to access multiple application servers. On the contrary, multi-server authentication (MSA) mechanism presents a user-friendly solution to multiple-registration problem. Unfortunately, many MAS schemes consider trusted server environment, whereas some server may be semi-trusted. To address this issue, Kalra and Sood recently proposed MAS scheme, where all servers need not be entrusted. Kalra and Sood's scheme is feasible for semi-trusted environment. By seeing its importance, we have thoroughly analyzed its security. Unfortunately, we have identified some security flaws in their scheme. Our aim is to overcome the flaws of Kalra and Sood's scheme, and present privacy protected mutual authentication mechanism for multi-server communication. In this paper, we first pointed out the security failures of Kalra and Sood's scheme and then proposed an improved MSA scheme to fix those vulnerabilities of existing MSA schemes. Our design is suitable for semi-trusted environment and protects anonymity. Moreover, the performance of the proposed protocol is comparable with the existing protocols.