An Improved Biometric Multi-Server Authentication Scheme for Chang et al.'s Protocol

Abstract

The remote authentication has been advancing with the growth of online services being offered on remotely basis. This calls for an optimal authentication framework other than single-server authentication. In this connection, the multi-server authentication architecture has been introduced in the literature that enables the users to avail variety of services of various servers, using a single pair of identity and password. Lately, we have witnessed a few multi-server authentication schemes in the literature, although security with loopholes. One of those multi-server authentication schemes has been presented by Chang et al. recently. Our analysis shows that the Chang et al. is vulnerable to impersonation attack, stolen smart card attack. In this study, we have reviewed the protocol thoroughly, and proposed an improved model, that is resistant to all known and identified attacks. The formal and informal security analysis for proposed model is also presented in this study, besides performance and its evaluation analysis.