Cryptanalysis and improvement of a Multi-Server Authenticated Key Agreement by Chen and Lee’s Scheme

Authors

  • Azeem Irshad Department of Computer Science & Software Engineering, International Islamic University, Islamabad
  • Husnain Naqvi Department of Computer Science & Software Engineering, International Islamic University, Islamabad
  • Shehzad Ashraf Chaudhary Department of Computer Science & Software Engineering, International Islamic University, Islamabad
  • Muhammad Usman Department of Computer Science, Faculty of Natural Science, Quaid-I-Azam University, Islamabad, Pakistan
  • Muhammad Shafiq Department of Information Technology, University of Gujrat, Gujrat, Pakistan
  • Omid Mir The Institute of Networks and Security, Johannes Kepler University Linz, Austria
  • Ambrina Kanwal Department of Computer Science, Bahria University, Islamabad, Pakistan

DOI:

https://doi.org/10.5755/j01.itc.47.3.17361

Keywords:

Multi-server authentication, cryptanalysis, biometrics, remote authentication, attack

Abstract

Multi-server authentication makes convenient to benefit from services of various service providers on the basis of one-time registration through a trusted third party. Since, the users are reluctant to register themselves separately from all servers due to the hassle of remembering many passwords and other cost constraints. The multi-server authentication enables the immediate provision of services by the real-time verification of users on an insecure channel. The literature for multi-server oriented authenticated key agreement could be traced back to Li et al. and Lee et al., in 2000. Since then, numerous multi-server authentication techniques have been put forth. Nonetheless, the research academia looks for more secure and efficient authentication protocols. Recently, Chen and Lee’s scheme presented a two-factor multi-server key agreement protocol, which is found to be prone to impersonation, stolen smart card, key-compromise impersonation attack, and trace attacks. Besides, the scheme is also found to have the inefficient password modification procedure. We propose an improved protocol that counters the above limitations in almost an equivalent computation cost. Moreover, our protocol is supplemented with formal security analysis using BAN logic along with performance analysis and evaluation.

 

DOI: http://dx.doi.org/10.5755/j01.itc.47.3.17361

Author Biographies

  • Azeem Irshad, Department of Computer Science & Software Engineering, International Islamic University, Islamabad

    PhD Scholar
    Department of Computer Science & Software Engineering, International Islamic University, Islamabad

  • Husnain Naqvi, Department of Computer Science & Software Engineering, International Islamic University, Islamabad

    Assistant Professor
    Department of Computer Science & Software Engineering, International Islamic University, Islamabad

  • Shehzad Ashraf Chaudhary, Department of Computer Science & Software Engineering, International Islamic University, Islamabad
    Assitant Professor
    Department of Computer Science & Software Engineering, International Islamic University, Islamabad
  • Muhammad Usman, Department of Computer Science, Faculty of Natural Science, Quaid-I-Azam University, Islamabad, Pakistan
    Assitant Professor
    Department of Computer Science, Faculty of Natural Science, Quaid-I-Azam University, Islamabad, Pakistan
  • Muhammad Shafiq, Department of Information Technology, University of Gujrat, Gujrat, Pakistan
    Assistant Professor
    Department of Information Technology, University of Gujrat, Gujrat, Pakistan
  • Omid Mir, The Institute of Networks and Security, Johannes Kepler University Linz, Austria
    PhD Scholar
    The Institute of Networks and Security, Johannes Kepler University Linz, Austria
  • Ambrina Kanwal, Department of Computer Science, Bahria University, Islamabad, Pakistan
    Assistant Professor
    Department of Computer Science, Bahria University, Islamabad, Pakistan

Downloads

Published

2018-09-10

Issue

Vol. 47 No. 3 (2018)

Section

Articles

License

Copyright terms are indicated in the Republic of Lithuania Law on Copyright and Related Rights, Articles 4-37.