Cryptanalysis and improvement of a Multi-Server Authenticated Key Agreement by Chen and Lee’s Scheme

Authors

  • Azeem Irshad Department of Computer Science & Software Engineering, International Islamic University, Islamabad
  • Husnain Naqvi Department of Computer Science & Software Engineering, International Islamic University, Islamabad
  • Shehzad Ashraf Chaudhary Department of Computer Science & Software Engineering, International Islamic University, Islamabad
  • Muhammad Usman Department of Computer Science, Faculty of Natural Science, Quaid-I-Azam University, Islamabad, Pakistan
  • Muhammad Shafiq Department of Information Technology, University of Gujrat, Gujrat, Pakistan
  • Omid Mir The Institute of Networks and Security, Johannes Kepler University Linz, Austria
  • Ambrina Kanwal Department of Computer Science, Bahria University, Islamabad, Pakistan

DOI:

https://doi.org/10.5755/j01.itc.47.3.17361

Keywords:

Multi-server authentication, cryptanalysis, biometrics, remote authentication, attack

Abstract

Multi-server authentication makes convenient to benefit from services of various service providers on the basis of one-time registration through a trusted third party. Since, the users are reluctant to register themselves separately from all servers due to the hassle of remembering many passwords and other cost constraints. The multi-server authentication enables the immediate provision of services by the real-time verification of users on an insecure channel. The literature for multi-server oriented authenticated key agreement could be traced back to Li et al. and Lee et al., in 2000. Since then, numerous multi-server authentication techniques have been put forth. Nonetheless, the research academia looks for more secure and efficient authentication protocols. Recently, Chen and Lee’s scheme presented a two-factor multi-server key agreement protocol, which is found to be prone to impersonation, stolen smart card, key-compromise impersonation attack, and trace attacks. Besides, the scheme is also found to have the inefficient password modification procedure. We propose an improved protocol that counters the above limitations in almost an equivalent computation cost. Moreover, our protocol is supplemented with formal security analysis using BAN logic along with performance analysis and evaluation.

 

DOI: http://dx.doi.org/10.5755/j01.itc.47.3.17361

Author Biographies

Azeem Irshad, Department of Computer Science & Software Engineering, International Islamic University, Islamabad

PhD Scholar
Department of Computer Science & Software Engineering, International Islamic University, Islamabad

Husnain Naqvi, Department of Computer Science & Software Engineering, International Islamic University, Islamabad

Assistant Professor
Department of Computer Science & Software Engineering, International Islamic University, Islamabad

Shehzad Ashraf Chaudhary, Department of Computer Science & Software Engineering, International Islamic University, Islamabad

Assitant Professor
Department of Computer Science & Software Engineering, International Islamic University, Islamabad

Muhammad Usman, Department of Computer Science, Faculty of Natural Science, Quaid-I-Azam University, Islamabad, Pakistan

Assitant Professor
Department of Computer Science, Faculty of Natural Science, Quaid-I-Azam University, Islamabad, Pakistan

Muhammad Shafiq, Department of Information Technology, University of Gujrat, Gujrat, Pakistan

Assistant Professor
Department of Information Technology, University of Gujrat, Gujrat, Pakistan

Omid Mir, The Institute of Networks and Security, Johannes Kepler University Linz, Austria

PhD Scholar
The Institute of Networks and Security, Johannes Kepler University Linz, Austria

Ambrina Kanwal, Department of Computer Science, Bahria University, Islamabad, Pakistan

Assistant Professor
Department of Computer Science, Bahria University, Islamabad, Pakistan

Downloads

Published

2018-09-10

Issue

Section

Articles