A secure three factor-based fully anonymous user authentication protocol for multi-server environment Online publication date: Sun, 31-May-2020
by Vinod Kumar Mahor; R. Padmavathi; Santanu Chatterjee; Sanshray Kumar Dewangan; Manish Kumar
International Journal of Ad Hoc and Ubiquitous Computing (IJAHUC), Vol. 34, No. 1, 2020
Abstract: A single sign-on authentication scheme is required protocol in multi-server environment. Recently, an authentication protocol based on Lagrange interpolation polynomial to satisfy multi-server environment with low computational and communication cost is proposed. In this paper, we have analysed the above scheme and show that their scheme is vulnerable to various attacks like insider attack, server impersonation attack, user impersonation attack and stolen smart card attack. We also show that their scheme fails to provide server anonymity, user revocation in case smart card is lost/stolen or users authentication parameters are revealed. We have also proposed enhanced multi-server authentication protocol using biometric-based smart card and Lagrange interpolation which is more secure. The proposed protocol is analysed using BAN logic to show that the proposed protocol provides secure authentication. In addition, we have simulated our scheme using widely accepted and used AVISPA tool to prove that our scheme is secure against passive and active attacks. The proposed protocol provides high security and anonymity along with low communication and computational cost and various security functions.
Existing subscribers:
Go to Inderscience Online Journals to access the Full Text of this article.
If you are not a subscriber and you just want to read the full contents of this article, buy online access here.Complimentary Subscribers, Editors or Members of the Editorial Board of the International Journal of Ad Hoc and Ubiquitous Computing (IJAHUC):
Login with your Inderscience username and password:
Want to subscribe?
A subscription gives you complete access to all articles in the current issue, as well as to all articles in the previous three years (where applicable). See our Orders page to subscribe.
If you still need assistance, please email subs@inderscience.com
Our Blog 
Follow us on Twitter 
Visit us on Facebook