Title: A secure three factor-based fully anonymous user authentication protocol for multi-server environment

Authors: Vinod Kumar Mahor; R. Padmavathi; Santanu Chatterjee; Sanshray Kumar Dewangan; Manish Kumar

Addresses: Research Center Imarat, Defence Research and Development Organization, Hyderabad 500-069, India ' Department of Computer Science and Engineering, National Institute of Technology, Warangal 506004, India ' Research Center Imarat, Defence Research and Development Organization, Hyderabad 500-069, India ' Department of Computer Science and Engineering, National Institute of Technology, Warangal 506004, India ' Department of Computer Science and Engineering, National Institute of Technology, Warangal 506004, India

Abstract: A single sign-on authentication scheme is required protocol in multi-server environment. Recently, an authentication protocol based on Lagrange interpolation polynomial to satisfy multi-server environment with low computational and communication cost is proposed. In this paper, we have analysed the above scheme and show that their scheme is vulnerable to various attacks like insider attack, server impersonation attack, user impersonation attack and stolen smart card attack. We also show that their scheme fails to provide server anonymity, user revocation in case smart card is lost/stolen or users authentication parameters are revealed. We have also proposed enhanced multi-server authentication protocol using biometric-based smart card and Lagrange interpolation which is more secure. The proposed protocol is analysed using BAN logic to show that the proposed protocol provides secure authentication. In addition, we have simulated our scheme using widely accepted and used AVISPA tool to prove that our scheme is secure against passive and active attacks. The proposed protocol provides high security and anonymity along with low communication and computational cost and various security functions.

Keywords: authentication; multi-server authentication; security; smart card; Lagrange interpolation; single sign-on; AVISPA; BAN logic.

DOI: 10.1504/IJAHUC.2020.107506

International Journal of Ad Hoc and Ubiquitous Computing, 2020 Vol.34 No.1, pp.45 - 60

Received: 29 Mar 2019
Accepted: 09 Sep 2019

Published online: 31 May 2020 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article