Cryptanalysis and Extended Three-Factor Remote User Authentication Scheme in Multi-Server Environment
详细信息 查看全文
- 作者:Preeti Chandrakar ; Hari Om
- 关键词:Authentication ; AVISPA ; BAN Logic ; Cryptanalysis ; Three ; factor
- 刊名:Arabian Journal for Science and Engineering
- 出版年:2017
- 出版时间:February 2017
- 年:2017
- 卷:42
- 期:2
- 页码:765-786
- 全文大小:
- 刊物类别:Engineering
- 刊物主题:Engineering, general; Science, Humanities and Social Sciences, multidisciplinary;
- 出版者:Springer Berlin Heidelberg
- ISSN:2191-4281
- 卷排序:42
文摘
Recently, Wen et al. have developed three-factor authentication protocol for multi-server environment, claiming it to be resistant to several kinds of attacks. In this paper, we review Wen et al.’s protocol and find that it does not fortify against many security vulnerabilities: (1) inaccurate password change phase, (2) failure to achieve forward secrecy, (3) improper authentication, (4) known session-specific temporary information vulnerability and (5) lack of smart card revocation and biometric update phase. To get rid of these security weaknesses, we present a safe and reliable three-factor authentication scheme usable in multi-server environment. The Burrows–Abadi–Needham logic shows that our scheme is accurate, and the formal and informal security verifications show that it can defend against various spiteful threats. Further, we simulate our scheme using the broadly known Automated Validation of Internet Security Protocols and Applications tool, which ensures that it is safe from the active and passive attacks and also prevent the replay and man-in-the-middle attacks. The performance evaluation shows that the presented protocol gives strong security as well as better complexity in the terms of communication cost, computation cost and estimated time.