An efficient three factor–based authentication scheme in multiserver environment using ECC

Summary Recently, Li et al have developed a smartcard‐based remote user authentication scheme in multiserver environment. They have claimed that their scheme is secured against some possible cryptographic attacks. However, we have analyzed that the scheme of Li et al cannot preserve all the proclaimed security goals, which are given as follows: (1) It is not withstanding password‐guessing, user impersonation, insider, and smartcard theft attacks, and (2) it fails to facilitate user anonymity property. To remedy these above‐mentioned security flaws, we have proposed an efficient three factor–based authentication scheme in a multiserver environment using elliptic curve cryptography. The Burrows‐Abadi‐Needham logic is used to confirm the security validation of our scheme, which ensures that it provides mutual‐authentication and session‐key agreement securely. Then, the random oracle model is also considered to analyze the proposed scheme, and it shows that the backbone parameters, ie, identity, password, biometrics, and the session key, are secure from an adversary. Further, the informal security analysis confirms that the suggested scheme can withstand against some possible mentioned attacks. Later, the Automated Validation of Internet Security Protocols and Applications tool is incorporated to ensure its security against passive and active attacks. Finally, the performance comparison of the scheme is furnished to confirm its enhanced security with other relevant schemes.