Premium
An efficient and secure 3‐factor user‐authentication protocol for multiserver environment
Author(s) -
Luo Min,
Sun Aiying,
He Debiao,
Li Xiaohong
Publication year - 2018
Publication title -
international journal of communication systems
Language(s) - English
Resource type - Journals
SCImago Journal Rank - 0.344
H-Index - 49
eISSN - 1099-1131
pISSN - 1074-5351
DOI - 10.1002/dac.3734
Subject(s) - computer science , authentication protocol , challenge handshake authentication protocol , otway–rees protocol , computer security , wide mouth frog protocol , protocol (science) , lightweight extensible authentication protocol , multi factor authentication , computer network , authentication (law) , mutual authentication , cryptographic protocol , anonymity , cryptography , medicine , alternative medicine , pathology
Summary In the last decade, the number of web‐based applications is increasing rapidly, which leads to high demand for user authentication protocol for multiserver environment. Many user‐authentication protocols have been proposed for different applications. Unfortunately, most of them either have some security weaknesses or suffer from unsatisfactory performance. Recently, Ali and Pal proposed a three‐factor user‐authentication protocol for multiserver environment. They claimed that their protocol can provide mutual authentication and is secure against many kinds of attacks. However, we find that Ali and Pal's protocol cannot provide user anonymity and is vulnerable to 4 kinds of attacks. To enhance security, we propose a new user‐authentication protocol for multiserver environment. Then, we provide a formal security analysis and a security discussion, which indicate our protocol is provably secure and can withstand various attacks. Besides, we present a performance analysis to show that our protocol is efficient and practical for real industrial environment.