A two-factor authentication scheme with anonymity for multi-server environments

• Published in: Security and communication networks Vol. 8; no. 8; pp. 1608 - 1625
• Main Authors: Chen, Chi-Tung, Lee, Cheng-Chi
• Format: Journal Article
• Language: English
• Published: London Blackwell Publishing Ltd 25.05.2015; Hindawi Limited
• Subjects: Authentication; Burrows-Abadi-Needham (BAN) logic; Communication networks; Computational efficiency; Criteria; Cryptography; Energy consumption; multi-server; Passwords; Security; two-factor
• ISSN: 1939-0114; 1939-0122
• DOI: 10.1002/sec.1109

In a multi‐server environment, remote user authentication is essential for secure communication. Recently, Liao and Wang, Hsiang and Shih, and Lee et al. have successively proposed various remote user authentication schemes for multi‐server environments. However, each of these schemes exhibits distinct security weaknesses. The Liao–Wang scheme is vulnerable to insider attacks and masquerade attacks, and fails to provide two‐factor security and mutual authentication. The Hsiang–Shih scheme is vulnerable to masquerade attacks and cannot provide mutual authentication. This paper shows that the Lee et al. scheme does not provide two‐factor security and cannot withstand masquerade attacks. Their scheme demonstrates poor reparability and fails to provide mutual authentication. Its password change process is inconvenient and inefficient for users who wish to update passwords. Therefore, we propose a novel two‐factor authentication scheme with anonymity for multi‐server environments and use the Burrows–Abadi–Needham logic method to verify our scheme. We compare the performance and functionality of the proposed scheme with those of previous schemes. Cryptanalysis demonstrated that our improved scheme not only overcomes the drawbacks of the Lee et al., Hsiang–Shih, and Liao–Wang schemes but also satisfies crucial design criteria for secure remote user authentication schemes in multi‐server environments. This paper presents a real‐case scenario and provides practical examples. We show that our improved authentication scheme provides more functionality than the mentioned schemes do, and can enhance effectiveness in protecting multi‐server environments. We also show that the proposed scheme is efficient and can enhance the efficiency of the authentication scheme in a multi‐server environment. Copyright © 2014 John Wiley & Sons, Ltd. The proposed scheme not only satisfies the crucial design criteria of a secure remote user authentication scheme but also overcomes the drawbacks of Lee et al., Hsiang‐Shih, Liao‐Wang, Juang, and Lin et al. schemes. The proposed scheme can provide more security functionality than the mentioned schemes do and demonstrates superior performance, including low computational costs, low communication costs, and little energy consumption. The proposed scheme can enhance effectiveness in protecting multi‐server environments and the efficiency of the authentication scheme.