• KSII Transactions on Internet and Information Systems
    Monthly Online Journal (eISSN: 1976-7277)

Cryptanalysis and improvement of a Multi-server Authentication protocol by Lu et al.


Abstract

The increasing number of subscribers and demand of multiplicity of services has turned Multi-Server Authentication (MSA) into an integral part of remote authentication paradigm. MSA not only offers an efficient mode to register the users by engaging a trusted third party (Registration Centre), but also a cost-effective architecture for service procurement, onwards. Recently, Lu et al.’s scheme demonstrated that Mishra et al.’s scheme is unguarded to perfect forward secrecy compromise, server masquerading, and forgery attacks, and presented a better scheme. However, we discovered that Lu et al.’s scheme is still susceptible to malicious insider attack and non-compliant to perfect forward secrecy. This study presents a critical review on Lu et al.’s scheme and then proposes a secure multi-server authentication scheme. The security properties of contributed work are validated with automated Proverif tool and proved under formal security analysis.


Statistics

Show / Hide Statistics

Statistics (Cumulative Counts from December 1st, 2015)
Multiple requests among the same browser session are counted as one view.
If you mouse over a chart, the values of data points will be shown.


Cite this article

[IEEE Style]
Azeem Irshad, Muhammad Sher, Bander A. Alzahrani, Aiiad Albeshri, Shehzad Ashraf Chaudhry and Saru Kumari, "Cryptanalysis and improvement of a Multi-server Authentication protocol by Lu et al.," KSII Transactions on Internet and Information Systems, vol. 12, no. 1, pp. 523-549, 2018. DOI: 10.3837/tiis.2018.01.025

[ACM Style]
Irshad, A., Sher, M., Alzahrani, B. A., Albeshri, A., Chaudhry, S. A., and Kumari, S. 2018. Cryptanalysis and improvement of a Multi-server Authentication protocol by Lu et al.. KSII Transactions on Internet and Information Systems, 12, 1, (2018), 523-549. DOI: 10.3837/tiis.2018.01.025