• KSII Transactions on Internet and Information Systems
    Monthly Online Journal (eISSN: 1976-7277)

An Extended Multi-Server-Based User Authentication and Key Agreement Scheme with User Anonymity


Abstract

With the explosive growth of computer networks, many remote service providing servers and multi-server network architecture are provided and it is extremely inconvenient for users to remember numerous different identities and passwords. Therefore, it is important to provide a mechanism for a remote user to use single identity and password to access multi-server network architecture without repetitive registration and various multi-server authentication schemes have been proposed in recent years. Recently, Tsaur et al. proposed an efficient and secure smart card based user authentication and key agreement scheme for multi-server environments. They claimed that their scheme satisfies all of the requirements needed for achieving secure password authentication in multi-server environments and gives the formal proof on the execution of the proposed authenticated key agreement scheme. However, we find that Tsaur et al.'s scheme is still vulnerable to impersonation attack and many logged-in users' attack. We propose an extended scheme that not only removes the aforementioned weaknesses on their scheme but also achieves user anonymity for hiding login user's real identity. Compared with other previous related schemes, our proposed scheme keeps the efficiency and security and is more suitable for the practical applications.


Statistics

Show / Hide Statistics

Statistics (Cumulative Counts from December 1st, 2015)
Multiple requests among the same browser session are counted as one view.
If you mouse over a chart, the values of data points will be shown.


Cite this article

[IEEE Style]
Chun-Ta Li, Cheng-Chi Lee, Chi-Yao Weng and Chun-I Fan, "An Extended Multi-Server-Based User Authentication and Key Agreement Scheme with User Anonymity," KSII Transactions on Internet and Information Systems, vol. 7, no. 1, pp. 119-131, 2013. DOI: 10.3837/tiis.2013.01.008

[ACM Style]
Li, C., Lee, C., Weng, C., and Fan, C. 2013. An Extended Multi-Server-Based User Authentication and Key Agreement Scheme with User Anonymity. KSII Transactions on Internet and Information Systems, 7, 1, (2013), 119-131. DOI: 10.3837/tiis.2013.01.008