Analysis and design of authentication and key agreement protocols for multi server environment

Abstract

Design of secure and efficient authenticated key agreement protocols for multi-server environment is a big challenge to security protocol designers for the past three decades. The secure protocols are necessary to access various remote services in an open channel. The evolution of research in this field has been continuing such a way that breaking previously proposed protocols and providing improved one. This unsatisfactory cycle leads to a necessity of systematic provable secure design of authentication protocols.The major limitations of existing protocols are inefficiency in protocol design, vulnerability to various well known attacks such as offline password guessing attack, replay attack, impersonation attack etc. and failure to meet some important security criteria such as perfect forward secrecy, session key secrecy, local password change and user anonymity. Some existing designs assume all the data servers are trusted which is not realistic. Some existing designs use trusted third party to achieve mutual authentication and also use expensive public key cryptographic operations along with one-way hash functions. In case of biometric based protocol design, the existing techniques used for generating biometric key do not achieve re-registration process with old user identity. Therefore, there is a need of systematic design of secure and efficient two-factor (Passv ord and Smart card) and three-factor (Password, Smart card and Biometric) authentication and key agreement protocols for the multi-server environment. newline