Loading…

Design of Mutually Authenticated Key Agreement Protocol Resistant to Impersonation Attacks for Multi-Server Environment

Three-factor mutually authenticated key agreement protocols for multi-server environments have gained momentum in recent times due to advancements in wireless technologies and associated constraints. Several authors have put forward various authentication protocols for multi-server environment durin...

Full description

Saved in:
Bibliographic Details
Published in:IEEE access 2017, Vol.5, p.3622-3639
Main Authors: Reddy, Alavalapati Goutham, Yoon, Eun-Jun, Das, Ashok Kumar, Odelu, Vanga, Yoo, Kee-Young
Format: Article
Language:English
Subjects:
Citations: Items that this one cites
Items that cite this one
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Three-factor mutually authenticated key agreement protocols for multi-server environments have gained momentum in recent times due to advancements in wireless technologies and associated constraints. Several authors have put forward various authentication protocols for multi-server environment during the past decade. Wang et al. recently proposed a biometric-based authentication with key agreement protocol for multi-server environment and claimed that their protocol is efficient and resistant to prominent security attacks. The careful investigation of this paper shows that Wang et al. protocol's users are sharing personal identifiable information with the application servers during the registration and authentication process. This nature of disclosing credentials leads to severe threats particularly insider attacks, user impersonation attacks, and server impersonation attacks. As a remedy of the aforementioned problems, this paper proposes a novel biometric-based mutually authenticated key agreement protocols for multi-server architecture based on elliptic curve cryptography. We prove that the proposed protocol achieves secure mutual authentication property using the broadly used Burrows-Abadi-Needham logic. The formal security of the proposed protocol is verified using the widely accepted automated validation of Internet security protocols and applications tool to show that our protocol can withstand active and passive attacks including the replay and man-in-the-middle attacks. The proposed protocol is robust and efficient compared with the existing related protocols.
ISSN:2169-3536
2169-3536
DOI:10.1109/ACCESS.2017.2666258