A lightweight dynamic pseudonym identity based authentication and key agreement protocol without verification tables for multi-server architecture

TL;DR

This paper introduces a lightweight, secure multi-server authentication protocol that eliminates the need for verification tables, enhances security features, and protects user identities in distributed environments.

Contribution

It proposes a novel dynamic pseudonym identity based protocol that overcomes previous schemes' vulnerabilities and does not require servers to store verification data.

Findings

Resists replay, DoS, internal, eavesdropping, and masquerade attacks.

Provides traceability and identity protection.

Eliminates verification tables for servers.

Abstract

Traditional password based authentication schemes are mostly considered in single server environments. They are unfitted for the multi-server environments from two aspects. On the one hand, users need to register in each server and to store large sets of data, including identities and passwords. On the other hand, servers are required to store a verification table containing user identities and passwords. Recently, On the base on Sood et al.'s protocol(2011), Li et al. proposed an improved dynamic identity based authentication and key agreement protocol for multi-server architecture(2012). Li et al. claims that the proposed scheme can make up the security weaknesses of Sood et al.'s protocol. Unfortunately, our further research shows that Li et al.'s protocol contains several drawbacks and can not resist some types of known attacks, such as replay attack, Deny-of-Service attack, internal attack, eavesdropping attack, masquerade attack, and so on. In this paper, we further propose a light dynamic pseudonym identity based authentication and key agreement protocol for multi-server architecture. In our scheme, service providing servers don't need to maintain verification tables for users. The proposed protocol provides not only the declared security features in Li et al.'s paper, but also some other security features, such as traceability and identity protection.