An enhanced multi‐server authentication protocol using password and smart‐card: cryptanalysis and design

Abstract At the present time, application of online communication systems are rapidly increasing and most of the clients depend on a set of servers to fulfill their daily needs. In order to access these servers, a client (user) needs to register to each server with different login credentials. To circumvent this situation, the concept of multi‐server authentication has been adopted, where a user can access all the servers using a single login credential. In this paper, a two‐factor multi‐server authentication protocol, which is proposed by Leu and Hsieh, is analyzed and observed that the forgery attack and the off‐line password‐guessing attack can be made on it. Further, the off‐line password‐guessing attack and other security threats are found in similar kind of multi‐server authentication protocol, which is designed by Li et al . This paper mainly focuses on enhancing the securities of the previously mentioned protocols and thus proposed a new protocol. We have employed formal and informal security analysis to analyze the proposed protocol. The performance of our protocol is also compared with the related protocols. It can also be noted that the designed protocol accomplishes mutual authentication, session key verification, and identity and password change phases. Copyright © 2016 John Wiley & Sons, Ltd.