An Enhanced Authentication Protocol for Multi-server Environment Using Password and Smart Card

In the past two decades, numerous two-factor authentication protocols have been proposed for the multi-server environment using a smart card and password. Sahoo et al. recently proposed an authentication protocol for the multi-server environments. Our cryptanalysis shows that the Sahoo et al. scheme is susceptible to several attacks such as offline password guessing, spoofing, replay and smart-card-lost. Also their scheme does not provide two-factor security truly. We propose a new secure, mutually authenticated key-sharing protocol for the multi-server environment to overcome the security flaws in their scheme. We formally prove the secure authentication of the proposed scheme using Burrows-Abadi-Needham logic and simulate various attacks through the automated validation of internet security protocols and applications tool. Additionally, we provide an informal security analysis to show the security and functionality features of the proposed scheme. Moreover, the security and performance comparison results shows that the proposed scheme offers better security and performance.