Secure two-factor lightweight authentication protocol using self-certified public key cryptography for multi-server 5G networks

Recently Ying and Nayak proposed a multi-server supported lightweight authentication protocol for 5G networks and confirmed the security of their protocol against all prominent attacks. Nevertheless, this paper will show certain shortcomings in their protocol, like vulnerability against identity guessing, password guessing, and user impersonation attacks. Additionally, it lacks in rendering strong user anonymity and truly two-factor security. Following the crypt-analysis, we propose an improved multi-server authentication protocol, that resists all recognized attacks, including these traps. The formal analysis using broadly accepted BAN-logic assures that the proposed protocol provides mutual authentication among the user and service-providing server. Additionally, the automated verification using the "Automated Validation of Internet Security Protocols and Applications" (AVISPA) tool asserts that improved protocol is safe toward active attacks. The performance comparison with the Ying-Nayak's protocol is evident that the proposed protocol is efficient concerning computational complexity and communication costs.