A Lightweight ID Based Authentication and Key Agreement Protocol for Multiserver Architecture

There is an increasing demand of an anonymous authentication to secure communications between numerous different network members while preserving privacy for the members. In this study, we address this issue by using an ID based authenticated and key agreement protocol to improve the recent protocol proposed by Xue et al. They claimed that their protocol could resist masquerade and insider attacks. Unfortunately, we find that Xue et al.'s protocol is not only really insecure against masquerade and insider attacks but also vulnerable to off-line password guessing attack. Therefore, a slight modification to their protocol is proposed to improve their shortcomings. Moreover, our protocol does not use timestamps, so it is not required to synchronize the time. As a result, according to our performance and security analyses, we can prove that our proposed protocol can enhance efficiency and improve security in comparison to previous protocols.