PASSWORD-BASED AUTHENTICATED KEY EXCHANGE PROTOCOL WITHOUT TRUSTED THIRD PARTY FOR MULTI-SERVER ENVIRONMENTS

With the rapid development of Internet, lots of transactions are conducted on-line without interactions face to face. A critical issue is to keep these transactions secure and confidential. Since the Internet is a virtual and insecure world, it is rather important to authenticate each other for providing a secure environment. A password-based authenticated key exchange protocol not only allows a user to login remote servers with an easily rememberable password, but also achieves mutual authentication as well. A shared session key is then established for subsequent communication. However, if such protocols are applied in multi-server environments, the system is often vulnerable to password guessing attacks and impersonation attacks. Besides, each user has to remember multiple passwords due to the security concern. In this paper, we propose an efficient password-based authenticated key exchange protocol with smart cards for multi-server environments. The proposed protocol enables a user to utilize a single password for registration and requesting services of different remote servers. Each server is also unnecessary to maintain a verification table. Moreover, our protocol can dynamically add or remove servers without the assistance of registration center. Compared with previous works, ours not only has better efficiency, but also provides more capabilities.