A Reliable Lightweight Two Factor Mutual Authenticated Session Key Agreement Protocol for Multi-Server Environment

Today's hyper-connected digital environment makes two-way authentication and secured key agreement a fundamental requirement for a secure connection. The research community has proposed many two-way authentication and secured key agreement schemes for remote access environments. There are schemes especially built for a multi-server environment where individual user can authenticate to multiple servers through a single registration. These multi-server single registration based authentication schemes are not as secure as those available for a single server environment. Recently Sahoo et al., proposed "an improved and secure two-factor dynamic identity based authenticated key agreement scheme for multi-server environment" and declare it as perfectly secured. Our vulnerability analysis on Sahoo et al.'s demonstrates the possibility of a smart-card attack and forgery attack. In addition, we detect their scheme lacks in providing perfect two-factor security, complete two-way authentication, and good repairability. We cater a new light-weight two factor secured multi-server session key agreement scheme based on two-way authentication. The strength of the scheme is proven through three manifestations of security analysis, namely informal proof through cryptanalysis, reduction-based proof using Burrows, Abadi, and Needham logic, and formal proof using cryptographic protocol verification tool. The tool-based analysis is made using two different tools, Automated Validation of Internet Security Protocols and Applications, and Scyther in-order to affirm the security analysis of our proposed scheme.