A secure and efficient authentication protocol for wireless applications in multi-server environment

User authentication over a public channel is an indispensable requirement in preventing any untrusted third party from accessing the services. Recently, Haq et al. (in JNCA, vol. 161, 2020) have discussed a user authentication protocol for Multi-Server Environment (MSE). Unfortunately, their construction cannot withstand the impersonation attack (both for user and server), privileged insider attack, man-in-the-middle attack and replay attack. In this paper, we propose a secure and efficient authentication protocol for wireless applications in multi-server environment to overcome these vulnerabilities. We utilize the basic operations of Elliptic Curve Cryptography (ECC) in order to achieve low computation and communication overheads. It also encompasses a secure session key update mechanism to provide the confidentiality of the session key for a long session between a user and the server. The Real-Or-Random (ROR) oracle model is used for its formal analysis and the AVISPA tool based automated simulation to validate its security under the Dolev-Yao threat model. Finally, the performance analysis proves its compatibility for the resource-constraint mobile devices.