ISSN 1000-1239 CN 11-1777/TP

• 信息安全 •

### 多服务器架构下认证与密钥协商协议

1. 1(华东交通大学信息工程学院 南昌 330013); 2(西安电子科技大学计算机学院 西安 710071) (wantao217@163.com)
• 出版日期: 2016-11-01
• 基金资助:
国家自然科学基金项目(U1405255,71361009,41402290) This work was supported by the National Natural Science Foundation of China (U1405255, 71361009, 41402290).

### Authentication and Key Agreement Protocol for Multi-Server Architecture

Wan Tao1,2, Liu Zunxiong1, Ma Jianfeng2

1. 1(School of Information Engineering, East China Jiaotong University, Nanchang 330013); 2(School of Computer Science and Technology, Xidian University, Xi’an 710071)
• Online: 2016-11-01

Abstract: With the rapid growth of Internet applications, the architecture of server providing resources to be accessed over the network often consists of many different servers. Authentication and key agreement protocol play an important role to authenticate remote users for multi-server architecture. In recent years, several authentication and key agreement protocols for multi-server architecture have been developed. Single registration is the most important feature in a multi-server architecture which may help users take desired services without repeating registration to each service provider. Employing a dynamic ID for each login may efficiently preserve privacy. Recently, Chuang et al. presented an anonymous multi-server authenticated key agreement scheme based on trust computing using smart cards and biometrics. They claimed that their protocol not only supported multi-server environments but also achieved many security requirements. A cryptanalysis on Chuang et al.’s scheme shows that their scheme cannot provide the anonymity and is vulnerable to server masquerade attack and smart card loss attack. To overcome these security flaws, an improved protocol is proposed by choosing different secret parameters for each application server. This protocol can be proved to be secure against server masquerade attack, smart card loss attack, impersonation attack, eavesdropping attack, replay attack and so on. Besides, the improved protocol maintains the feature of simple operation.