An efficient and secure multi-server authentication scheme with key agreement

Remote user authentication is used to validate the legitimacy of a remote log-in user. Due to the rapid growth of computer networks, many network environments have been becoming multi-server based. Recently, much research has been focused on proposing remote password authentication schemes based on smart cards for securing multi-server environments. Each of these schemes used either a nonce or a timestamp technique to prevent the replay attack. However, using the nonce technique to withstand the replay attack is potentially susceptible to the man-in-the-middle attack. Alternatively, when employing the timestamp method to secure remote password authentication, it will require the cost of implementing clock synchronization. In order to solve the above two issues, this paper proposes a self-verified timestamp technique to help the smart-card-based authentication scheme not only effectively achieve password-authenticated key agreement but also avoid the difficulty of implementing clock synchronization in multi-server environments. A secure authenticated key agreement should accomplish both mutual authentication and session key establishment. Therefore, in this paper we further give the formal proof on the execution of the proposed authenticated key agreement scheme.

► We propose a self-verified timestamp technique for multi-server authentication. ► The proposed scheme effectively achieves password-authenticated key agreement. ► The difficulty of implementing clock synchronization is avoided. ► We give the formal proof on the execution of the proposed scheme.