The Computer Journal Advance Access originally published online on June 27, 2007
The Computer Journal 2007 50(5):602-615; doi:10.1093/comjnl/bxm030
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||
Provably Efficient Authenticated Key Agreement Protocol for Multi-Servers
Department of Computer Science and Information Engineering, Tamkang University, Tamsui, Taipei County 25137, Taiwan
* Corresponding author: junhwang{at}ms35.hinet.net
Received 23 August 2006; revised 2 May 2007
An efficient and practical authenticated key agreement protocol based on the line of geometry is proposed in this paper. It is a good solution to provide authentication and confidentiality. Identity authentication and message confidentiality are two important issues for the open network environment. In the proposed protocol, the authorized user can access multi-servers securely by keeping only a weak password and a smart card. Owing to the limited memory of the smart card, the secret information stored in the smart card has a size independent of the number of servers to which it connects. The proposed protocol provides mutual authentication between the user and the server and enables them to establish a common session key to provide message confidentiality for each other. It can also resist the replay attack, the impersonation attack, the off-line dictionary attack, the known key attack, the unknown key share attack, the stolen verifier attack and the insider attack. The security of the proposed protocol will be demonstrated by the random oracle model. Furthermore, we use the logic analysis method to analyze the proposed protocol. This protocol does not use any overload cryptographic operations and requires less communicational and computational costs than the results obtained previously from the existing scholarship.
Key Words: authentication • security and protection • access controls