Research On Lightweight Multi-server Authentication Protocols And Their Applications

With the rapid development of e-commerce,e-health as well as e-government,user authentication has become an essential mechanism to assure the distributed systems'security and privacy from malicious adversaries.Previously,a user had to register all servers individually to use their respective service;which proves to be a redundant and inefficient procedure.The reason is that it requires a user to register to every server separately.Hence,managing as many identity-password duos and an equal number of smart cards as is the number of servers.In fact,it is very difficult to maintain many identity-password pairs and their correct usage for the specific servers.The idea to overcome the problem of multiple-registration for different servers and its related user-inconvenience gave origin to the user authentication schemes for dealing multiple servers.A multi-server authentication scheme facilitates a user to register only once for accessing services from many service servers over the Internet.Therefore,it is urgently to design a secure and efficient authentication protocol in multi-server environment.It doubtlessly has important research significance and broad application prospects.The tremendous advances in wireless communication technology and communication handheld devices bring new types of supervision risk on a daily basis.Mobility,work flexibility,device diversity and improved teamwork across global enterprises have altered the risk outline and challenge existing distributed computing architectures.The problem is to let people have the flexibility they require for the finest production while ensuring the security and fulfillment required by the organization.In the common authentication protocol,the password might be copied divulged or forgotten.What's more,user's access process is easy to be traced.In addition,because of their great amount of computational consumption and communication consumption,lots of authentication protocols are not suitable for the computation-limited and communication-limited lightweight mobile devices.Therefore,it is urgently to design a secure and efficient,anonymity and lightweight authentication protocol in multi-server environment.The article has the following job:1.We explain the development trend,research significance and relevant research of multi-server authentication protocol.Furthermore,we also introduce the development course and related work of authentication protocols in Telecare Medical Information System(TMIS).2.We analyze the recent several multi-server authentication protocols which only use Hash function.We also analyze Lu et al's protocol which is vulnerable to suffer from servers spoofing attack and stolen smart card attack.Apart from these,Lu et al's protocol cannot ensure the confidentiality.What's more,we analyze and show Das et al's protocol is vulnerable to internal attacks,impersonation attacks and stolen smart card attack.Furthermore,Das et al's protocol also cannot provide confidentiality.3.Based on the knowledge of multiserver authentication protocol,we propose an robust and lightweight multi-server authentication and key agreement protocol based on dynamic biometrics,which can prevent the lealkage of user's privacy.To save energy,we further propose a energy-efficient and lightweight pseudonym AKA protocol for multi-medical server architecture in TMIS.What's more,under Burrows-Abadi-Needham(BAN)logic,the new protocol is secure,which can resist the known possible attacks4.As a result,these features make these protocols are very suitable for computation-limited mobile device.