Efficient and Anonymous Multi-Server Authentication and Key Agreement Protocol Framework

Abstract

On our way to switching from single-server to multi-server authentication, one of the great challenges is to design a secure and computationally efficient multi-server authentication protocol. Multi-server Authentication (MSA) relieves the user of separate and individualized registration procedures from various service providers in a network. Following MSA paradigm, a user gets registered from a trusted authority first, and then the former may benefit itself from any service being offered by any service provider without registering again, engendering overhead efficiency. Another objective for switching towards multi-server architecture was to relieve the user of maintaining multiple passwords as much as the number of servers. A robust MSA architecture makes the access of sever-oriented network services not only convenient but also readily available for users. The remote internet authentication often entails the type of multiserver authentications, which further underscores the need of MSA protocol’s efficiency and robustness against threats. The service providers in an MSA-based network authenticate and verify the users on the basis of credentials provided by Registration Centre (RC) to the users during registration phase. In traditional MSA protocols, service providers consult online RC for verifying the user’s authenticity after receiving a login request. Besides, we witness MSA protocols where RC is bypassed during mutual authentication between user and service provider. The latter class of schemes takes less communicational cost and eliminates few bottlenecks, perceptibly, due to bypassing trusted RC from mutual authentication phase. The research academia came up with many authentication protocols lately, to enhance security and minimizing communicational overhead. However, the presented solutions are costly due to employing expensive bilinear operations, on the first hand. Besides, there are light-weight MSA protocols as well, nevertheless bearing many other drawbacks making those protocols unfit for practical implementations. We address these problems by presenting a novel multi-server authentication protocol framework that is not only efficient but also free of the hassle of key management and distribution problems. The protocol framework comprises a blend of the usage of selected crypto-primitives, messages and participating entities in such a way that leads to overall efficiency and achieves the security objectives as well. In this dissertation, we present state-ofthe-art review on MSA-based protocols and then propose corresponding protocols to address the above limitations. Our proposed work not only contributes a light-weight multi-server authentication protocol framework that could establish mutual authentication without RC engagement, but also improves upon many MSA schemes (Trusted and Non-trusted environment) to enhance security and reduce communication or computational delay for establishment of an authenticated session key between user and server. To prove the security claims, the formal security analysis is performed for each protocol and the results are also validated and verified using automated simulation tools.