Paper 2013/380

Comments on Three Multi-Server Authentication Protocols

Yalin Chen, Jue-Sam Chou, and Wen-Yi Tsai

Abstract

Recently, Tsai et al., Liao et al. and Li et al. each proposed a multi-server authentication protocol. They claimed their protocols are secure and can withstand various attacks. However, we found some security loopholes in each of their schemes, for example, both Tsai et al.’s and Liao et al.‘s schemes suffers from server spoofing attack by an insider server. Li et al.s’ suffers from the lost smart card password-guessing attack. In addition, Liao et al.‘s scheme also has the off-line password-guessing attack. In this paper, we will first review then show the attacks on each of the schemes. Then, based on Li et al.’s scheme, we proposed a novel one and examined its security in several security features. After security analysis, we concluded that our protocol outperformed Li et al.’s scheme in the security feature of lost smart card password-guessing attack. Keywords: multi-server, password authentication protocol

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Published elsewhere. Unknown where it was published
Contact author(s)
jschou @ mail nhu edu tw
History
2013-06-12: received
Short URL
https://ia.cr/2013/380
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2013/380,
      author = {Yalin Chen and Jue-Sam Chou and Wen-Yi Tsai},
      title = {Comments on Three Multi-Server Authentication Protocols},
      howpublished = {Cryptology ePrint Archive, Paper 2013/380},
      year = {2013},
      note = {\url{https://eprint.iacr.org/2013/380}},
      url = {https://eprint.iacr.org/2013/380}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.