Abstract:Password-based user authentication service is widely used in Internet. Most of the password-based authentication protocols are constructed under the single-server structure that a authencitation server stores cleartext passwords or verification data derived from password and responds to users' authentication request.The security of single-server authentication system is very fragile. In particular, when the server is comprimised, all of users' verification data is exposed to the attacker. Nowadays, development of mobile Internet leads the demand of authentication on roaming device. In this scenario, easily memorable short password and simple secret is accepted by most people despite of its security limitation. The utilization of short password worsens the situation of single-server authentication protocol. Attackers controlling the system can launch off-line dictionary attack from internal of server side to obtain users' original password.Multi-server authentication protocols can improve the security of verification data by distributed storing data on the cluster. This approach increases the difficulty of internal attack and guarantees security even if a portion of servers in the cluster are controlled by adversary. But in practice, There are some problems in existing multi-server protocols. For example, communicating with multiple servers brings extra network and computational burden to client device.To address these problems, in this paper we propose a novel password-based multi-server authenication protocol which not only require less computation on client device but remain functional and secure even if adversary controls some servers and forces them collude to attack our protocol.

A Threshold Multi-server Protocol for Password-Based Authentication.

Hash Function and Smart Card Based Multi-Server Authentication Protocol

Authentication scheme based on biometric encryption for pervasive computing environments

Inter-domain authentication scheme for Pervasive Computing Environments

An Efficient Delegation-Based Anonymous Authentication Protocol

Cryptanalysis and Improvement of Park Et Al.'s Remote User Authentication Protocol

A secure and efficient user authentication protocol for two-tiered wireless sensor networks

On the Security of Some Password Authentication Protocols.

A lightweight dynamic pseudonym identity based authentication and key agreement protocol without verification tables for multi-server architecture

PROTECT: Efficient Password-Based Threshold Single-Sign-On Authentication for Mobile Users against Perpetual Leakage

Cryptanalysis and Improvement of a Biometrics-Based Authentication and Key Agreement Scheme for Multi-Server Environments

Weaknesses of a dynamic identity based authentication protocol for multi-server architecture

Weaknesses of a Password-Authenticated Key Exchange Protocol between Clients with Different Passwords

An efficient dynamic ID based remote user authentication scheme using self-certified public keys for multi-server environment

Understanding Security Failures of Multi-Factor Authentication Schemes for Multi-Server Environments

A DYNAMIC PASSWORD AUTHENTICATION FOR REMOTE USERS IN INSECURE CHANNEL

Password-based User Authentication and Key Distribution Protocols for Client-Server Applications

Cryptanalysis of Anonymous Three Factor-Based Authentication Schemes for Multi-server Environment

Security Analysis of Yang et al.'s Practical Password-Based Two-Server Authentication and Key Exchange System

Opass: A User Authentication Protocol Resistant to Password Stealing and Password Reuse Attacks.

A Novel Multiserver Authentication Scheme Using Proxy Resignature With Scalability and Strong User Anonymity