Due to the rapid growth of computer networks and service providing servers, many network environments have been becoming multi-server architecture and various multi-server authentication protocols have been proposed. In such an environment, a user can obtain different network services from multiple network servers without repeating registration to each server. Recently, Li et al. proposed a secure dynamic ID based authentication protocol for multi-server architecture using smart cards. They claimed that their protocol preserves mutual authentication and protected from several attacks. However, in this paper, we find that Li et al.'s protocol cannot provide the protection against leak-of-verifier attack, impersonation attack, session key disclosure attack and many logged-in users' attack. To remedy these security flaws, we propose an improved version of dynamic ID based authentication protocol, which covers all the identified weaknesses of Li et al.'s protocol and is more secure and efficient for practical multi-server environments.

• 出版日期2015-11
• 单位中山大学