With the explosive growth of computer networks, two-party authentication mechanism is no longer sufficient for real world. In 2008, Lee and Lee presented an efficient remote authenticated key agreement scheme for a multi-server environment. Their approach is efficient due to light operations such as hash function and exclusive-OR. Unfortunately, we discovered that their scheme is unable to withstand the forgery attack. We consequently propose a novel version with single registration using smart cards to resist this kind of attack and meanwhile achieve higher efficiency. In our proposed scheme, each service provider shares a distinct secret key with the registration center; this is to avoid risk of the whole system breaking down due to the destruction of a single service provider. Moreover, our method is nonce-based without the time synchronization problem. We also give a formal correctness analysis of mutual authentication to our scheme using BAN authentication logic. Our proposed scheme can prevent several malicious attacks and is more practical than related works.

• 出版日期2011-8
• 单位清华大学