A multi-server environment helps the users to register at the registration center once and can gain numerous network services and resources provided by remote application servers. In order to protect sensitive data from unauthorized disclosure, to authenticate the identities of network participants, and to preserve user anonymity, many chaotic maps-based multi-server authenticated key agreement schemes with user anonymity were proposed. Recently, Zhu proposed a provable privacy-protection system towards multi-server architecture, and the main contributions of their proposed system are achieving mutual authentication between network participants and ensuring the anonymity or hiding identities for the login users. However, we analyze the security of Zhu's scheme and show that it is vulnerable to privileged-insider attack and does not protect user anonymity. We also demonstrate that Zhu's scheme fails to provide mutual authentication between login user and application server and has a design flaw in anonymous authentication. To withstand these security drawbacks, we further design an improved chaotic maps-based privacy-protection scheme for multi-server environments. In comparison with the existing chaotic maps-based privacy-protection schemes, our proposed scheme is more secure with acceptable computation costs for multi-server environments.

• 出版日期2016-9-25