Improvement of smart card based password authentication scheme for multiserver environments

Abstract

In multiserver (MS) environments, it is preferable for a remote user to login to different service provider servers by keying in the same password. Recently, Wang et al. proposed an improvement on the dynamic identity-based smart card authentication scheme of Liao and Wang for MS environments. Sandeep et al. improved the dynamic identity-based smart card authentication scheme of Hsiang et al. for MS architecture. However, we found that the schemes of Wang et al. and Sandeep et al. failed to provide service provider server authentication, perfect forward security, and login scalability. In addition, the scheme of Sandeep et al. was insecure against stolen verifier attacks. This paper proposes an improved smart card-based password authentication scheme for MS environments. The new scheme removes all of the abovementioned weaknesses. The proposed identity-based smart card authentication scheme satisfies the following properties: C1. User authentication; C2. Service provider server authentication; C3. Control server authentication; C4. Perfect forward security; C5. Freedom of password change; C6. Scalability of login; C7. Resistance to stolen verifier attacks; and C8. High efficiency. © TÜBITAK.