An improved biometric multi-server authentication scheme for Chang et al.‘s protocol

Abstract

The remote authentication has been advancing with the growth of online services being offered on remote basis. This calls for an optimal authentication framework other than single-server authentication. In this connection, the multi-server authentication architecture has been introduced in the literature that enables the users to avail variety of services of various service providers, using a single pair of identity and password. Lately, we have witnessed a few multi-server authentication protocols in the literature that had several limitations. One of those multi-server authentication protocols has been put forward by Chang et al. recently. Our analysis shows that the Chang et al.‘s scheme is susceptible to impersonation threat, stolen smart card threat. In this study, we have reviewed the protocol thoroughly, and proposed an improved model, that is resistant to all known and identified threats. The formal security analysis along with discussion of informal analysis for contributed model is also presented in this study, besides performance and its evaluation analysis.