How to design a secure anonymous authentication and key agreement protocol for multi-server environments and prove its security
Journal
Symmetry
Journal Volume
13
Journal Issue
9
Date Issued
2021
Author(s)
Abstract
An anonymous authentication and key agreement (AAKA) protocol provides anonymous members symmetric authentication and establishes a symmetric session key for secure communication in public networks. Today, numerous popular remote services are based on multi-server architecture, such as the internet of things (IoT), smart cities, cloud services, vehicular ad hoc networks (VANET), and telecare medicine information systems (TMIS). Many researchers have attempted to design AAKA protocols in multi-server environments for various applications. However, many of these have security defects, even if they have so-called “formal” security proofs. In this paper, we analyze related AAKA protocols to identify the common design defects, expound the process of designing secure AAKA protocols, and explain why the present AAKA protocols still suffer attacks, despite having security proofs. We instruct readers on how to design a secure AAKA protocol and how to prove the security. This paper will therefore be helpful for the design of new AAKA protocols, and for ensuring their security. ? 2021 by the authors. Licensee MDPI, Basel, Switzerland.
Subjects
Anonymity
Authentication
Biometric
Key exchange
Multi-server
Privacy
Threefactor authentication
SDGs
Type
journal article