What is it about?

Due to the rapid growth of mobile services, a single-server architecture that includes one server and multiple clients is not responsive to customer needs. For this reason, architecture was developed with several providers to extend scalability and accessibility. However, as customer-to-provider communication is done over the Internet, providing secure communication via efficient and provably secure mutual authentication and key agreement is of great importance.

Featured Image

Why is it important?

In this article, we design a provably secure and efficient Bilinear-based protocol for authentication and key agreement in environments with multiple service providers. Based on formal and informal security analysis, we prove that the proposed protocol is secure against various attacks and meets the essential security requirements. We also show that the scheme, in addition to being superior in terms of security, also performs better in terms of time complexity than similar Bilinear-based protocols designed for multi-server environments.


We introduce a secure and efficient three-factor Bilinear Paring-based authentication and key agreement scheme for multi-server architecture that can support mutual authentication considering the three authentication factors, i.e., password, smartcard, and biometric parameter. We prove the robustness of the protocol to different attacks such as the insider attack, replay attack, user/server impersonation attack, denial of service attack, and desynchronization attack. We perform a formal security analysis on the proposed scheme using a verification programming Toolkit ProVerif2.00 and demonstrate the correctness of the approach. We also demonstrate that the proposed protocol can meet different security requirements. We also evaluate the computation complexity and show that the computational overhead incurred by the proposed protocol is minimum, in comparison with other Bilinear Map-based authentication schemes designed for multi-server environments.

Mr Saeed Ullah Jan
University of Malakand

Read the Original

This page is a summary of: Mitigating the Desynchronization Attack in Multiserver Environment, IET Communications, May 2020, the Institution of Engineering and Technology (the IET), DOI: 10.1049/iet-com.2019.1069.
You can read the full text:




The following have contributed to this page