Table of Contents Author Guidelines Submit a Manuscript
Security and Communication Networks
Volume 2018, Article ID 9062675, 15 pages
https://doi.org/10.1155/2018/9062675
Research Article

A Secure and Anonymous Two-Factor Authentication Protocol in Multiserver Environment

1School of Cyberspace Security, Beijing University of Posts and Telecommunications, Beijing, China
2School of Software and Microelectronics, Peking University, Beijing, China

Correspondence should be addressed to Guoai Xu; nc.ude.tpub@agx

Received 28 August 2017; Accepted 29 January 2018; Published 15 April 2018

Academic Editor: Shujun Li

Copyright © 2018 Chenyu Wang et al. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

Abstract

With the great development of network technology, the multiserver system gets widely used in providing various of services. And the two-factor authentication protocols in multiserver system attract more and more attention. Recently, there are two new schemes for multiserver environment which claimed to be secure against the known attacks. However, after a scrutinization of these two schemes, we found that their description of the adversary’s abilities is inaccurate; their schemes suffer from many attacks. Thus, firstly, we corrected their description on the adversary capacities to introduce a widely accepted adversary model and then summarized fourteen security requirements of multiserver based on the works of pioneer contributors. Secondly, we revealed that one of the two schemes fails to preserve forward secrecy and user anonymity and cannot resist stolen-verifier attack and off-line dictionary attack and so forth and also demonstrated that another scheme fails to preserve forward secrecy and user anonymity and is not secure to insider attack and off-line dictionary attack, and so forth. Finally, we designed an enhanced scheme to overcome these identified weaknesses, proved its security via BAN logic and heuristic analysis, and then compared it with other relevant schemes. The comparison results showed the superiority of our scheme.