A Secure and Anonymous Two-Factor Authentication Protocol in Multiserver Environment
Table 3
Security requirements.
S1: mutual authentication
, and should authenticate each other to ensure their eligibility.
S2: user anonymity
can neither compute the identity of nor link the message flows to .
S3: key agreement
and should share a session key for further communication.
S4: forward secrecy
Even gets the long term secret key , still cannot compute the session key.
S5: password friendly
The user can select and change his password locally.
S6: sound repairability
can revoke the breached smart card and re-register with the same identity.
S7: no stolen-verifier attack
Even stores a verifier table, gains no benefits from it.
S8: no insider attack
The participants with the message their know cannot conduct an attack.
S9: no dictionary attack
With all the abilities in Table 2, still cannot guess the and .
S10: no replay attack
cannot replay the eavesdropped messages to conduct an attack.
S11: no parallel session attack
may construct multi-session simultaneously, but gains no benefits from it.
S12: no desynchronization attack
On the one hand, the scheme should not suffer from desynchronization attack On the other hand, it needs not to synchronize the clock.
S13: no impersonation attack
cannot impersonate the user or any other participants. It needs to note that (1) here cannot breach the smart card, while in dictionary attack has that capability; (2) can be a legitimate user or server.
S14: no known key attack
Knowing the current session keys, cannot compute other session key in the future or in the past.
