A Secure and Efficient Dynamic Identity based Authentication Scheme for Multi-Server Environment using Smart Cards

Recently, more and more researches have been focused on proposing dynamic identity based remote authentication scheme for multi-server environment. In 2011, Lee, Lin and Chang proposed an improved scheme to remedy the weaknesses of Hsiang-Shih's scheme. However, we observe that Lee-Lin-Chang's scheme is still vulnerable to stolen smart card attack and malicious server attack. Besides, the password change phase of Lee-Lin-Chang's scheme is neither efficient enough nor convenient to users. In this paper, we propose an improved scheme to remove the aforementioned weaknesses and simultaneously not to decrease other security features. In the proposed scheme, there is no useful information can be obtained from the values stored in smart cards. Thus the stolen smart card attack can be blocked. To avoid malicious server attack, we move the user authentication process from service providing servers to the registration center, which can ensure each server has a different secret key. Through comparing with several schemes proposed recently, we demonstrate our proposed scheme is more secure and efficient. Therefore, the proposed scheme is more practicable.