A password less authentication protocol for multi-server environment using physical unclonable function

Password-based authentication is the most commonly used method to authenticate users to get online services. In password-based authentication, the users must remember all their complex passwords and also need to update them constantly. Since users do not utilize high-entropy passwords, password-based authentication mechanisms are susceptible to offline password-guessing attacks. Passwordless authentication protocol has therefore been developed by researchers. In this work, we propose a secure authentication mechanism that combines a password-protected biometric with physically unclonable functions (PUF). PUF authentication is a cryptographic technology used to provide secure authentication. PUF authentication works by using the physical characteristics of a device to generate a unique cryptographic key. This key is then used to authenticate the device and grant access to protected resources. PUF authentication can be used to protect data, networks, and communication systems from unauthorized access. The technology is also used to protect against replay attacks, man-in-the-middle attacks, and other forms of malicious activity. PUF authentication is cost-effective and provides a high level of security. Our suggested methodology gets over issues with existing systems including Key Compromise Impersonation Attacks, Wrong Login, and Server Registration Complexity. The proposed protocol is validated using"Automated Validation of Internet Security Protocols and Applications (AVISPA)" and Scyther tool and its security is explicitly demonstrated by"BAN Logic". Furthermore, by contrasting several parameter metrics with those of the existing systems, the efficiency of our technique is highlighted.