Three-Factor-Based Confidentiality-Preserving Remote User Authentication Scheme in Multi-server Environment

Recently, Guo-Wen projected an improved authentication protocol in multi-server environment, proclaiming it to preserve user anonymity. However, the authors revisit Guo-Wen's protocol and discover various malicious threats, i.e., (1) password guessing threat, (2) identity guessing threat, (3) new smartcard issue threat, (4) user impersonation threat, (5) known session-key temporary information threat and (6) privilege insider threat. In order to surmount theses above-mentioned threats, we propose an enhanced and robust three-factor-based confidentiality-preserving authentication protocol in multi-server environment. The BAN (Burrows, Abadi, Needham) logic is used for validating our scheme which ensures the mutual authentication and session-key negotiation are securely generated. Thereafter, applied random oracle model demonstrates the backbone parameters (like identity, password, biometric and session key) of our protocol are highly secured. Further, the discussion of informal security analysis reveals that the scheme withstands several types of malicious attacks. Besides, we simulate our scheme with the help of AVISPA (Automated Validation of Internet Security Protocol and Applications) tool which demonstrates that it resists to various active and passive attacks. In addition, the performance evaluation exhibits the efficiency in regard to communication and computation costs and estimated time of our scheme is comparatively less with other related existing works.