A Secure Smart-Card-based Password Authenticated Key Agreement Scheme in Multi-server Environments

Remote user authentication is used to validate the legitimacy of a remote log-in user. Due to the rapid growth of computer community, many network architectures are becoming multi-server based. Recently, there have been many remote password authentication schemes proposed for securing multi-server environments. These schemes used either a nonce or a timestamp technique to prevent the replay attack. However, using the nonce technique to withstand the replay attack is potentially susceptible to the man-in-the-middle attack. Alternatively, when employing the timestamp method to secure remote password authentication, it will encounter the difficulty of implementing time synchronization. In order to solve both the above two issues, this paper proposes a self-verified timestamp technique to not only securely achieve password authenticated key agreement but also avoid the difficulty of implementing time synchronization in multi-server environments. On the other hand, the function of service period management can allow servers to update the list of illegal users easily and periodically. Therefore, we also further develop the scheme of service period management in this paper.