JISE

    Due to the rapid growth of computer networks and service providing servers, many network environments have been becoming multi-server architecture and various multiserver authentication protocols have been proposed. In such an environment, a user can obtain different network services from multiple network servers without repeating registration to each server. Recently, Li et al. proposed a secure dynamic ID based authentication protocol for multi-server architecture using smart cards. They claimed that their protocol preserves mutual authentication and protected from several attacks. However, in this paper, we find that Li et al.’s protocol cannot provide the protection against leakof- verifier attack, impersonation attack, session key disclosure attack and many logged-in users’ attack. To remedy these security flaws, we propose an improved version of dynamic ID based authentication protocol, which covers all the identified weaknesses of Li et al.’s protocol and is more secure and efficient for practical multi-server environments.