An Efficient ID-Based Mutual Authentication and Key Agreement Protocol for Mobile Multi-server Environment Without a Trusted Registration Center and ESL Attack

As the rapid development of Internet technology, more and more ID-based mutual authentication and key agreement (ID-MAKA) protocols for mobile multi-server environment have been proposed. However, almost all ID-MAKA schemes for multi-server architecture are based on a trusted registration center (RC). In the real world, RC may record and leak the user or server registration information. Through careful analysis, we found that a large number of related protocols are insecure under RC disclosure registration information (RCDRI) attack. At the same time, these protocols are likely to be attacked by ephemeral secret leakage (ESL) in view of the computing power of mobile clients. To solve the above problems, we propose a new ID-MAKA protocol for mobile multi-server that uses self-certified public key (SCPK) cryptography to achieve resistance to RCDRI attack and ESL attack. Because our scheme is based on an untrusted RC, the adversary has the ability to obtain the registration information from RC. In view of the above feature, we demonstrate the security of our scheme in a more robust security model, where the adversary has more ability. Finally, compared with previously proposed schemes, we show that our protocol has a high efficiency. Taking into account the security and efficiency, our protocol is more suitable for mobile clients.