{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,12]],"date-time":"2025-10-12T02:18:44Z","timestamp":1760235524933,"version":"build-2065373602"},"reference-count":38,"publisher":"MDPI AG","issue":"9","license":[{"start":{"date-parts":[[2021,9,4]],"date-time":"2021-09-04T00:00:00Z","timestamp":1630713600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Symmetry"],"abstract":"<jats:p>An anonymous authentication and key agreement (AAKA) protocol provides anonymous members symmetric authentication and establishes a symmetric session key for secure communication in public networks. Today, numerous popular remote services are based on multi-server architecture, such as the internet of things (IoT), smart cities, cloud services, vehicular ad hoc networks (VANET), and telecare medicine information systems (TMIS). Many researchers have attempted to design AAKA protocols in multi-server environments for various applications. However, many of these have security defects, even if they have so-called \u201cformal\u201d security proofs. In this paper, we analyze related AAKA protocols to identify the common design defects, expound the process of designing secure AAKA protocols, and explain why the present AAKA protocols still suffer attacks, despite having security proofs. We instruct readers on how to design a secure AAKA protocol and how to prove the security. This paper will therefore be helpful for the design of new AAKA protocols, and for ensuring their security.<\/jats:p>","DOI":"10.3390\/sym13091629","type":"journal-article","created":{"date-parts":[[2021,9,6]],"date-time":"2021-09-06T23:55:22Z","timestamp":1630972522000},"page":"1629","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":4,"title":["How to Design a Secure Anonymous Authentication and Key Agreement Protocol for Multi-Server Environments and Prove Its Security"],"prefix":"10.3390","volume":"13","author":[{"ORCID":"https:\/\/orcid.org\/0000-0003-0432-1533","authenticated-orcid":false,"given":"Yun-Hsin","family":"Chuang","sequence":"first","affiliation":[{"name":"Department of Electrical Engineering, National Taiwan University, Taipei 10617, Taiwan"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Chin-Laung","family":"Lei","sequence":"additional","affiliation":[{"name":"Department of Electrical Engineering, National Taiwan University, Taipei 10617, Taiwan"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Hung-Jr","family":"Shiu","sequence":"additional","affiliation":[{"name":"Department of Computer Science, Tunghai University, Taichung 407224, Taiwan"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"1968","published-online":{"date-parts":[[2021,9,4]]},"reference":[{"key":"ref_1","doi-asserted-by":"crossref","first-page":"770","DOI":"10.1145\/358790.358797","article-title":"Password authentication with insecure communication","volume":"24","author":"Lamport","year":"1981","journal-title":"Commun. ACM"},{"key":"ref_2","doi-asserted-by":"crossref","unstructured":"Hwang, T., Chen, Y., and Laih, C.J. (1990, January 24\u201327). Non-interactive password authentications without password tables. Proceedings of the IEEE TENCON\u201990: 1990 IEEE Region 10 Conference on Computer and Communication Systems. Conference Proceedings, Hong Kong, China.","DOI":"10.1109\/TENCON.1990.152647"},{"key":"ref_3","doi-asserted-by":"crossref","unstructured":"Boneh, D., Demillo, R.A., and Lipton, R.J. (1997). On the importance of checking cryptographic protocols for faults. EUROCRYPT, Springer.","DOI":"10.1007\/3-540-69053-0_4"},{"key":"ref_4","doi-asserted-by":"crossref","first-page":"701","DOI":"10.1016\/j.comnet.2005.01.010","article-title":"Remote timing attacks are practical","volume":"48","author":"Brumley","year":"2005","journal-title":"Comput. Netw."},{"key":"ref_5","doi-asserted-by":"crossref","unstructured":"Biham, E., Carmeli, Y., and Shamir, A. (2008). Bug attacks. Annual International Cryptology Conference, Springer.","DOI":"10.1007\/978-3-540-85174-5_13"},{"key":"ref_6","doi-asserted-by":"crossref","first-page":"1411","DOI":"10.1016\/j.eswa.2013.08.040","article-title":"An anonymous multi-server authenticated key agreement scheme based on trust computing using smart cards and biometrics","volume":"41","author":"Chuang","year":"2014","journal-title":"Expert Syst. Appl."},{"key":"ref_7","doi-asserted-by":"crossref","first-page":"2351","DOI":"10.1007\/s11277-015-2708-4","article-title":"An improved anonymous multi-server authenticated key agreement scheme using smart cards and biometrics","volume":"84","author":"Lin","year":"2015","journal-title":"Wirel. Pers. Commun."},{"key":"ref_8","doi-asserted-by":"crossref","first-page":"816","DOI":"10.1109\/JSYST.2014.2301517","article-title":"Robust biometrics-based authentication scheme for multiserver environment","volume":"9","author":"He","year":"2015","journal-title":"IEEE Syst. J."},{"key":"ref_9","doi-asserted-by":"crossref","first-page":"142","DOI":"10.1007\/s11704-014-3125-7","article-title":"An anonymous and efficient remote biometrics user authentication scheme in a multi server environment","volume":"9","author":"Jiang","year":"2015","journal-title":"Front. Comput. Sci."},{"key":"ref_10","doi-asserted-by":"crossref","first-page":"1953","DOI":"10.1109\/TIFS.2015.2439964","article-title":"A secure biometrics-based multi-server authentication protocol using smart cards","volume":"10","author":"Odelu","year":"2015","journal-title":"IEEE Trans. Inf. Forensics Secur."},{"key":"ref_11","doi-asserted-by":"crossref","first-page":"133","DOI":"10.1007\/s11227-014-1135-8","article-title":"An anonymous mobile user authentication protocol using self-certified public keys based on multi-server architectures","volume":"70","author":"Hsieh","year":"2014","journal-title":"J. Supercomput."},{"key":"ref_12","doi-asserted-by":"crossref","first-page":"439","DOI":"10.1007\/s11277-015-2616-7","article-title":"Design and analysis of bilinear pairing based mutual authentication and key agreement protocol usable in multi-server environment","volume":"84","author":"Amin","year":"2015","journal-title":"Wirel Pers. Commun."},{"key":"ref_13","doi-asserted-by":"crossref","first-page":"e3200","DOI":"10.1002\/ett.3200","article-title":"Cryptanalysis and improvement of a biometric-based remote user authentication protocol usable in a multiserver environment","volume":"28","author":"Chandrakar","year":"2017","journal-title":"Trans. Emerg. Tel. Tech."},{"key":"ref_14","doi-asserted-by":"crossref","first-page":"26","DOI":"10.1016\/j.comcom.2017.05.009","article-title":"A secure and robust anonymous three-factor remote user authentication scheme for multi-server environment using ECC","volume":"110","author":"Chandrakar","year":"2017","journal-title":"Comput. Commun."},{"key":"ref_15","doi-asserted-by":"crossref","unstructured":"Park, Y., and Park, Y. (2016). Three-factor user authentication and key agreement using elliptic curve cryptosystem in wireless sensor networks. Sensors, 16.","DOI":"10.3390\/s16122123"},{"key":"ref_16","doi-asserted-by":"crossref","first-page":"29841","DOI":"10.3390\/s151229767","article-title":"Enhanced two-factor authentication and key agreement using dynamic identities in wireless sensor networks","volume":"15","author":"Chang","year":"2015","journal-title":"Sensors"},{"key":"ref_17","first-page":"1","article-title":"Security improvement on biometric based authentication scheme for wireless sensor networks using fuzzy extraction","volume":"2016","author":"Choi","year":"2016","journal-title":"Int. J. Distrib. Sens. Netw."},{"key":"ref_18","doi-asserted-by":"crossref","first-page":"1836","DOI":"10.1166\/sl.2013.3014","article-title":"Advanced biometric-based user authentication scheme for wireless sensor networks","volume":"11","author":"Yoon","year":"2013","journal-title":"Sens. Lett."},{"key":"ref_19","doi-asserted-by":"crossref","first-page":"1623","DOI":"10.1007\/s11227-016-1688-9","article-title":"An efficient and anonymous multi-server authenticated key agreement based on chaotic map without engaging Registration Centre","volume":"72","author":"Irshad","year":"2016","journal-title":"J. Supercomput"},{"key":"ref_20","doi-asserted-by":"crossref","first-page":"3622","DOI":"10.1109\/ACCESS.2017.2666258","article-title":"Design of mutually authenticated key agreement protocol resistant to impersonation attacks for multi-server environment","volume":"5","author":"Reddy","year":"2017","journal-title":"IEEE Access"},{"key":"ref_21","doi-asserted-by":"crossref","first-page":"611","DOI":"10.1007\/s12652-018-0710-x","article-title":"Provably secure anonymous three-factor authentication scheme for multi-server environments","volume":"10","author":"Xu","year":"2019","journal-title":"J. Ambient Intell. Humaniz. Comput."},{"key":"ref_22","doi-asserted-by":"crossref","first-page":"101","DOI":"10.1016\/j.cmpb.2018.07.008","article-title":"A secure biometrics-based authentication key exchange protocol for multi-server TMIS using ECC","volume":"164","author":"Qi","year":"2018","journal-title":"Comput. Methods Programs Biomed."},{"key":"ref_23","first-page":"e3483","article-title":"An efficient three factor\u2013based authentication scheme in multiserver environment using ECC","volume":"31","author":"Ali","year":"2018","journal-title":"Commun. Syst."},{"key":"ref_24","doi-asserted-by":"crossref","unstructured":"Chuang, Y.H., Lei, C.L., and Shiu, H.J. (2020, January 20\u201321). Cryptanalysis of four biometric based authentication schemes with privacy-preserving for multi-server environment and design guidelines. Proceedings of the 15th Asia Joint Conference on Information Security, Taipei, Taiwan.","DOI":"10.1109\/AsiaJCIS50894.2020.00022"},{"key":"ref_25","doi-asserted-by":"crossref","first-page":"3968","DOI":"10.1109\/JSYST.2019.2896132","article-title":"An identity-based authenticated key exchange protocol resilient to continuous key leakage","volume":"13","author":"Wu","year":"2019","journal-title":"IEEE Syst. J."},{"key":"ref_26","doi-asserted-by":"crossref","first-page":"121795","DOI":"10.1109\/ACCESS.2020.3006841","article-title":"A leakage-resilient certificateless authenticated key exchange protocol withstanding side-channel attacks","volume":"8","author":"Hsieh","year":"2020","journal-title":"IEEE Access"},{"key":"ref_27","first-page":"399","article-title":"Security challenges in 5G-Based IoT middleware systems","volume":"8","author":"Mavromoustakis","year":"2016","journal-title":"Internet of Things (IoT) in 5G Mobile Technologies, Modeling and Optimization in Science and Technologies"},{"key":"ref_28","first-page":"708","article-title":"Two birds with one stone: Two-factor authentication with security beyond conventional bound","volume":"15","author":"Wang","year":"2018","journal-title":"IEEE Trans Dependable Secur. Comput."},{"key":"ref_29","unstructured":"Kocher, P., Jaff, J., and Jun, B. Differential power analysis. Proceedings of the Annual International Cryptology Conference."},{"key":"ref_30","doi-asserted-by":"crossref","first-page":"541","DOI":"10.1109\/TC.2002.1004593","article-title":"Examining smart-card security under the threat of power analysis attacks","volume":"51","author":"Messerges","year":"2002","journal-title":"IEEE Trans. Comput."},{"key":"ref_31","doi-asserted-by":"crossref","first-page":"51","DOI":"10.1109\/MSP.2013.2261691","article-title":"Secure biometrics: Concepts, authentication architectures, and challenges","volume":"30","author":"Rane","year":"2013","journal-title":"IEEE Signal Process Mag."},{"key":"ref_32","doi-asserted-by":"crossref","first-page":"18","DOI":"10.1145\/77648.77649","article-title":"A logic of authentication","volume":"8","author":"Burrows","year":"1990","journal-title":"ACM Trans. Comput. Syst."},{"key":"ref_33","doi-asserted-by":"crossref","first-page":"61","DOI":"10.1016\/j.entcs.2005.11.052","article-title":"Automated security protocol analysis with the AVISPA tool","volume":"155","author":"Vigano","year":"2006","journal-title":"Electron. Notes Theor. Comput. Sci."},{"key":"ref_34","doi-asserted-by":"crossref","unstructured":"Bellare, M., and Rogaway, P. (1993, January 3\u20135). Random oracles are practical: A paradigm for designing efficient protocols. Proceedings of the ACM conference on Computers and Communication Security, Fairfax, VI, USA.","DOI":"10.1145\/168588.168596"},{"key":"ref_35","doi-asserted-by":"crossref","first-page":"48","DOI":"10.1007\/BFb0054851","article-title":"The decision Diffie-Hellman problem","volume":"1423","author":"Boneh","year":"1998","journal-title":"Third Algorithmic Number Theory Symposium, Lecture Notes in Computer Science"},{"key":"ref_36","unstructured":"Bellare, M., and Rogaway, P. (2005). Introduction to Modern Cryptography, University of California at Davis."},{"key":"ref_37","doi-asserted-by":"crossref","first-page":"213","DOI":"10.1007\/3-540-44647-8_13","article-title":"Identity-based encryption from the Weil pairing","volume":"Volume 2139","author":"Boneh","year":"2001","journal-title":"Proceedings of the 21st Annual International Cryptology Conference (Crypto 2001)"},{"key":"ref_38","unstructured":"He, Y., Han, G., Jiang, J., Wang, H., and Martinez-Garcia, M. (2020). A trust update mechanism based on reinforcement learning in underwater acoustic sensor networks. IEEE Trans. Mob. Comput."}],"container-title":["Symmetry"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/2073-8994\/13\/9\/1629\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,11]],"date-time":"2025-10-11T06:56:25Z","timestamp":1760165785000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/2073-8994\/13\/9\/1629"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,9,4]]},"references-count":38,"journal-issue":{"issue":"9","published-online":{"date-parts":[[2021,9]]}},"alternative-id":["sym13091629"],"URL":"https:\/\/doi.org\/10.3390\/sym13091629","relation":{},"ISSN":["2073-8994"],"issn-type":[{"type":"electronic","value":"2073-8994"}],"subject":[],"published":{"date-parts":[[2021,9,4]]}}}