Cryptanalysis and Improvement of Chandrakar and Om’s Remote User Authentication Protocol for the Multiserver Environment

Chien-ming CHEN, Bin XIANG, Guang-jie WANG, Yan-yu HUANG


Recently, Amin and Biswas proposed a bilinear pairing-based remoter user authentication protocol for multiserver environment, claiming it to be secure under various attacks. However, Chandrakar and Om found that the protocol suffers from an identity guessing attack, a password guessing attack, a user-server impersonation attack and so forth. To erase these weaknesses in Amin and Biswas’s protocol, they later proposed an enhanced ECC-based remoter user authentication protocol. Unfortunately, in this paper, we demonstrate that Chandrakar and Om’s protocol is still vulnerable to a user impersonation attack and cannot provide perfect forward secrecy. To solve the drawbacks, we suggest some simple but effective modification.


Authentication, Biometric-based, ECC, Key agreement protocol, Multiserver


Full Text:



  • There are currently no refbacks.