A Privacy-Preserving Authenticated Key Agreement Scheme Based on Physically Unclonable Functions for Multi-Server Architecture

Authenticated key agreement schemes for multi-server architecture enable a user to register with one registration server and access multiple remote application servers rapidly and conveniently to receive services from them. Several efficient authenticated key agreement schemes have recently been developed for multi-server architecture. However, most of them face many security threats and cannot resist potential attacks. This investigation considers the limitations of previous schemes and proposes a novel efficient and secure multi-server authenticated key agreement scheme that uses Physically Unclonable Functions (PUFs); it is based on a hardware circuit and provides randomness, uniqueness and unclonability to support the lightweight authentication of devices. The proposed scheme protects user privacy and is formally proved to satisfy mutual authentication and session key agreement. This scheme solves problems that were left unsolved in previous works, provides more security, and has a low computational cost.