Rapid evolution in information and communication technologies has facilitated us to experience mobile communication in our daily routine. Mobile user can only avail the services from the server, once he/she is able to accomplish authentication process successfully. In the recent past, several researchers have contributed diverse authentication protocols for mobile client-server environment. Currently, Lu et al designed two-factor protocol for authenticating mobile client and server to exchange key between them. Lu et al emphasized that their scheme not only offers invincibility against potential security threats but also offers anonymity. Although this article reveals the facts that their protocol is vulnerable against client and server impersonation, man-in-the-middle, server key breach, anonymity violation, client traceability, and session-specific temporary attacks, therefore, we have enhanced their protocol to mitigate the above mention vulnerabilities. The enhanced protocol's security strength is evaluated through formal and informal security analysis. The security analysis and performance comparison endorses the fact that our protocol is able to offer more security with least possible computation complexity.
KEYWORDSanonymity, authentication protocol, cryptanalysis, impersonation attack, key-exchange, secret key breach, security attacks Int J Commun Syst. 2020;33:e4253.wileyonlinelibrary.com/journal/dac