A novel three-party password-based authenticated key exchange protocol with user anonymity based on chaotic maps. (English) Zbl 1398.94199
Summary: Three-party authenticated key exchange (3PAKE) protocol allows two communication users to authenticate each other and to establish a secure common session key with the help of a trusted remote server. in [Nonlinear Dyn. 77, No. 1–2, 399–411 (2014; Zbl 1314.94067)], M. S. Farash and M. A. Attari propose an efficient and secure 3PAKE protocol based on Chebyshev chaotic maps and their protocol is supported by the formal proof in the random oracle model. However, in this paper, we analyze the security of Farash-Attari’s protocol and show that it fails to resist password disclosure attack if the secret information stored in the server side is compromised. In addition, their protocol is insecure against user impersonation attack, and the server is not aware of having caused problem. Moreover, the password change phase is insecure to identify the validity of request where insecurity in password change phase can cause offline password guessing attacks and is not easily reparable. To remove these security weaknesses, based on Chebyshev chaotic maps and quadratic residues, we further design an improved protocol for 3PAKE with user anonymity. In comparison with the existing chaotic map-based 3PAKE protocols, our proposed 3PAKE protocol is more secure with acceptable computation complexity and communication overhead.
Keywords:
Chebyshev chaotic maps; quadratic residues; password security; three-party authenticated key exchange; user anonymityCitations:
Zbl 1314.94067Software:
CMQV+References:
| [1] | Aboshosha, A; ElDahshan, KA; Elsayed, EK; Elngar, AA, Secure authentication protocol based on machine-metrics and RC4-EA hashing, Int J Netw Secur, 18, 1080-1088, (2016) |
| [2] | Bergamo, P; Arco, P; Santis, A; Kocarev, L, Security of public-key cryptosystems based on Chebyshev polynomials, IEEE Trans Circuits Syst I, 52, 1382-1393, (2005) · Zbl 1374.94775 · doi:10.1109/TCSI.2005.851701 |
| [3] | Brindha, T; Shaji, RS, A secure transaction of cloud data using conditional source trust attributes encryption mechanism, Soft Comput, (2016) · doi:10.1007/s00500-016-2405-6 |
| [4] | Chen, Y; Chou, JS; Sun, HM, A novel mutual authentication scheme based on quadratic residues for RFID systems, Comput Netw, 52, 2373-2380, (2008) · Zbl 1147.68339 · doi:10.1016/j.comnet.2008.04.016 |
| [5] | Chen, Y; Chou, JS; Sun, HM, A novel biometric-based remote user authentication scheme using quadratic residues, Int J Inf Electron Eng, 3, 419-422, (2013) |
| [6] | Drissi, A; Asimi, A, Behavioral and security study of the OHFGC hash function, Int J Netw Secur, 19, 335-339, (2017) |
| [7] | Farash, MS; Attari, MA, An efficient and provably secure three-party password-based authenticated key exchange protocol based on Chebyshev chaotic maps, Nonlinear Dyn, 77, 399-411, (2014) · Zbl 1314.94067 · doi:10.1007/s11071-014-1304-6 |
| [8] | Guo, C; Chang, CC, Chaotic maps-based password-authenticated key agreement using smart cards, Commun Nonlinear Sci Numer Simul, 18, 1433-1440, (2013) · Zbl 1301.94135 · doi:10.1016/j.cnsns.2012.09.032 |
| [9] | He, D; Chen, Y; Chen, J, Cryptanalysis and improvement of an extended chaotic maps-based key agreement protocol, Nonlinear Dyn, 69, 1149-1157, (2012) · Zbl 1256.68056 · doi:10.1007/s11071-012-0335-0 |
| [10] | He, D; Zhao, W; Wu, S, Security analysis of a dynamic ID-based authentication scheme for multi-server environment using smart cards, Int J Netw Secur, 15, 350-356, (2013) |
| [11] | He, D; Zeadally, S; Wu, L, Certificateless public auditing scheme for cloud-assisted wireless body area networks, IEEE Syst J, (2015) · doi:10.1109/JSYST.2015.2428620 |
| [12] | He, D; Zeadally, S, Authentication protocol for ambient assisted living system, IEEE Commun Mag, 35, 71-77, (2015) · doi:10.1109/MCOM.2015.7010518 |
| [13] | He, D; Zeadally, S; Kumar, N; Lee, JH, Anonymous authentication for wireless body area networks with provable security, IEEE Syst J, (2016) · doi:10.1109/JSYST.2016.2544805 |
| [14] | He, D; Wang, H; Wang, L; Shen, J; Yang, X, Efficient certificateless anonymous multi-receiver encryption scheme for mobile devices, Soft Comput, (2016) · doi:10.1007/s00500-016-2231-x |
| [15] | Islam, Sk H; Khan, MK; Li, X, Security analysis and improvement of ’a more secure anonymous user authentication scheme for the integrated EPR information system, Plos ONE, 10, e0131368, (2015) · doi:10.1371/journal.pone.0131368 |
| [16] | Khan, MK, Fingerprint biometric-based self-authentication and deniable authentication schemes for the electronic world, IETE Tech Rev, 26, 191-195, (2009) · doi:10.4103/0256-4602.50703 |
| [17] | Khan, MK; Kumari, S, An authentication scheme for secure access to healthcare services, J Med Syst, 37, 9954, (2013) · doi:10.1007/s10916-013-9954-3 |
| [18] | Lai H, Xiao J, Li L, Yang Y (2012) Applying semigroup property of enhanced Chebyshev polynomials to anonymous authentication protocol. Math Probl Eng, Article ID 454823. doi:10.1155/2012/454823 · Zbl 1264.94100 |
| [19] | Lee, CC; Li, CT; Hsu, CW, A three-party password-based authenticated key exchange protocol with user anonymity using extended chaotic maps, Nonlinear Dyn, 73, 125-132, (2013) · Zbl 1281.94084 · doi:10.1007/s11071-013-0772-4 |
| [20] | Li, CT; Hwang, MS, An efficient biometrics-based remote user authentication scheme using smart cards, J Netw Comput Appl, 33, 1-5, (2010) · doi:10.1016/j.jnca.2009.08.001 |
| [21] | Li, CT; Lee, CC, A novel user authentication and privacy preserving scheme with smart cards for wireless communications, Math Comput Model, 55, 35-44, (2012) · Zbl 1245.94099 · doi:10.1016/j.mcm.2011.01.010 |
| [22] | Li, CT, A new password authentication and user anonymity scheme based on elliptic curve cryptography and smart card, IET Inf Secur, 7, 3-10, (2013) · doi:10.1049/iet-ifs.2012.0058 |
| [23] | Li, CT; Lee, CC; Weng, CY; Fan, CI, An extended multi-server-based user authentication and key agreement scheme with user anonymity, KSII Trans Internet Inf Syst, 7, 119-131, (2013) · doi:10.3837/tiis.2013.01.008 |
| [24] | Li, CT; Weng, CY; Lee, CC, An advanced temporal credential-based security scheme with mutual authentication and key agreement for wireless sensor networks, Sensors, 13, 9589-9603, (2013) · doi:10.3390/s130809589 |
| [25] | Li, CT; Lee, CC; Weng, CY, An extended chaotic maps based user authentication and privacy preserving scheme against DoS attacks in pervasive and ubiquitous computing environments, Nonlinear Dyn, 74, 1133-1143, (2013) · doi:10.1007/s11071-013-1029-y |
| [26] | Li, X; Niu, J; Kumari, S; Khan, MK; Liao, J; Liang, W, Design and analysis of a chaotic maps-based three-party authenticated key agreement protocol, Nonlinear Dyn, 80, 1209v1220, (2015) · Zbl 1351.94075 |
| [27] | Li, CT, A secure chaotic maps-based privacy-protection scheme for multi-server environments, Secur Commun Netw, (2016) · doi:10.1002/sec.1487 |
| [28] | Li CT, Lee CC, Weng CY (2016a) A secure cloud-assisted wireless body area network in mobile emergency medical care system. J Med Syst 40(5):1-15. Article no. 117 |
| [29] | Li CT, Lee CC, Weng CY (2016b) A secure dynamic identity and chaotic maps based user authentication and key agreement scheme for e-healthcare systems. J Med Syst 40(11):1-10. Article no. 233 |
| [30] | Lin, TH; Lee, TF, Secure verifier-based three-party authentication schemes without server public keys for data exchange in telecare medicine information systems, J Med Syst, 38, 30, (2014) · doi:10.1007/s10916-014-0030-4 |
| [31] | Lv, C; Ma, M; Li, H; Ma, J; Zhang, Y, An novel three-party authenticated key exchange protocol using one-time key, J Netw Comput Appl, 36, 498-503, (2013) · doi:10.1016/j.jnca.2012.04.006 |
| [32] | Mishra, D; Kumari, S; Khan, MK; Mukhopadhyay, S, An anonymous biometric-based remote user-authenticated key agreement scheme for multimedia systems, Int J Commun Syst, (2015) · doi:10.1002/dac.2946 |
| [33] | National Institute of Standards and Technology (2002) US department of commerce, secure hash standard. US Federal Information Processing Standard Publication, Gaithersburg, pp 180-182 |
| [34] | Peris-Lopez P, Hernandez-Castro JC, Estevez-Tapiador JM, Ribagorda A (2006) M2AP: a minimalist mutual-authentication protocol for low-cost RFID tags. In: Proceedings of international conference on ubiquitous intelligence and computing, vol 4195. LNCS, pp 912-923 |
| [35] | Ramasamy, R; Muniyandi, AP, An efficient password authentication scheme for smart card, Int J Netw Secur, 14, 180-186, (2012) |
| [36] | Wen, F, A more secure anonymous user authentication scheme for the integrated EPR information system, J Med Syst, 38, 42, (2014) · doi:10.1007/s10916-014-0042-0 |
| [37] | Wang, X; Zhao, J, An improved key agreement protocol based on chaos, Commun Nonlinear Sci Numer Simul, 15, 4052-4057, (2010) · Zbl 1222.94039 · doi:10.1016/j.cnsns.2010.02.014 |
| [38] | Wu, W; Hu, S; Yang, X; Liu, JK; Au, MH, Towards secure and cost-effective fuzzy access control in mobile cloud computing, Soft Comput, (2015) · doi:10.1007/s00500-015-1964-2 |
| [39] | Xie, Q; Zhao, J; Yu, X, Chaotic maps-based three-party password-authenticated key agreement scheme, Nonlinear Dyn, 74, 1021-1027, (2013) · Zbl 1284.94148 · doi:10.1007/s11071-013-1020-7 |
| [40] | Yang, L; Ma, JF; Jiang, Q, Mutual authentication scheme with smart cards and password under trusted computing, Int J Netw Secur, 14, 156-163, (2012) |
| [41] | Yoon, EJ; Jeon, IS, An efficient and secure diffievhellman key agreement protocol based on Chebyshev chaotic map, Commun Nonlinear Sci Numer Simul, 16, 2383-2389, (2011) · Zbl 1221.94073 · doi:10.1016/j.cnsns.2010.09.021 |
| [42] | Zhao, F; Gong, P; Li, S; Li, M; Li, P, Cryptanalysis and improvement of a three-party key agreement protocol using enhanced Chebyshev polynomials, Nonlinear Dyn, 74, 419-427, (2013) · Zbl 1281.94067 · doi:10.1007/s11071-013-0979-4 |
This reference list is based on information provided by the publisher or from digital mathematics libraries. Its items are heuristically matched to zbMATH identifiers and may contain data conversion errors. In some cases that data have been complemented/enhanced by data from zbMATH Open. This attempts to reflect the references listed in the original paper as accurately as possible without claiming completeness or a perfect matching.
