A privacy-preserving multi-server authenticated key-agreement scheme based on Chebyshev chaotic maps

The paper presents a password-based authenticated key-agreement protocol for multi-server environments by using Chebyshev chaotic maps. The protocol allows a user to login to different servers via a single password. The proposed scheme has removed the weakness of multi-server authenticated key-agreement schemes, which adopt the architecture of two-level servers. After a user has finished the first login to a service providing server, the control server is not required to be online for the user's subsequent logins. Compared with the related multi-server authentication schemes, our scheme meets more security requirements, such as mutual authentication, perfect forward security, freedom of password change, scalability of login, resistance to the stolen verifier attacks, resistance to server spoofing attacks, and two-factor security. Detailed analysis shows that the proposed scheme can resist several kinds of attacks. The proposed scheme is provably secure under the CDH assumption of Chebyshev polynomials in the random oracle model. Furthermore, it offers the user and server with privacy-preserving, that is, anonymity and untraceability. Any adversary can neither figure out the identities of users or the identities of service providing servers nor link different sessions with a user or a server. Copyright © 2016 John Wiley & Sons, Ltd.

[1]  Chin-Laung Lei,et al.  User authentication scheme with privacy-preservation for multi-server environment , 2009, IEEE Communications Letters.

[2]  Jianfeng Ma,et al.  Robust Chaotic Map-based Authentication and Key Agreement Scheme with Strong Anonymity for Telecare Medicine Information Systems , 2014, Journal of Medical Systems.

[3]  Kwok-Wo Wong,et al.  A combined chaotic cryptographic and hashing scheme , 2003 .

[4]  Jianfeng Ma,et al.  An Efficient Ticket Based Authentication Protocol with Unlinkability for Wireless Access Networks , 2014, Wirel. Pers. Commun..

[5]  Debiao He,et al.  Cryptanalysis and improvement of an extended chaotic maps-based key agreement protocol , 2012, Nonlinear Dynamics.

[6]  Linhua Zhang Cryptanalysis of the public key encryption based on multiple chaotic systems , 2008 .

[7]  Min-Shiang Hwang,et al.  A new remote user authentication scheme using smart cards , 2000, IEEE Trans. Consumer Electron..

[8]  Amit K. Awasthi,et al.  An enhanced remote user authentication scheme using smart cards , 2004, IEEE Transactions on Consumer Electronics.

[9]  Peilin Hong,et al.  A lightweight dynamic pseudonym identity based authentication and key agreement protocol without verification tables for multi-server architecture , 2012, J. Comput. Syst. Sci..

[10]  Zuowen Tan Improvement of smart card based password authentication scheme for multiserver environments , 2012 .

[11]  Xing-yuan Wang,et al.  An improved key agreement protocol based on chaos , 2010 .

[12]  Jian Ma,et al.  An efficient and security dynamic identity based authentication protocol for multi-server architecture using smart cards , 2012, J. Netw. Comput. Appl..

[13]  Min-Shiang Hwang,et al.  A remote password authentication scheme for multiserver architecture using neural networks , 2001, IEEE Trans. Neural Networks.

[14]  Leslie Lamport,et al.  Password authentication with insecure communication , 1981, CACM.

[15]  Ashutosh Saxena,et al.  A dynamic ID-based remote user authentication scheme , 2004, IEEE Transactions on Consumer Electronics.

[16]  Wen-Shenq Juang,et al.  Efficient multi-server password authenticated key agreement using smart cards , 2004, IEEE Transactions on Consumer Electronics.

[17]  Bin Wang,et al.  A Smart Card Based Efficient and Secured Multi-Server Authentication Scheme , 2012, Wireless Personal Communications.

[18]  Peilin Hong,et al.  Security improvement on an anonymous key agreement protocol based on chaotic maps , 2012 .

[19]  Jia-Lun Tsai,et al.  Efficient multi-server authentication scheme based on one-way hash function without verification table , 2008, Comput. Secur..

[20]  Xiaomin Wang,et al.  Secure chaotic system with application to chaotic ciphers , 2013, Inf. Sci..

[21]  Sirma Yavuz,et al.  Designing chaotic S-boxes based on time-delay chaotic system , 2013 .

[22]  Min-Shiang Hwang,et al.  A new remote user authentication scheme for multi-server architecture , 2003, Future Gener. Comput. Syst..

[23]  Eunjun Yoon,et al.  An efficient and secure Diffie–Hellman key agreement protocol based on Chebyshev chaotic map , 2011 .

[24]  Sourav Mukhopadhyay,et al.  A secure user anonymity-preserving biometric-based multi-server authenticated key agreement scheme using smart cards , 2014, Expert Syst. Appl..

[25]  Meng Chang Chen,et al.  An anonymous multi-server authenticated key agreement scheme based on trust computing using smart cards and biometrics , 2014, Expert Syst. Appl..

[26]  Wei-Bin Lee,et al.  A smart card-based remote scheme for password authentication in multi-server Internet services , 2004, Comput. Stand. Interfaces.

[27]  Kuldip Singh,et al.  A secure dynamic identity based authentication protocol for multi-server architecture , 2011, J. Netw. Comput. Appl..

[28]  Tian-Fu Lee,et al.  Enhancing the security of password authenticated key agreement protocols based on chaotic maps , 2015, Inf. Sci..

[29]  Ali Kanso,et al.  Keyed hash function based on a chaotic map , 2012, Inf. Sci..

[30]  Peng Gong,et al.  Cryptanalysis and improvement of a three-party key agreement protocol using enhanced Chebyshev polynomials , 2013, Nonlinear Dynamics.

[31]  Wei-Kuan Shih,et al.  Improvement of the secure dynamic ID based remote user authentication scheme for multi-server environment , 2009, Comput. Stand. Interfaces.

[32]  Kwok-Wo Wong,et al.  An efficient entire chaos-based scheme for deniable authentication , 2005 .

[33]  Zuowen Tan,et al.  A chaotic maps-based authenticated key agreement protocol with strong anonymity , 2013 .

[34]  Xingyuan Wang,et al.  An anonymous key agreement protocol based on chaotic maps , 2011 .

[35]  Eun-Jun Yoon,et al.  Efficiency and security problems of anonymous key agreement protocol based on chaotic maps , 2012 .

[36]  Jianfeng Ma,et al.  An efficient two-factor user authentication scheme with unlinkability for wireless sensor networks , 2015, Peer-to-Peer Netw. Appl..

[37]  Muhammad Khurram Khan,et al.  Cryptanalysis and security enhancement of a 'more efficient & secure dynamic ID-based remote user authentication scheme' , 2011, Comput. Commun..

[38]  Shuenn-Shyang Wang,et al.  A secure dynamic ID based remote user authentication scheme for multi-server environment , 2009, Comput. Stand. Interfaces.

[39]  Yixian Yang,et al.  Applying Semigroup Property of Enhanced Chebyshev Polynomials to Anonymous Authentication Protocol , 2012 .