Cryptanalysis and improvement of a three‐party password‐based authenticated key exchange protocol with user anonymity using extended chaotic maps

SUMMARYThree-party password-authenticated key exchange (3PAKE) protocols allow two clients to agree on a secretsession key through a server via a public channel. 3PAKE protocols have been designed using different arith-metic aspects including chaotic maps. Recently, Lee et al. proposed a 3PAKE protocol using Chebyshevchaotic maps and claimed that their protocol has low computation and communication cost and can also resistagainst numerous attacks. However, this paper shows that in spite of the computation and communicationefficiency of the Lee et al. protocol, it is not secure against the modification attack. To conquer this secu-rity weakness, we propose a simple countermeasure, which maintains the computation and communicationefficiency of the Lee et al. protocol. Copyright © 2014 John Wiley & Sons, Ltd. Received 16 June 2014; Revised 17 September 2014; Accepted 14 November 2014KEY WORDS: Chebyshev chaotic maps; key exchange protocol; password-based authentication; modifica-tion attack

[1]  Zuowen Tan,et al.  A chaotic maps-based authenticated key agreement protocol with strong anonymity , 2013, Nonlinear Dynamics.

[2]  王兴元,et al.  A secure key agreement protocol based on chaotic maps , 2013 .

[3]  Jianhua Chen,et al.  An Id-Based Three-Party Authenticated Key Exchange Protocol Using Elliptic Curve Cryptography for Mobile-Commerce Environments , 2011, IACR Cryptol. ePrint Arch..

[4]  Qiaoyan Wen,et al.  A Strongly Secure Pairing-free Certificateless Authenticated Key Agreement Protocol for Low-Power Devices , 2013, Information Technology and Control.

[5]  Eun-Jun Yoon,et al.  Efficiency and security problems of anonymous key agreement protocol based on chaotic maps , 2012 .

[6]  Raylin Tso Security analysis and improvements of a communication-efficient three-party password authenticated key exchange protocol , 2013, The Journal of Supercomputing.

[7]  Debiao He,et al.  Cryptanalysis of a Three-party Password-based Authenticated Key Exchange Protocol , 2014, Int. J. Netw. Secur..

[8]  Mohammad Sabzinejad Farash,et al.  An efficient and provably secure three-party password-based authenticated key exchange protocol based on Chebyshev chaotic maps , 2014, Nonlinear Dynamics.

[9]  Tzung-Her Chen,et al.  A security-enhanced key agreement protocol based on chaotic maps , 2013, Secur. Commun. Networks.

[10]  Xia Li,et al.  Forecasting Crude Oil Price with Multiscale Denoising Ensemble Model , 2014 .

[11]  Peilin Hong,et al.  Security improvement on an anonymous key agreement protocol based on chaotic maps , 2012 .

[12]  Jianfeng Ma,et al.  Improvement of robust smart‐card‐based password authentication scheme , 2015, Int. J. Commun. Syst..

[13]  Mahmoud Ahmadian-Attari,et al.  Provably secure and efficient identity-based key agreement protocol for independent PKGs using ECC , 2013, ISC Int. J. Inf. Secur..

[14]  Yong Zhao,et al.  ECC-Based Password-Authenticated Key Exchange in the Three-Party Setting , 2013 .

[15]  Chin-Chen Chang,et al.  Chaotic maps-based password-authenticated key agreement using smart cards , 2013, Commun. Nonlinear Sci. Numer. Simul..

[16]  Xuexian Hu,et al.  Universally composable three-party password-authenticated key exchange with contributiveness , 2015, Int. J. Commun. Syst..

[17]  Ya-Fen Chang,et al.  Untraceable dynamic-identity-based remote user authentication scheme with verifiable password update , 2014, Int. J. Commun. Syst..

[18]  Jianfeng Ma,et al.  Cryptanalysis of smart‐card‐based password authenticated key agreement protocol for session initiation protocol of Zhang et al. , 2015, Int. J. Commun. Syst..

[19]  Chin-Chen Chang,et al.  A Pairing-free ID-based Key Agreement Protocol with Different PKGs , 2014 .

[20]  Debiao He,et al.  Cryptanalysis and Improvement of a Password-Based Remote User Authentication Scheme without Smart Cards , 2013, Inf. Technol. Control..

[21]  Yixian Yang,et al.  Applying Semigroup Property of Enhanced Chebyshev Polynomials to Anonymous Authentication Protocol , 2012 .

[22]  Jia-Lun Tsai,et al.  New dynamic ID authentication scheme using smart cards , 2010, Int. J. Commun. Syst..

[23]  Cheng-Chi Lee A simple key agreement scheme based on chaotic maps for VSAT satellite communications , 2013, Int. J. Satell. Commun. Netw..

[24]  Debiao He,et al.  Cryptanalysis and improvement of an extended chaotic maps-based key agreement protocol , 2012, Nonlinear Dynamics.

[25]  Mohammad Sabzinejad Farash Cryptanalysis and improvement of an efficient mutual authentication RFID scheme based on elliptic curve cryptography , 2014, The Journal of Supercomputing.

[26]  Jianfeng Ma,et al.  An Improved Password-Based Remote User Authentication Protocol without Smart Cards , 2013, Inf. Technol. Control..

[27]  Zhi Guan,et al.  Finding and fixing vulnerabilities in several three-party password authenticated key exchange protocols without server public keys , 2013, Inf. Sci..

[28]  Athanasios V. Vasilakos,et al.  An Enhanced Mobile-Healthcare Emergency System Based on Extended Chaotic Maps , 2013, Journal of Medical Systems.

[29]  Xiong Li,et al.  An improved timestamp-based password authentication scheme: comments, cryptanalysis, and improvement , 2014, Secur. Commun. Networks.

[30]  Cheng-Chi Lee,et al.  A three-party password-based authenticated key exchange protocol with user anonymity using extended chaotic maps , 2013, Nonlinear Dynamics.

[31]  Hong-bin Tang,et al.  Weakness of remote authentication scheme of Chen et al. , 2014, Int. J. Commun. Syst..

[32]  Mohammad Sabzinejad Farash,et al.  Cryptanalysis and improvement of ‘an improved authentication with key agreement scheme on elliptic curve cryptosystem for global mobility networks’ , 2015, Int. J. Netw. Manag..

[33]  Cheng-Chi Lee,et al.  A secure biometric-based remote user authentication with key agreement scheme using extended chaotic maps , 2012, Nonlinear Dynamics.

[34]  Mohammad Sabzinejad Farash Security analysis and enhancements of an improved authentication for session initiation protocol with provable security , 2016, Peer Peer Netw. Appl..

[35]  Tian-Fu Lee,et al.  Efficient three-party encrypted key exchange using trapdoor functions , 2013, Secur. Commun. Networks.

[36]  Kefei Chen,et al.  Enhancements of a three-party password-based authenticated key exchange protocol , 2013, Int. Arab J. Inf. Technol..

[37]  Ping Li,et al.  A secure chaotic maps-based key agreement protocol without using smart cards , 2012 .

[38]  Mahmoud Ahmadian-Attari,et al.  An efficient client–client password-based authentication scheme with provable security , 2014, The Journal of Supercomputing.

[39]  Wei Liang,et al.  Cryptanalysis of a dynamic identity‐based remote user authentication scheme with verifiable password update , 2015, Int. J. Commun. Syst..

[40]  Chun Chen,et al.  Strong roaming authentication technique for wireless and mobile networks , 2013, Int. J. Commun. Syst..

[41]  Mahmoud Ahmadian-Attari,et al.  Vulnerability of two multiple-key agreement protocols , 2011, Comput. Electr. Eng..

[42]  Mahmoud Ahmadian-Attari,et al.  An anonymous and untraceable password-based authentication scheme for session initiation protocol using smart cards , 2016, Int. J. Commun. Syst..

[43]  胡学先,et al.  Universally composable three-party password-authenticated key exchange with contributiveness , 2014 .

[44]  Han-Yu Lin,et al.  Efficient mobile dynamic ID authentication and key agreement scheme without trusted servers , 2017, Int. J. Commun. Syst..

[45]  Mahmoud Ahmadian-Attari,et al.  An Enhanced Authenticated Key Agreement for Session Initiation Protocol , 2013, Inf. Technol. Control..

[46]  Mahmoud Ahmadian-Attari,et al.  A secure and efficient identity-based authenticated key exchange protocol for mobile client–server networks , 2014, The Journal of Supercomputing.

[47]  Mohammad Sabzinejad Farash,et al.  Cryptanalysis and improvement of a chaotic map-based key agreement protocol using Chebyshev sequence membership testing , 2014, Nonlinear Dynamics.

[48]  Jian Wang,et al.  Secure verifier-based three-party password-authenticated key exchange , 2013, Peer Peer Netw. Appl..

[49]  Rimantas Butleris,et al.  An Approach for Extracting Business Vocabularies from Business Process Models , 2013, Inf. Technol. Control..

[50]  Mohammad Sabzinejad Farash,et al.  A Novel Secure Bilinear Pairing Based Remote User Authentication Scheme with Smart Card , 2010, 2010 IEEE/IFIP International Conference on Embedded and Ubiquitous Computing.

[51]  Chun Chen,et al.  Lightweight and provably secure user authentication with anonymity for the global mobility network , 2011, Int. J. Commun. Syst..

[52]  Debiao He,et al.  Cryptanalysis of a communication-efficient three-party password authenticated key exchange protocol , 2012, Inf. Sci..

[53]  Mahmoud Ahmadian-Attari,et al.  An Enhanced and Secure Three-Party Password-based Authenticated Key Exchange Protocol without Using Server's Public-Keys and Symmetric Cryptosystems , 2014, Inf. Technol. Control..

[54]  Mohammad Sabzinejad Farash An improved password-based authentication scheme for session initiation protocol using smart cards without verification table , 2017, Int. J. Commun. Syst..

[55]  Nipun Bansal,et al.  Peer to Peer Networking and Applications , 2013 .

[56]  Mahmoud Ahmadian-Attari,et al.  A provably secure and efficient authentication scheme for access control in mobile pay-TV systems , 2014, Multimedia Tools and Applications.

[57]  Peng Gong,et al.  Cryptanalysis and improvement of a three-party key agreement protocol using enhanced Chebyshev polynomials , 2013, Nonlinear Dynamics.

[58]  Zhong Chen,et al.  New identity-based three-party authenticated key agreement protocol with provable security , 2013, J. Netw. Comput. Appl..

[59]  Muhammad Khurram Khan,et al.  Cryptanalysis and improvement of ‘a robust smart‐card‐based remote user password authentication scheme’ , 2014, Int. J. Commun. Syst..

[60]  Cheng-Chi Lee,et al.  An extended chaotic maps-based key agreement protocol with user anonymity , 2011, Nonlinear Dynamics.

[61]  Fang Qun Cryptanalysis and improvement of a remote user authentication scheme , 2010 .

[62]  Mahmoud Ahmadian Attari,et al.  A Certificate less Multiple-key Agreement Protocol without Hash Functions Based on Bilinear Pairings , 2012 .

[63]  Qi Xie,et al.  Chaotic maps-based three-party password-authenticated key agreement scheme , 2013, Nonlinear Dynamics.

[64]  Lei Jiang,et al.  A Robust and Efficient Timestamp-based Remote User Authentication Scheme with Smart Card Lost Attack Resistance , 2013, Int. J. Netw. Secur..

[65]  SK Hafizul Islam,et al.  Design and analysis of an improved smartcard‐based remote user password authentication scheme , 2016, Int. J. Commun. Syst..

[66]  Xiao Tan,et al.  Improvement of a Three-Party Password-Based Key Exchange Protocol with Formal Verification , 2013, Inf. Technol. Control..

[67]  Mahmoud Ahmadian-Attari,et al.  A new efficient authenticated multiple-key exchange protocol from bilinear pairings , 2013, Comput. Electr. Eng..

[68]  Lih-Chyau Wuu,et al.  Robust smart‐card‐based remote user password authentication scheme , 2014, Int. J. Commun. Syst..

[69]  Mahmoud Ahmadian-Attari,et al.  A Certificateless Multiple-key Agreement Protocol Based on Bilinear Pairings , 2012, IACR Cryptol. ePrint Arch..

[70]  Hongtu Li,et al.  An Efficient Three-Party Authentication Key Exchange Protocol for Wireless Sensor Networks , 2013 .

[71]  Chin-Chen Chang,et al.  Chaotic Maps-Based Mutual Authentication and Key Agreement using Smart Cards for Wireless Communications , 2013, J. Inf. Hiding Multim. Signal Process..

[72]  Peng Gong,et al.  On the security of a dynamic identity-based remote user authentication scheme with verifiable password update , 2015, Int. J. Commun. Syst..

[73]  Qi Xie,et al.  Improvement of a security enhanced one-time two-factor authentication and key agreement scheme , 2012, Sci. Iran..