Provably Secure Multi-server Privacy-Protection System Based on Chebyshev Chaotic Maps without Using Symmetric Cryptography

Most of the privacy-protection schemes adopting chaotic maps are usually by symmetric cryptography for guaranteeing identity hiding. This will lead to a high calculated amount. So, the paper will wipe out the symmetric cryptography, and only use chaotic maps, a secure one-way hash function to construct a provable privacy-protection system (PPS) which can achieve two kinds of privacy- protection and switch between them optionally by users: The first is anonymous scheme which can make nobody know the user's identity, including the server and the registration center (RC), and they only know these users are legal or paying members. The other is hiding scheme which owns also privacy-protection property, because the user's identity is not transferred during the process of the proposed protocol, and only the server and the RC know the user's identity. About practical environment, we adopt multi-server architecture which can allow the user to register at the RC once and can access all the permitted services provided by the eligible servers. Then a new PPS authenticated key agreement protocol is given based on chaotic maps. Security of the scheme is based on chaotic maps hard problems and a secure one way hash function. Compared with the related literatures recently, our proposed scheme can not only own high efficiency and unique functionality, but is also robust to various attacks and achieves perfect forward secrecy. Finally, we give the security proof and the efficiency analysis of our proposed scheme.

[1]  Cheng-Chi Lee,et al.  Towards secure and efficient user authentication scheme using smart card for multi-server environments , 2013, The Journal of Supercomputing.

[2]  Yuh-Min Tseng,et al.  A revocable ID-based authenticated group key exchange protocol with resistant to malicious participants , 2012, Comput. Networks.

[3]  Rosario Gennaro,et al.  Provably secure threshold password-authenticated key exchange , 2003, J. Comput. Syst. Sci..

[4]  Emmanuel Bresson,et al.  Group Diffie-Hellman Key Exchange Secure against Dictionary Attacks , 2002, ASIACRYPT.

[5]  Ljupco Kocarev,et al.  Chaos-Based Cryptography - Theory, Algorithms and Applications , 2011, Chaos-Based Cryptography.

[6]  Shuenn-Shyang Wang,et al.  A secure dynamic ID based remote user authentication scheme for multi-server environment , 2009, Comput. Stand. Interfaces.

[7]  Cheng-Chi Lee,et al.  A three-party password-based authenticated key exchange protocol with user anonymity using extended chaotic maps , 2013, Nonlinear Dynamics.

[8]  Ian Goldberg On the Security of the Tor Authentication Protocol , 2006, Privacy Enhancing Technologies.

[9]  Elaine B. Barker,et al.  SP 800-56B. Recommendation for Pair-Wise Key Establishment Schemes Using Integer Factorization Cryptography , 2009 .

[10]  M. Baptista Cryptography with chaos , 1998 .

[11]  Min-Shiang Hwang,et al.  A remote password authentication scheme for multiserver architecture using neural networks , 2001, IEEE Trans. Neural Networks.

[12]  Wuu Yang,et al.  A Chaotic Maps-Based Key Agreement Protocol that Preserves User Anonymity , 2009, 2009 IEEE International Conference on Communications.

[13]  Shashikala Tapaswi,et al.  Robust Smart Card Authentication Scheme for Multi-server Architecture , 2013, Wireless Personal Communications.

[14]  Jonathan Katz,et al.  Two-server password-only authenticated key exchange , 2005, J. Comput. Syst. Sci..

[15]  Hugo Krawczyk,et al.  Analysis of Key-Exchange Protocols and Their Use for Building Secure Channels , 2001, EUROCRYPT.

[16]  Min-Shiang Hwang,et al.  A new remote user authentication scheme for multi-server architecture , 2003, Future Gener. Comput. Syst..

[17]  Jun Sun,et al.  A general compiler for password-authenticated group key exchange protocol , 2010, Inf. Process. Lett..

[18]  Linhua Zhang Cryptanalysis of the public key encryption based on multiple chaotic systems , 2008 .

[19]  Ian Goldberg,et al.  Anonymity and one-way authentication in key exchange protocols , 2012, Designs, Codes and Cryptography.

[20]  Hongfeng Zhu,et al.  A Provable One-way Authentication Key Agreement Scheme with User Anonymity for Multi-server Environment , 2015, KSII Trans. Internet Inf. Syst..

[21]  Christopher Allen,et al.  The TLS Protocol Version 1.0 , 1999, RFC.

[22]  Xing-yuan Wang,et al.  An improved key agreement protocol based on chaos , 2010 .

[23]  Ian Goldberg,et al.  Pairing-Based Onion Routing with Improved Forward Secrecy , 2010, TSEC.

[24]  Jia-Lun Tsai,et al.  Efficient multi-server authentication scheme based on one-way hash function without verification table , 2008, Comput. Secur..

[25]  Muhammad Khurram Khan,et al.  Improving the security of 'a flexible biometrics remote user authentication scheme' , 2007, Comput. Stand. Interfaces.

[26]  Wei-Kuan Shih,et al.  Improvement of the secure dynamic ID based remote user authentication scheme for multi-server environment , 2009, Comput. Stand. Interfaces.

[27]  Bogdan Warinschi,et al.  A Modular Security Analysis of the TLS Handshake Protocol , 2008, ASIACRYPT.

[28]  Elaine B. Barker,et al.  Recommendation for Pair-Wise Key Establishment Schemes Using Integer Factorization Cryptography | NIST , 2009 .