An extended chaotic-maps-based protocol with key agreement for multiserver environments

Due to the rapid development and growth of computer networks, there have been greater and greater demands for remote password authentication protocols. Recently, the focus has been on protocols for multiserver environments that run on smart cards. These protocols typically count on the nonce or timestamp to provide protection against the replay attack. However, as Tsaur et al. pointed out, these protocols have some security issues such as disturbance in clock synchronization and vulnerability to the man-in-the-middle attack. In order to solve the above problems, Tsaur et al. proposed a multiserver authentication scheme with key agreement in 2012, and they claimed that their scheme could effectively achieve password-authenticated key agreement while getting around the technical difficulty of implementing clock synchronization in multiserver environments. Unfortunately, we found out that Tsaur et al.’s protocol still has the following weaknesses: (1) inability to resist privileged insider attack, (2) inability to resist known-plaintext attack, (3) inability to provide user anonymity, and (4) lack of perfect forward secrecy. To fix these secure flaws of Tsaur et al.’s protocol, in this paper, we shall propose an improved multiserver authentication protocol with key agreement based on extended chaotic maps. We shall also offer formal proof of smooth execution of the improved authenticated key agreement protocol.

[1]  Min-Shiang Hwang,et al.  A remote password authentication scheme for multiserver architecture using neural networks , 2001, IEEE Trans. Neural Networks.

[2]  Xiaofeng Liao,et al.  A chaos-based hash function with both modification detection and localization capabilities , 2010 .

[3]  Cheng-Chi Lee,et al.  Password Authentication Schemes: Current Status and Key Issues , 2006, Int. J. Netw. Secur..

[4]  Zuowen Tan,et al.  A chaotic maps-based authenticated key agreement protocol with strong anonymity , 2013, Nonlinear Dynamics.

[5]  Song Han,et al.  Chaotic map based key agreement with/out clock synchronization , 2009 .

[6]  Wen-Shenq Juang,et al.  Robust and Efficient Password-Authenticated Key Agreement Using Smart Cards , 2008, IEEE Transactions on Industrial Electronics.

[7]  Cheng-Chi Lee On Security of An Efficient Nonce-based Authentication Scheme for SIP , 2009, Int. J. Netw. Secur..

[8]  Jia-Lun Tsai,et al.  Efficient multi-server authentication scheme based on one-way hash function without verification table , 2008, Comput. Secur..

[9]  Linhua Zhang Cryptanalysis of the public key encryption based on multiple chaotic systems , 2008 .

[10]  Debiao He,et al.  Cryptanalysis and improvement of an extended chaotic maps-based key agreement protocol , 2012, Nonlinear Dynamics.

[11]  Alfredo De Santis,et al.  Security of public-key cryptosystems based on Chebyshev polynomials , 2004, IEEE Transactions on Circuits and Systems I: Regular Papers.

[12]  Cheng-Chi Lee,et al.  Guessing Attacks on Strong-Password Authentication Protocol , 2013, Int. J. Netw. Secur..

[13]  Jizhou Sun,et al.  Improvements of Juang 's Password-Authenticated Key Agreement Scheme Using Smart Cards , 2009, IEEE Transactions on Industrial Electronics.

[14]  Eun-Jun Yoon,et al.  Cryptanalysis of Robust E-Mail Protocols with Perfect Forward Secrecy , 2007, IEEE Communications Letters.

[15]  Frances M. T. Brazier,et al.  Distributed Open Systems , 1994 .

[16]  Cheng-Chi Lee,et al.  A simple and efficient authentication scheme for mobile satellite communication systems , 2012, Int. J. Satell. Commun. Netw..

[17]  Jianhua Chen,et al.  Note on 'Design of improved password authentication and update scheme based on elliptic curve cryptography' , 2012, Math. Comput. Model..

[18]  T. J. Rivlin The Chebyshev polynomials , 1974 .

[19]  Xing-yuan Wang,et al.  A chaotic image encryption algorithm based on perceptron model , 2010 .

[20]  Martín Abadi,et al.  A logic of authentication , 1989, Proceedings of the Royal Society of London. A. Mathematical and Physical Sciences.

[21]  Cheng-Chi Lee,et al.  A secure biometric-based remote user authentication with key agreement scheme using extended chaotic maps , 2012, Nonlinear Dynamics.

[22]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[23]  Min-Shiang Hwang,et al.  A new remote user authentication scheme using smart cards , 2000, IEEE Trans. Consumer Electron..

[24]  Long-Jye Sheu,et al.  A speech encryption using fractional chaotic systems , 2011 .

[25]  X. Liao,et al.  One-way Hash function construction based on the chaotic map with changeable-parameter , 2005 .

[26]  Wei-Bin Lee,et al.  An efficient and secure multi-server authentication scheme with key agreement , 2012, J. Syst. Softw..

[27]  Chun Chen,et al.  A strong user authentication scheme with smart cards for wireless communications , 2011, Comput. Commun..

[28]  Chin-Chen Chang,et al.  Using smart cards to authenticate remote passwords , 1993 .

[29]  Jong Hyuk Park,et al.  Robust one-time password authentication scheme using smart card for home network environment , 2011, Comput. Commun..

[30]  Zhenfeng Zhang,et al.  Chaotic encryption algorithm based on alternant of stream cipher and block cipher , 2011 .

[31]  John T. Kohl,et al.  The Evolution of the Kerberos Authentication Service , 1992 .

[32]  Wen-Shenq Juang,et al.  Efficient multi-server password authenticated key agreement using smart cards , 2004, IEEE Transactions on Consumer Electronics.

[33]  Chih-Lyang Hwang,et al.  A Distributed Active-Vision Network-Space Approach for the Navigation of a Car-Like Wheeled Robot , 2009, IEEE Transactions on Industrial Electronics.

[34]  Cheng-Chi Lee,et al.  An Extended Multi-Server-Based User Authentication and Key Agreement Scheme with User Anonymity , 2013, KSII Trans. Internet Inf. Syst..

[35]  Belden Menkus,et al.  Understanding the use of passwords , 1988, Comput. Secur..

[36]  Cheng-Chi Lee,et al.  A Robust Remote User Authentication Scheme Using Smart Card , 2011, Inf. Technol. Control..

[37]  Cheng-Chi Lee,et al.  An extended chaotic maps-based key agreement protocol with user anonymity , 2011, Nonlinear Dynamics.

[38]  Min-Shiang Hwang,et al.  A new remote user authentication scheme for multi-server architecture , 2003, Future Gener. Comput. Syst..

[39]  Cheng-Chi Lee,et al.  Security Enhancement on a New Authentication Scheme With Anonymity for Wireless Environments , 2006, IEEE Transactions on Industrial Electronics.