LI Xiong,WU Fan,LIAO Jun-guo,LIU Yu-zhen

DOI: https://doi.org/10.11959/j.issn.2096-109x.2016.00060

2016-01-01

Abstract:Chaotic map has been used in the design of key agreement protocol due to its excellent properties. In most of password three-party authenticated key agreement protocol based on chaotic map, the server needs to store a sensitive password table. It makes these protocols vulnerable to some password related attacks. Besides, it would be dangerous if the password table was leaked. To resolve the aforementioned problems, a new password three-party authenticated key agreement protocol based on chaotic maps was proposed. The server didn’t need to maintain a password table, so the proposed scheme was free from password related attack. Compared with other related proto-cols, the proposed protocol not only enhances the security, but also improves the efficiency greatly.

Xiong Li,Jianwei Niu,Saru Kumari,Muhammad Khurram Khan,Junguo Liao,Wei Liang

DOI: https://doi.org/10.1007/s11071-015-1937-0

IF: 5.741

2015-01-01

Nonlinear Dynamics

Abstract:An authenticated key agreement protocol is a protocol for information security over insecure networks. Due to the excellent properties of chaotic system, chaos-related cryptography has received a certain development, and recently, researchers have presented some three-party authenticated key agreement protocols based on the chaotic maps. Unfortunately, most of the chaotic maps-based key agreement protocols use a password to achieve the key agreement, and this leads to some security loopholes. First, the server has to store a sensitive password table, and it would be dangerous if the server was compromised or the password table was leaked. Besides, the low-entropy passwords are vulnerable to some password-related attacks, such as insider attack and password guessing attacks. In this paper, we design a communication- and computation-efficient chaotic maps-based three-party authenticated key agreement protocol without password and clock synchronization, and formally analyze the security using Burrows–Abadi–Needham logic. In addition to the formal analysis, we also prove that the presented protocol is free from most of the common attacks, and compare the performance and functionality with other related protocols. The result of the analysis and comparisons demonstrate that our protocol is more efficient and practical for real applications.

Nan Liu,Cheng Guo,Huan Zhang,Lifeng Yuan

DOI: https://doi.org/10.1049/ic.2014.0156

2014-01-01

Abstract:With the gradual research on authentication issues, many researchers began to apply chaotic maps. Chaos theory has many good properties. It can achieve fast computing, and the time of encryption and decryption can be shortened to ensure smooth communication. Meanwhile, smart card technology is becoming a more practical technology. It has capabilities of security, confidentiality and identification, and can complete simple encryption and decryption operations. Based on the property of chaotic maps and smart cards, we proposed an authenticated key agreement protocol. In our protocol, we reach the goal of creatively combining chaotic maps and smart cards. Using chaotic maps and smart cards simplify our protocol and decrease the communication overhead, also improve the security of the authentication process.

Jiao Zhang,Yong He,Yu-Zhen Liu,Xiong Li

2015-01-01

Abstract:Identity authentication protocol is an important type of protocols for information security protection. Recently, Lee et al. pointed out the security flaws of a multi-server user authentication protocol with key agreement which is presented by Tsaur et al., and they further proposed an extended chaotic maps-based user authentication protocol for multi-server. However, we observed that Lee et al.'s protocol has some functionality and security flaws. In this paper, the cryptanalysis of Lee et al.'s authentication protocol was pointed out, and it was found inefficient in the detection of unauthorized login and did not support password change. Besides, their protocol is pointed out vulnerable to registration center spoofing attack and server spoofing attack.

Kaiping Xue,Peilin Hong

DOI: https://doi.org/10.1016/j.cnsns.2011.11.025

IF: 4.186

2012-01-01

Communications in Nonlinear Science and Numerical Simulation

Abstract:In 2009, Tseng et al. proposed a password sharing and chaotic map based key agreement protocol (Tseng et al.’s protocol). They claimed that the protocol provided mutual authentication between a server and a user, and allowed the user to anonymously interact with the server to establish a shared session key. However, in 2011, Niu et al. have proved that Tseng et al.’s protocol cannot guarantee user anonymity and protocol security when there is an internal adversary who is a legitimate user. Also it cannot provide perfect forward secrecy. Then Niu et al. introduced a trust third party (TTP) into their protocol designing (Niu et al.’s protocol). But according to our research, Niu et al.’s protocol is found to have several unsatisfactory drawbacks. Based on reconsidering Tseng et al.’s protocol without introducing TTP, we give some improvements to meet the original security and performance requirements. Meanwhile our proposed protocol overcomes the security flaws of Tseng et al.’s protocol.

Debiao He,Yitao Chen,Jianhua Chen

DOI: https://doi.org/10.1007/s11071-012-0335-0

IF: 5.741

2012-01-01

Nonlinear Dynamics

Abstract:Very recently, Lee et al. (C. Lee, C. Chen, C. Wu, S. Huang, An extended chaotic maps-based key agreement protocol with user anonymity, Nonlinear Dynamics, doi: 10.1007/s11071-011-0247-4) proposed a chaotic maps-based key agreement protocol with user anonymity and claimed their protocol could resist various attacks. In this paper, we will point out that Lee et al.'s protocol suffers from three weaknesses: (1) inability of resisting the privileged insider attack; (2) inability of resisting the denial-of-service attack; and (3) inability of providing anonymity. To overcome the weaknesses, we also proposed an improved protocol. The analysis shows our protocol is more suitable for practical applications.

Xiong Li,Jianwei Niu,Saru Kumari,SK Hafizul Islam,Fan Wu,Muhammad Khurram Khan,Ashok Kumar Das

DOI: https://doi.org/10.1007/s11042-017-4390-x

IF: 2.017

2014-01-01

Wireless Personal Communications

Abstract:The widespread popularity of the computer networks has triggered concerns about information security. Password-based user authentication with key agreement protocols have drawn attentions since it provides proper authentication of a user before granting access right to services, and then ensure secure communication over insecure channels. Recently, Lee et al. pointed out different security flaws on Tsaur et al.'s multi-server user authentication protocol, and they further proposed an extended chaotic maps-based user authentication with key agreement protocol for multi-server environments. However, we observed that Lee et al.'s protocol has some functionality and security flaws, i.e., it is inefficient in detection of unauthorized login and it does not support password change mechanism. Besides, their protocol is vulnerable to registration center spoofing attack and server spoofing attack. In order to remedy the aforementioned flaws, we proposed a novel chaotic maps-based user authentication with key agreement protocol for multi-server environments. The proposed protocol is provably secure in the random oracle model under the chaotic-maps based computational Diffie-Hellman assumption. In addition, we analyzed our protocol using BAN logic model. We also compared our protocol with Lee et al.'s protocol in aspects of computation cost, functionalities and securities.

Uddeshaya Kumar,Manish Garg,Gautam Kaushik

DOI: https://doi.org/10.1007/s10586-023-04232-2

2024-01-11

Cluster Computing

Abstract:The three party authenticated key agreement protocol assists two parties in affirming one another and agreeing on a shared session key with the assistance of a trusted server. Chaos-based cryptography has seen considerable progress due to the sound characteristics of chaotic systems. Nowadays, many researchers are actively working in this direction and have proposed various three party authenticated key agreement protocols based on chaotic maps. In this paper, we analysed the Zheng et al. 's scheme (IEEE Access 8:66150–66162, 2020, https://doi.org/10.1109/ACCESS.2020.2979251) and found that it is vulnerable to various attacks like verification table theft attack, impersonation attacks and also it does not provide anonymity to users. Zheng et al.'s scheme also has flaw in registration phase and uses timestamps for key freshness. In this article, we proposed a three party chaotic based authenticated key agreement protocol which is secured against aforementioned attacks. Authors are also compared the proposed scheme with other comparable and existing schemes in terms of security features, computation cost, and communication cost. The comparison analysis shows that the proposed scheme has more security features at a lower cost in computing and communication. We have also demonstrated the security of the proposed protocol within the framework of the random oracle model.

computer science, information systems, theory & methods

Yu Liu,Kaiping Xue

DOI: https://doi.org/10.1007/s11071-015-2506-2

IF: 5.741

2015-01-01

Nonlinear Dynamics

Abstract:Recently, chaos has been treated as a good way to reduce computational complexity while satisfying security requirements of a key agreement protocol. Guo and Zhang (Inf Sci 180(20):4069–4074, 2010 ) proposed an chaotic public-key cryptosystem-based key agreement protocol. Lee (Inf Sci 290:63–71, 2015 ) has proved that Guo et al.’s scheme cannot resist off-line password guess attack. In this paper, we furtherly demonstrate Guo et al.’s scheme has redundancy in protocol design and still has some security flaws. Furthermore, we present an improved secure password and chaos-based two-party key agreement protocol, which can solve the security threats of replay and denial-of-service attacks. Meanwhile, we simplify the protocol steps to reduce redundancy in protocol design. From security and performance analysis, our proposed protocol can resist the security flaws in related works, and it has less communication overhead and computational complexity.

Fan Wu,Lili Xu

DOI: https://doi.org/10.1007/978-3-319-68542-7_16

2017-01-01

Abstract:Cloud computing is a hot issue mentioned more and more nowadays. Vast information for every domain are stored in cloud servers. Security issue is accompanied with the fast development of cloud application. On the other hand, many authentication schemes with different methods have been presented over the last decades. To guarantee the valid access to remote server, smart cards are used on the client side. Moreover, user anonymity becomes a hot issue in such schemes. We present a chaotic-map based mutual authentication scheme for cloud computing. After our concrete analysis, the new scheme not only makes user anonymous but also performs well in basic aspects compared with recent schemes. The new scheme is practical and efficient via our comparison and it overcomes various attacks and meets security requirements in public opinion. ...

Qi Xie,Deren Chen

DOI: https://doi.org/10.1109/icie.2010.292

2010-01-01

Journal of Networks

Abstract:To use the network services provided by multiple servers in mobile wireless network, a hash function and smart card based multi-server authentication scheme without verification tables and servers' public keys is proposed. The new protocol has many advantages, such as no encryption, signature, verification tables, timestamp, and public keys directory.

Azeem Irshad,Muhammad Sher,Muhammad Usman Ashraf,Bander A. Alzahrani,Fan Wu,Qi Xie,Saru Kumari

DOI: https://doi.org/10.1007/s11277-017-3990-0

IF: 2.017

2017-01-01

Wireless Personal Communications

Abstract:The simple password based authentication techniques have been evolving into more secure and advanced protocols, capable of countering the advanced breed of threats. Following this development, the multi-server authentication (MSA), lets subscribers the provision of services from various service providers out of a single registration performed initially. The user seeks to register from registration centre first, and could avail a range of services onwards. The research efforts on MSA based framework, for making it lightweight and security resilient, has been going on a reasonable pace. However, yet we have not come up with a framework that can be relied upon for deployment in an access network bearing nodes that demand low computational cost. Recently, in this regard, Tsai and Lo presented a chaotic map-based multi-server authentication protocol. However, the Tsai and Lo scheme is found vulnerable to key-compromise impersonation attack, Bergamo et al. and password guessing attack by Lu et al. In return, Lu et al. presented a model countering the flaws of Tsai and Lo scheme. We review both schemes and found that Tsai et al. is still vulnerable to more threats, and at the same time, we demonstrate that Lu et al. is also vulnerable to RC-spoofing attack, replay attack, anonymity failure and bears some technical flaws. In this paper, we propose a secure and efficient scheme improved upon Tsai et al. protocol. Besides, this study work presents the formal security analysis using BAN logic and performance efficiency has also been evaluated against contemporary protocols.

Tong Tong,Jianhua Chen

DOI: https://doi.org/10.3969/j.issn.1001-3695.2017.08.046

2017-01-01

Abstract:When people transfer accounts or shop online using their mobile device, it needs authenticated scheme to protect the security.Recently, Zhu Hongfeng proposed a chaotic maps based authenticated scheme.This paper pointed out that Zhu''s scheme was suffered from user impersonation attack, off-line dictionary attack and ID-theft attack.Moreover, this scheme had design flaws in login phase and password change phase.In order to overcome these flaws, this paper proposed an improved chaotic maps based mobile authenticated scheme.Furthermore, it certufued the proposed scheme by BAN logic.According to the comparison with other schemes and simulation results, the proposed scheme is more secure and efficient than other schemes.

Shuming Qiu,Ding Wang,Guoai Xu,Saru Kumari

DOI: https://doi.org/10.1109/tdsc.2020.3022797

2020-01-01

IEEE Transactions on Dependable and Secure Computing

Abstract:Due to the limitations of symmetric-key techniques, authentication and key agreement (AKA) protocols based on public-key techniques have attracted much attention, providing secure access and communication mechanism for various application environments. Among these public-key techniques used for AKA protocols, chaotic-map is more effective than scalar multiplication and modular exponentiation, and it offers a list of desirable cryptographic properties such as un-predictability, un-repeatability, un-certainty, and higher efficiency than scalar multiplication and modular exponentiation. Furthermore, it is usually believed that three-factor AKA protocols can achieve a higher security level than single- and two-factor protocols. However, none of existing three-factor AKA protocols can meet all security requirements. One of the most prevalent problems is how to balance security and usability, and particularly how to achieve truly three-factor security while providing password change friendliness. To deal with this problem, in this article we put forward a provably secure three-factor AKA protocol based on extended chaotic-maps for mobile lightweight devices, by adopting the techniques of "Fuzzy-Verifiers" and "Honeywords". We prove the security of the proposed protocol in the random oracle model, assuming the intractability of extended chaotic-maps Computational Diffie-Hellman problem. We also simulate the protocol by using the AVISPA tool. The security analysis and simulation results show that our protocol can meet all 13 evaluation criteria regarding security. We also assess the performance of our protocol by comparing with seven other related protocols. The evaluation results demonstrate that our protocol offers better balance between security and usability over state-of-the-art ones.

computer science, information systems, software engineering, hardware & architecture

Kyong-Sok Pak,Mi-Hyang Kim,Song-Ho Pak,Chol-Man Ho

DOI: https://doi.org/10.1371/journal.pone.0273664

IF: 3.7

2022-09-16

PLoS ONE

Abstract:Three-party authentication key exchange is a protocol that allows two users to set up a session key for encrypted communication by the help of a trusted remote server. Providing user anonymity and mutual authentication in the authentication key exchange is important security requirements to protect users’ privacy and enhance its security performance. Recently Li proposed a chaotic maps-based authentication key exchange protocol which attempts to provide mutual authentication and user anonymity, but we found that there were some faults in the key exchange phase and password change phase of his scheme. We prove that Li’s scheme does not provide user anonymity and that the user’s privacy information is disclosed, and propose enhanced three-party authentication key exchange protocol that provides user anonymity and we analyse its security properties and verify its validity based on BAN logic and AVISPA tool.

multidisciplinary sciences

Saru Kumari,Xiong Li,Fan Wu,Ashok Kumar Das,Hamed Arshad,Muhammad Khurram Khan

DOI: https://doi.org/10.1016/j.future.2016.04.016

IF: 7.307

2016-01-01

Future Generation Computer Systems

Abstract:Spread of wireless network technology has opened new doors to utilize sensor technology in various areas via Wireless Sensor Networks (WSNs). Many authentication protocols for among the service seeker users, sensing component sensor nodes (SNs) and the service provider base-station or gateway node (GWN) are available to realize services from WSNs efficiently and without any fear of deceit. Recently, Li et al. and He et al. independently proposed mutual authentication and key agreement schemes for WSNs. We find that both the schemes achieve mutual authentication, establish session key and resist many known attacks but still have security weaknesses. We show the applicability of stolen verifier, user impersonation, password guessing and smart card loss attacks on Li et al.’s scheme. Although their scheme employs the feature of dynamic identity, an attacker can reveal and guess the identity of a registered user. We demonstrate the susceptibility of He et al.’s scheme to password guessing attack. In both the schemes, the security of the session key established between user and SNs is imperfect due to lack of forward secrecy and session-specific temporary information leakage attack. In addition both the schemes impose extra computational load on resource scanty sensor-nodes and are not user friendly due to absence of user anonymity and lack of password change facility. To handle these drawbacks, we design a mutual authentication and key agreement scheme for WSN using chaotic maps. To the best of our knowledge, we are the first to propose an authentication scheme for WSN based on chaotic maps. We show the superiority of the proposed scheme over its predecessor schemes by means of detailed security analysis and comparative evaluation. We also formally analyze our scheme using BAN logic.

Azeem Irshad,Shehzad Ashraf Chaudhry,Qi Xie,Xiong Li,Mohammad Sabzinejad Farash,Saru Kumari,Fan Wu

DOI: https://doi.org/10.1007/s11042-016-4236-y

IF: 2.807

2017-01-01

Arabian Journal for Science and Engineering

Abstract:Multi-Server Authentication (MSA) provides the user an efficient way to avail multiple services of various multimedia service providers, once after getting registered from a registration centre. Previously, a user had to register all servers individually to use their respective service; which proves to be a redundant and inefficient procedure in comparison with MSA. Many MSA-based techniques have been put forward by researchers, so far, however with proven pitfalls. In the last few years, the focus has been shifted towards a more flexible and efficient Chebyshev cryptographic technique. In this regard, recently Tan’s scheme presented a chaotic map based multi-server authentication scheme with a focus on login scalability. Nonetheless, Tan’s scheme has been found vulnerable to insider (impersonation attack) and stolen smart card attacks. Besides, the Tan’s scheme fails to differentiate the login requests between the two presented cases. The current study work is based on improving the Tan’s technique in terms of security in almost an equivalent cost. The security for proposed work is evaluated in the performance evaluation section, while it shows that the security is provable under formal security model, as well as using BAN Logic.

Kyongsok Pak,Songho Pak,Cholman Ho,Myongsuk Pak,Choljin Hwang

DOI: https://doi.org/10.1371/journal.pone.0213976

IF: 3.7

2019-03-20

PLoS ONE

Abstract:Three-party authentication key exchange (3PAKE) is a protocol that allows two users to set up a common session key with the help of a trusted remote server, which is effective for secret communication between clients in a large-scale network environment. Since chaotic maps have superior characteristics, researchers have recently presented some of the studies that apply it to authentication key exchange and cryptography. Providing user anonymity in the authentication key exchange is one of the important security requirements to protect users' personal secrets. We analyse Lu et al.'s scheme which attempts to provide user anonymity and we prove that his scheme has errors in the key exchange phase and password change phase. We propose a round-effective three-party authentication key exchange (3PAKE) protocol that provides user anonymity and we analyse its security properties based on BAN logic and AVISPA tool.

Chun‐Ta Li,Chun-Ta Li

DOI: https://doi.org/10.1002/sec.1487

IF: 1.968

2016-03-11

Security and Communication Networks

Abstract:Abstract A multi‐server environment helps the users to register at the registration center once and can gain numerous network services and resources provided by remote application servers. In order to protect sensitive data from unauthorized disclosure, to authenticate the identities of network participants, and to preserve user anonymity, many chaotic maps‐based multi‐server authenticated key agreement schemes with user anonymity were proposed. Recently, Zhu proposed a provable privacy‐protection system towards multi‐server architecture, and the main contributions of their proposed system are achieving mutual authentication between network participants and ensuring the anonymity or hiding identities for the login users. However, we analyze the security of Zhu's scheme and show that it is vulnerable to privileged‐insider attack and does not protect user anonymity. We also demonstrate that Zhu's scheme fails to provide mutual authentication between login user and application server and has a design flaw in anonymous authentication. To withstand these security drawbacks, we further design an improved chaotic maps‐based privacy‐protection scheme for multi‐server environments. In comparison with the existing chaotic maps‐based privacy‐protection schemes, our proposed scheme is more secure with acceptable computation costs for multi‐server environments. Copyright © 2016 John Wiley & Sons, Ltd.

computer science, information systems,telecommunications

ZHU Chang-sheng,LIU Peng-hui,WANG Qing-rong,CAO Lai-cheng

DOI: https://doi.org/10.3724/sp.j.1087.2011.01862

2011-01-01

Journal of Computer Applications

Abstract:How to keep mutual anonymity between two entities is one of the critical issues for Trusted Computation(TC).According to the characteristics of TC,an efficient password-based authenticated key exchange scheme was proposed.Adopting threshold cryptography and fuzzy ID set,the scheme achieved mutual anonymity between user and server sharing ID set.On the premise of secure hashing,the analysis and the proving procedure based on the Random Oracle Model(ROM) show this scheme is secure against dictionary attack and resource-depletion DoS(Denial-of-Service) attack under the computational Diffie-Hellman intractability assumption.This scheme effectively preserves the user's privacy and server's privacy,and compared with other schemes such as VIET et al.'s scheme,it is more efficient.