Multimedia Tools and Applications

, Volume 77, Issue 1, pp 1167–1204 | Cite as

An improved and secure chaotic map based authenticated key agreement in multi-server architecture

  • Azeem IrshadEmail author
  • Muhammad Sher
  • Shehzad Ashraf Chaudhry
  • Qi Xie
  • Saru Kumari
  • Fan Wu


Multi-Server Authentication (MSA) provides the user an efficient way to avail multiple services of various multimedia service providers, once after getting registered from a registration centre. Previously, a user had to register all servers individually to use their respective service; which proves to be a redundant and inefficient procedure in comparison with MSA. Many MSA-based techniques have been put forward by researchers, so far, however with proven pitfalls. In the last few years, the focus has been shifted towards a more flexible and efficient Chebyshev cryptographic technique. In this regard, recently Tan’s scheme presented a chaotic map based multi-server authentication scheme with a focus on login scalability. Nonetheless, Tan’s scheme has been found vulnerable to insider (impersonation attack) and stolen smart card attacks. Besides, the Tan’s scheme fails to differentiate the login requests between the two presented cases. The current study work is based on improving the Tan’s technique in terms of security in almost an equivalent cost. The security for proposed work is evaluated in the performance evaluation section, while it shows that the security is provable under formal security model, as well as using BAN Logic.


Multi-server authentication Chebyshev chaotic map Cryptography Authentication key agreement 


  1. 1.
    Burrow M, Abadi M, Needham R (1990) A logic of authentication. ACM Trans Comput Syst 8:18–36CrossRefGoogle Scholar
  2. 2.
    Chen YL, Huang CH, Chou JS (2009) A novel multi-server authentication scheme. Cryptology ePrint Archive 91:161–190Google Scholar
  3. 3.
    Cheong KY, Koshiba T (2007) More on security of public key cryptosystems based on Chebyshev polynomials. IEEE T Circuits-II 54(9):795–799Google Scholar
  4. 4.
    Chuang M-C, Chen MC (2014) An anonymous multi-server authenticated key agreement scheme based on trust computing using smart cards and biometrics. Expert Syst Appl 41:1411–1418CrossRefGoogle Scholar
  5. 5.
    He D, Wu S (2013) Security flaws in a smart card based authentication scheme for multi-server environment. Wirel Pers Commun 70:1–7CrossRefGoogle Scholar
  6. 6.
    He DB, Chen YT, Chen JH (2012) Cryptanalysis and improvement of an extended chaotic maps-based key agreement protocol. Nonlinear Dynamics 69:1149–1157MathSciNetCrossRefzbMATHGoogle Scholar
  7. 7.
    Hsiang H-C, Shih W-K (2009) Improvement of the secure dynamic id based remote user authentication scheme for multi-server environment. Computer Standards & Interfaces 31(6):1118–1123CrossRefGoogle Scholar
  8. 8.
    Irshad A, Sher M, Faisal MS, Ghani A, Ul Hassan M, Ashraf Ch S (2014) A secure authentication scheme for session initiation protocol by using ECC on the basis of the tang and Liu scheme. Security and Communication Networks 7(8):1210–1218CrossRefGoogle Scholar
  9. 9.
    Irshad A, Sher M, Rehman E, Ch SA, Hassan MU, Ghani A (2015) A single round-trip SIP authentication scheme for voice over internet protocol using smart card. Multimedia Tools and Applications 74(11):3967–3984CrossRefGoogle Scholar
  10. 10.
    Irshad A, Sher M, Chaudhary SA, Naqvi H, Farash MS (2016) An efficient and anonymous multi-server authenticated key agreement based on chaotic map without engaging registration Centre. J Supercomput 72:1–22CrossRefGoogle Scholar
  11. 11.
    Jin ATB, Ling DNC, Goh A (2004) Bio-hashing: two factor authentication featuring fingerprint data and tokenised random number. Pattern Recogn 37(11):2245–2255CrossRefGoogle Scholar
  12. 12.
    Juang WS (2004) Efficient multi-server password authenticated key agreement using smart cards. IEEE Trans Consum Electron 50(1):251–255MathSciNetCrossRefGoogle Scholar
  13. 13.
    Kanso A, Yahyaoui H, Almulla M (2012) Keyed hash function based on a chaotic map. Inf Sci 186:249–264MathSciNetCrossRefzbMATHGoogle Scholar
  14. 14.
    Lai H, Xiao J, Li L, Yang Y (2012) Applying semi-group property of enhanced Chebyshev polynomials to anonymous authentication protocol. Math Probl Eng. doi: 10.1155/2012/454823 zbMATHGoogle Scholar
  15. 15.
    Lee TF (2015) Enhancing the security of password authenticated key agreement protocols based on chaotic maps. Inf Sci 290:63–71CrossRefzbMATHGoogle Scholar
  16. 16.
    Li C-T (2016) A secure chaotic maps-based privacy-protection scheme for multi-server environments. Security and Communication Networks 9:2276CrossRefGoogle Scholar
  17. 17.
    Li L, Lin I, Hwang M (2001) A remote password authentication scheme for multi-server architecture using neural networks. IEEE Trans Neural Netw 12(6):1498–1504CrossRefGoogle Scholar
  18. 18.
    Li X, Xiong YP, Ma J, Wang WD (2012) An efficient and secure dynamic identity based authentication protocol for multi-server architecture using smart cards. J Netw Comput Appl 35(2):763–769CrossRefGoogle Scholar
  19. 19.
    Li X, Niu J, Kumari S, Islam SH, Wu F, Khan MK, Das AK (2016) A novel chaotic maps-based user authentication and key agreement protocol for multi-server environments with provable security. Wirel Pers Commun 89:1–29CrossRefGoogle Scholar
  20. 20.
    Liao YP, Wang SS (2009) A secure dynamic ID based remote user authentication scheme for multi-server environment. Computer Standards & Interfaces 31(1):24–29CrossRefGoogle Scholar
  21. 21.
    Lin C, Hwang MS, Li LH (2003) A new remote user authentication scheme for multi-server architecture. Futur Gener Comput Syst 1(19):13–22CrossRefzbMATHGoogle Scholar
  22. 22.
    Lu Y, Li L, Peng H, Yang Y (2016) Cryptanalysis and improvement of a chaotic maps-based anonymous authenticated key agreement protocol for multi-server architecture. Security and Communication Networks 9:1321CrossRefGoogle Scholar
  23. 23.
    Lumini A, Loris N (2007) An improved bio-hashing for human authentication. Pattern Recogn 40(3):1057–1065CrossRefzbMATHGoogle Scholar
  24. 24.
    Mishra D, Das AK, Mukhopadhyay S (2014) A secure user anonymity-preserving biometric-based multi-server authenticated key agreement scheme using smart cards. Expert Syst Appl 41:8129–8143CrossRefGoogle Scholar
  25. 25.
    Niu Y, Wang X (2011) An anonymous key agreement protocol based on chaotic maps. Commun Nonlinear Sci Numer Simul 16:1986–1992MathSciNetCrossRefzbMATHGoogle Scholar
  26. 26.
    Özkaynak F, Yavuz S (2013) Designing chaotic S-boxes based on time-delay chaotic system. Nonlinear Dynamics 74:551–557MathSciNetCrossRefzbMATHGoogle Scholar
  27. 27.
    Pippal RS, Jaidhar C, Tapaswi S (2013) Robust smart card authentication scheme for multi-server architecture. Wirel Pers Commun 72:1–17CrossRefGoogle Scholar
  28. 28.
    Qi J, Fushan W, Shuai F, Jianfeng M, Guangsong L, Abdulhameed A (2016) Robust extended chaotic maps-based three-factor authentication scheme preserving biometric template privacy. Nonlinear Dynamics 83(4):2085–2101MathSciNetCrossRefzbMATHGoogle Scholar
  29. 29.
    Sandeep KS, Sarje AK, Singh K (2011) A secure dynamic identity based authentication protocol for multi-server architecture. J Netw Comput Appl 34(2):609–618CrossRefGoogle Scholar
  30. 30.
    Tan Z (2012) Improvement of smart card based password authentication scheme for multi-server environments. Turk J Electr Eng Comput Sci 20(6):881–900Google Scholar
  31. 31.
    Tan Z (2016) A privacy-preserving multi-server authenticated key-agreement scheme based on Chebyshev chaotic maps. Security and Communication Networks. doi: 10.1002/sec.1424 Google Scholar
  32. 32.
    Tsai JL (2008) Efficient multi-server authentication scheme based on one-way hash function without verification table. Computer Security 27(3–4):115–121CrossRefGoogle Scholar
  33. 33.
    Tsai JL, Lo NW (2015) A chaotic map-based anonymous multi-server authenticated key agreement protocol using smart card. Int J Commun Syst 28(13):1955–1963CrossRefGoogle Scholar
  34. 34.
    Tsai JL, Lo NW, Wu TC (2013) A new password-based multi-server authentication scheme robust to password guessing attacks. Wireless Personal Communications, accepted for publication. doi: 10.1007/s11277-012-0918-6.8
  35. 35.
    Tsaur WJ, Wu CC, Lee WB (2004) A smart card-based remote scheme for password authentication in multiserver internet services. Computer Standards & Interfaces 27:39–51CrossRefGoogle Scholar
  36. 36.
    Tsuar WJ, Wu CC, Lee WB (2001) A flexible user authentication scheme for multi-server internet services. In: Proceedings of first international conference on networking Colmar France, July 9–13, lecture notes in computer science, vol 2093. Springer-Verlag, Berlin, pp. 174–183Google Scholar
  37. 37.
    Wang B, Ma M (2013) A smart card based efficient and secured multi-server authentication scheme. Wirel Pers Commun 68(2):361–378CrossRefGoogle Scholar
  38. 38.
    Wang X, Zhao J (2010) An improved key agreement protocol based on chaos. Commun Nonlinear Sci Numer Simul 15:4052–4057MathSciNetCrossRefzbMATHGoogle Scholar
  39. 39.
    Wang X, Zhang W, Guo W, Zhang J (2013) Secure chaotic system with application to chaotic ciphers. Inf Sci 221:555–570MathSciNetCrossRefzbMATHGoogle Scholar
  40. 40.
    Wong K-W (2003) A combined chaotic cryptographic and hashing scheme. Phys Lett A 307:292–298MathSciNetCrossRefzbMATHGoogle Scholar
  41. 41.
    Xiao D, Liao X, Deng S (2005a) One-way hash function construction based on the chaotic map with changeable parameter. Chaos, Solitons Fractals 24:65–71MathSciNetCrossRefzbMATHGoogle Scholar
  42. 42.
    Xiao D, Liao X, Wong K (2005b) An efficient entire chaos based scheme for deniable authentication. Chaos, Solitons Fractals 23:1327–1331CrossRefzbMATHGoogle Scholar
  43. 43.
    Xiong L, Jianwei N, Zhibo W, Caisen C (2014) Applying biometrics to design three-factor remote user authentication scheme with key agreement. Security and Communication Networks 7(10):1488–1497Google Scholar
  44. 44.
    Xiong L, Jianwei N, Saru K, Junguo L, Wei L (2015a) An enhancement of a smart card authentication scheme for multi-server architecture. Wirel Pers Commun 80(1):175–192CrossRefGoogle Scholar
  45. 45.
    Xiong L, Jianwei N, Saru K, Muhammad KK, Junguo L, Wei L (2015b) Design and analysis of a chaotic maps-based three-party authenticated key agreement protocol. Nonlinear Dynamics 80(3):1209–1220MathSciNetCrossRefzbMATHGoogle Scholar
  46. 46.
    Xue KP, Hong PL (2012) Security improvement on an anonymous key agreement protocol based on chaotic maps. Commun Nonlinear Sci Numer Simul 17:2969–2977MathSciNetCrossRefzbMATHGoogle Scholar
  47. 47.
    Yoon EJ (2012) Efficiency and security problems of anonymous key agreement protocol based on chaotic maps. Commun Nonlinear Sci Numer Simul 17:2735–2740MathSciNetCrossRefzbMATHGoogle Scholar
  48. 48.
    Zhang L (2008) Cryptanalysis of the public key encryption based on multiple chaotic systems. Chaos, Solitons Fractals 37(3):669–674MathSciNetCrossRefzbMATHGoogle Scholar
  49. 49.
    Zhao F, Gong P, Li S, Li M, Li P (2013) Cryptanalysis and improvement of a three-party key agreement protocol using enhanced Chebyshev polynomials. Nonlinear Dynamics. doi: 10.1007/s11071-013-0979-4 MathSciNetzbMATHGoogle Scholar
  50. 50.
    Zhu H (2015) A provable privacy-protection system for multi-server environment. Nonlinear Dynamics 82(1–2):835–849MathSciNetCrossRefzbMATHGoogle Scholar

Copyright information

© Springer Science+Business Media New York 2017

Authors and Affiliations

  • Azeem Irshad
    • 1
    Email author
  • Muhammad Sher
    • 1
  • Shehzad Ashraf Chaudhry
    • 1
  • Qi Xie
    • 2
  • Saru Kumari
    • 3
  • Fan Wu
    • 4
  1. 1.Computer Science DepartmentInternational Islamic UniversityIslamabadPakistan
  2. 2.Hangzhou Key Laboratory of Cryptography and Network SecurityHangzhou Normal UniversityHangzhouChina
  3. 3.Chaudhary Charan Singh UniversityMeerutIndia
  4. 4.Xiamen Institute of TechnologyXiamenChina

Personalised recommendations