Wireless Personal Communications

, Volume 89, Issue 2, pp 569–597 | Cite as

A Novel Chaotic Maps-Based User Authentication and Key Agreement Protocol for Multi-server Environments with Provable Security

  • Xiong Li
  • Jianwei Niu
  • Saru Kumari
  • SK Hafizul Islam
  • Fan Wu
  • Muhammad Khurram Khan
  • Ashok Kumar Das
Article

Abstract

The widespread popularity of the computer networks has triggered concerns about information security. Password-based user authentication with key agreement protocols have drawn attentions since it provides proper authentication of a user before granting access right to services, and then ensure secure communication over insecure channels. Recently, Lee et al. pointed out different security flaws on Tsaur et al.’s multi-server user authentication protocol, and they further proposed an extended chaotic maps-based user authentication with key agreement protocol for multi-server environments. However, we observed that Lee et al.’s protocol has some functionality and security flaws, i.e., it is inefficient in detection of unauthorized login and it does not support password change mechanism. Besides, their protocol is vulnerable to registration center spoofing attack and server spoofing attack. In order to remedy the aforementioned flaws, we proposed a novel chaotic maps-based user authentication with key agreement protocol for multi-server environments. The proposed protocol is provably secure in the random oracle model under the chaotic-maps based computational Diffie-Hellman assumption. In addition, we analyzed our protocol using BAN logic model. We also compared our protocol with Lee et al.’s protocol in aspects of computation cost, functionalities and securities.

Keywords

User authentication Chaotic maps Session key agreement Smart card Multi-server environments 

Notes

Acknowledgments

This work was supported by the National Natural Science Foundation of China under Grant Nos. 61300220, 61572013 and 61572188, the General and Special Financial Grant from China Postdoctoral Science Foundation under Grant Nos. 2014M550590 and 2015T80035, respectively. SK Hafizul Islam is partially supported by OPERA Award, BITS Pilani, India. Fan Wu is supported by Fujian Education and Scientific Research Program for Young and Middle-aged Teachers under Grant No. JA14369. Besides, the authors extend their sincere appreciations to the Deanship of Scientific Research at King Saud University for its funding this Prolific Research Group (PRG-1436-16).

References

  1. 1.
    Lamport, L. (1981). Password authentication with insecure communication. Communications of the ACM, 24(11), 770–772.MathSciNetCrossRefGoogle Scholar
  2. 2.
    Horng, G. (1995). Password authentication without using a password table. Information Processing Letters, 550(5), 247–250.MathSciNetMATHGoogle Scholar
  3. 3.
    Jan, J. K., & Chen, Y. Y. (1998). Paramita wisdom password authentication scheme without verification tables. Journal of Systems and Software, 42(1), 45–57.CrossRefGoogle Scholar
  4. 4.
    He, D. B., Kumar, N., & Naveen, C. (2015). A secure temporal-credential-based mutual authentication and key agreement scheme with pseudo identity for wireless sensor networks. Information Sciences, 321, 263–277.CrossRefGoogle Scholar
  5. 5.
    He, D. B., & Wang, D. (2015). Robust biometrics-based authentication scheme for multi-server environment. IEEE Systems Journal, 9(3), 816–823.CrossRefGoogle Scholar
  6. 6.
    He, D. B., Kumar, N., Chen, J. H., Lee, C. C., Chilamkurti, N., & Yeo, S. S. (2015). Robust anonymous authentication protocol for healthcare applications using wireless medical sensor networks. Multimedia Systems, 21(1), 49–60.CrossRefGoogle Scholar
  7. 7.
    Li, X., Niu, J. W., Khan, M. K., & Liao, J. G. (2013). An enhanced smart card based remote user password authentication scheme. Journal of Network and Computer Applications, 36(5), 1365–C1371.CrossRefGoogle Scholar
  8. 8.
    Li, X., Niu, J. W., Ma, J., Wang, W. D., & Liu, C. L. (2011). Cryptanalysis and improvement of a biometrics-based remote user authentication scheme using smart cards. Journal of Network and Computer Applications, 34(1), 73–79.CrossRefGoogle Scholar
  9. 9.
    Wang, R. C., Juang, W. S., & Lei, C. L. (2011). Robust authentication and key agreement scheme preserving the privacy of secret key. Computer Communications, 34(3), 274–280.CrossRefGoogle Scholar
  10. 10.
    Chang, Y. F., Tai, W. L., & Chang, H. C. (2014). Untraceable dynamic-identity-based remote user authentication scheme with verifiable password update. International Journal of Communication Systems, 27(11), 3430–3440.Google Scholar
  11. 11.
    Li, X., Niu, J. W., Liao, G. J., & Liang, W. (2015). Cryptanalysis of a dynamic identity-based remote user authentication scheme with verifiable password update. International Journal of Communication Systems, 28(2), 374–382.CrossRefGoogle Scholar
  12. 12.
    Liu, Y. C., Gong, P., Yan, X. P., & Li, P. (2015). On the security of a dynamic identity-based remote user authentication scheme with verifiable password update. International Journal of Communication Systems, 28(5), 842–847.CrossRefGoogle Scholar
  13. 13.
    Li, L. H., Lin, I. C., & Hwang, M. S. (2001). A remote password authentication scheme for multi-server architecture using neural networks. IEEE Transactions on Neural Network, 12(6), 1498–1504.CrossRefGoogle Scholar
  14. 14.
    Lin, I. C., Hwang, M. S., & Li, L. H. (2003). A new remote user authentication scheme for multi-server architecture. Future Generation Computer Systems, 19(1), 13–22.CrossRefMATHGoogle Scholar
  15. 15.
    Juang, W. S. (2004). Efficient multi-server password authenticated key agreement using smart cards. IEEE Transactions on Consumer Electronics, 50(1), 251–255.CrossRefGoogle Scholar
  16. 16.
    Chang, C. C., & Lee, J. S. (November 2004). An efficient and secure multi-server password authentication scheme using smart cards. In Proceedings of the third international conference on cyberworlds, (pp. 417–422).Google Scholar
  17. 17.
    Tsaur, W. J., Wu, C. C., & Lee, W. B. (2004). A smart card-based remote scheme for password authentication in multi-server Internet services. Computer Standards & Interfaces, 27(1), 39–51.CrossRefGoogle Scholar
  18. 18.
    Tsaur, W. J., Wu, C. C., & Lee, W. B. (2005). An enhanced user authentication scheme for multi-server Internet services. Applied Mathematics and Computation, 170(1), 258–266.MathSciNetCrossRefMATHGoogle Scholar
  19. 19.
    Tsai, J. L. (2008). Efficient multi-server authentication scheme based on one-way hash function without verification table. Computers and Security, 27(3–4), 115–121.CrossRefGoogle Scholar
  20. 20.
    Yoon, E. J., & Young, Y. K. (2013). Robust biometrics-based multi-server authentication with key agreement scheme for smart cards on elliptic curve cryptosystem. Journal of Supercomputing, 63(1), 235–255.CrossRefGoogle Scholar
  21. 21.
    Liao, Y. P., & Hsiao, C. M. (2013). A novel multi-server remote user authentication scheme using self-certified public keys for mobile clients. Future Generation Computer Systems, 29(3), 886–900.CrossRefGoogle Scholar
  22. 22.
    Lee, Y. S., Kim, E., Seok, S. J., & Jung, M. S. (2012). A smart card-based user authentication scheme to ensure the PFS in multi-server environments. IEICE Transactions on Communications, E95–B(2), 619–622.CrossRefGoogle Scholar
  23. 23.
    He, D. B. (2011). Security flaws in a biometrics-based multi-server authentication with key agreement scheme. IACR Cryptology ePrint Archive, 2011/365.Google Scholar
  24. 24.
    Chou, J. S., Chen, Y., Huang, C. H., & Huang, Y. S. (2012). Comments on four multi-server authentication protocols using smart card, IACR Cryptology ePrint Archive, 2012/406.Google Scholar
  25. 25.
    He, D. B., & Hu, H. (2012). Cryptanalysis of a smart card-based user authentication scheme for multi-server environments. IEICE Transactions on Communications, E95–B(9), 3052–3054.CrossRefGoogle Scholar
  26. 26.
    Liao, Y. P., & Wang, S. S. (2009). A secure dynamic ID based remote user authentication scheme for multi-server environment. Computer Standard & Interfaces, 31(1), 24–29.CrossRefGoogle Scholar
  27. 27.
    Hsiang, H. C., & Shih, W. K. (2009). Improvement of the secure dynamic ID based remote user authentication scheme for multi-server environment. Computer Standard & Interfaces, 31(6), 1118–1123.CrossRefGoogle Scholar
  28. 28.
    Sood, S. K., Sarje, A. K., & Singh, K. (2011). A secure dynamic identity based authentication protocol for multi-server architecture. Journal of Network and Computer Applications, 34(2), 609–618.CrossRefGoogle Scholar
  29. 29.
    Lee, C. C., Lin, T. H., & Chang, R. X. (2011). A secure dynamic ID based remote user authentication scheme for multi-server environment using smart cards. Expert Systems with Applications, 38(11), 13863–13870.Google Scholar
  30. 30.
    Li, X., Xiong, Y. P., Ma, J., & Wang, W. D. (2012). An efficient and security dynamic identity based authentication protocol for multi-server architecture using smart cards. Journal of Network and Computer Applications, 35(2), 763–769.CrossRefGoogle Scholar
  31. 31.
    Li, X., Ma, J., Wang, W. D., Xiong, Y. P., & Zhang, J. S. (2013). A novel smart card and dynamic ID based remote user authentication scheme for multi-server environment. Mathematical and Computer Modelling, 58(1–2), 85–95.CrossRefGoogle Scholar
  32. 32.
    Tsaur, W. J., Li, J. H., & Lee, W. B. (2012). An efficient and secure multi-server authentication scheme with key agreement. Journal of Systems and Software, 85(4), 876–882.CrossRefGoogle Scholar
  33. 33.
    Lee, C. C., Lou, D. C., Li, C. T., & Hsu, C. W. (2014). An extended chaotic-maps-based protocol with key agreement for multiserver environments. Nonlinear Dynamics, 76(1), 853–866.MathSciNetCrossRefMATHGoogle Scholar
  34. 34.
    Li, C. T., Lee, C. C., & Weng, C. Y. (2013). An extended chaotic maps based user authentication and privacy preserving scheme against DoS attacks in pervasive and ubiquitous computing environments. Nonlinear Dynamics, 74(4), 1133–1143.MathSciNetCrossRefGoogle Scholar
  35. 35.
    Lee, C. C., Chen, C. L., Wu, C. Y., & Huang, S. Y. (2012). An extended chaotic maps-based key agreement protocol with user anonymity. Nonlinear Dynamics, 69(1–2), 79–87.MathSciNetCrossRefMATHGoogle Scholar
  36. 36.
    He, D. B., Chen, Y. T., & Chen, J. H. (2012). Cryptanalysis and improvement of an extended chaotic maps-based key agreement protocol. Nonlinear Dynamics, 69(3), 1149–1157.MathSciNetCrossRefMATHGoogle Scholar
  37. 37.
    Lai, H., Xiao, J., Li, L., et al. (2012). Applying semigroup property of enhanced chebyshev polynomials to anonymous authentication protocol. Mathematical Problems in Engineering; vol. 2012, Article ID 454823, 17 pp, 2012. doi:10.1155/2012/454823
  38. 38.
    Zhao, F. J., Gong, P., Li, S., Li, M. G., & Li, P. (2013). Cryptanalysis and improvement of a three-party key agreement protocol using enhanced Chebyshev polynomials. Nonlinear Dynamics, 74(1–2), 419–427.MathSciNetCrossRefMATHGoogle Scholar
  39. 39.
    Xie, Q., Zhao, J. M., & Yu, X. Y. (2013). Chaotic maps-based three-party password-authenticated key agreement scheme. Nonlinear Dynamics, 74(4), 1021–1027.MathSciNetCrossRefMATHGoogle Scholar
  40. 40.
    Zhang, L. H. (2008). Cryptanalysis of the public key encryption based on multiple chaotic systems. Chaos, Solitons & Fractals, 37(3), 669–674.MathSciNetCrossRefMATHGoogle Scholar
  41. 41.
    Kocarev, L., & Lian, S. (2011). Chaos-based cryptography: Theory, algorithms and applications (Vol. 354). Berlin: Springer.CrossRefMATHGoogle Scholar
  42. 42.
    Tsai, C. S., Lee, C. C., & Hwang, M. S. (2006). Password authentication schemes: Current status and key issues. International Journal Network Security, 3(2), 101–115.Google Scholar
  43. 43.
    Burrows, M., Abadi, M., & Needham, R. M. (1871). A logic of authentication. Proceedings of the Royal Society of London A—Mathematical and Physical Sciences, 1989(426), 233–271.MathSciNetMATHGoogle Scholar
  44. 44.
    Ballare, M., & Rogaway, P. (1993). Random oracles are practical: A paradigm for designing efficient protocols. InProceedings of the 1st ACM conference on computer and communications security (CCS’93), (pp. 62–73).Google Scholar
  45. 45.
    Shoup, V. (2004). Sequences of games: A tool for taming complexity in security proofs. Cryptology ePrint Archieve, Report 2004/332. http://eprint.iacr.org/2004/332.
  46. 46.
    Xu, J., Zhu, W. T., & Feng, D. G. (2009). An improved smart card based password authentication scheme with provable security. Computer Standards and Interfaces, 31(4), 723–728.CrossRefGoogle Scholar
  47. 47.
    Dolev, D., & Yao, A. (1983). On the security of public key protocols. IEEE Transactions on Information Theory, 29(2), 198–208.MathSciNetCrossRefMATHGoogle Scholar
  48. 48.
    Kocher, P., Jaffe, J., & Jun, B. (1999). Differential power analysis. In Proceedings of advances in cryptology (Crypto’99) (pp. 388–397).Google Scholar
  49. 49.
    Messerges, T. S., Dabbish, E. A., & Sloan, R. H. (2002). Examining smart-card security under the threat of power analysis attacks. IEEE Transactions on Computers, 51(5), 541–552.MathSciNetCrossRefGoogle Scholar
  50. 50.
    Joye, M., & Olivier, F. (2005). Side-channel analysis, encyclopedia of cryptography and security. Amsterdam: Kluwer.Google Scholar
  51. 51.
    Zhou, T., & Xu, J. (2011). Provable secure authentication protocol with anonymity for roaming service in global mobility networks. Computer Networks, 55, 205–213.CrossRefMATHGoogle Scholar
  52. 52.
    Xue, K., & Hong, P. (2012). Security improvement on an anonymous key agreement protocol based on chaotic maps. Communications in Nonlinear Science and Numerical Simulation, 17, 2969–2977.MathSciNetCrossRefMATHGoogle Scholar

Copyright information

© Springer Science+Business Media New York 2016

Authors and Affiliations

  • Xiong Li
    • 1
    • 2
  • Jianwei Niu
    • 2
  • Saru Kumari
    • 3
  • SK Hafizul Islam
    • 4
  • Fan Wu
    • 5
  • Muhammad Khurram Khan
    • 6
  • Ashok Kumar Das
    • 7
  1. 1.School of Computer Science and EngineeringHunan University of Science and TechnologyXiangtanChina
  2. 2.State Key Laboratory of Software Development EnvironmentBeihang UniversityBeijingChina
  3. 3.Department of MathematicsCh. Charan Singh UniversityMeerutIndia
  4. 4.Department of Computer Science and Information SystemsBirla Institute of Technology and SciencePilaniIndia
  5. 5.Department of Computer Science and EngineeringXiamen Institute of TechnologyXiamenChina
  6. 6.Center of Excellence in Information AssuranceKing Saud UniversityRiyadhSaudi Arabia
  7. 7.Center for Security, Theory and Algorithmic ResearchInternational Institute of Information Technology, HyderabadGachibowli, HyderabadIndia

Personalised recommendations