A Novel Chaotic Maps-Based User Authentication and Key Agreement Protocol for Multi-server Environments with Provable Security
- 479 Downloads
The widespread popularity of the computer networks has triggered concerns about information security. Password-based user authentication with key agreement protocols have drawn attentions since it provides proper authentication of a user before granting access right to services, and then ensure secure communication over insecure channels. Recently, Lee et al. pointed out different security flaws on Tsaur et al.’s multi-server user authentication protocol, and they further proposed an extended chaotic maps-based user authentication with key agreement protocol for multi-server environments. However, we observed that Lee et al.’s protocol has some functionality and security flaws, i.e., it is inefficient in detection of unauthorized login and it does not support password change mechanism. Besides, their protocol is vulnerable to registration center spoofing attack and server spoofing attack. In order to remedy the aforementioned flaws, we proposed a novel chaotic maps-based user authentication with key agreement protocol for multi-server environments. The proposed protocol is provably secure in the random oracle model under the chaotic-maps based computational Diffie-Hellman assumption. In addition, we analyzed our protocol using BAN logic model. We also compared our protocol with Lee et al.’s protocol in aspects of computation cost, functionalities and securities.
KeywordsUser authentication Chaotic maps Session key agreement Smart card Multi-server environments
This work was supported by the National Natural Science Foundation of China under Grant Nos. 61300220, 61572013 and 61572188, the General and Special Financial Grant from China Postdoctoral Science Foundation under Grant Nos. 2014M550590 and 2015T80035, respectively. SK Hafizul Islam is partially supported by OPERA Award, BITS Pilani, India. Fan Wu is supported by Fujian Education and Scientific Research Program for Young and Middle-aged Teachers under Grant No. JA14369. Besides, the authors extend their sincere appreciations to the Deanship of Scientific Research at King Saud University for its funding this Prolific Research Group (PRG-1436-16).
- 10.Chang, Y. F., Tai, W. L., & Chang, H. C. (2014). Untraceable dynamic-identity-based remote user authentication scheme with verifiable password update. International Journal of Communication Systems, 27(11), 3430–3440.Google Scholar
- 16.Chang, C. C., & Lee, J. S. (November 2004). An efficient and secure multi-server password authentication scheme using smart cards. In Proceedings of the third international conference on cyberworlds, (pp. 417–422).Google Scholar
- 23.He, D. B. (2011). Security flaws in a biometrics-based multi-server authentication with key agreement scheme. IACR Cryptology ePrint Archive, 2011/365.Google Scholar
- 24.Chou, J. S., Chen, Y., Huang, C. H., & Huang, Y. S. (2012). Comments on four multi-server authentication protocols using smart card, IACR Cryptology ePrint Archive, 2012/406.Google Scholar
- 29.Lee, C. C., Lin, T. H., & Chang, R. X. (2011). A secure dynamic ID based remote user authentication scheme for multi-server environment using smart cards. Expert Systems with Applications, 38(11), 13863–13870.Google Scholar
- 37.Lai, H., Xiao, J., Li, L., et al. (2012). Applying semigroup property of enhanced chebyshev polynomials to anonymous authentication protocol. Mathematical Problems in Engineering; vol. 2012, Article ID 454823, 17 pp, 2012. doi:10.1155/2012/454823
- 42.Tsai, C. S., Lee, C. C., & Hwang, M. S. (2006). Password authentication schemes: Current status and key issues. International Journal Network Security, 3(2), 101–115.Google Scholar
- 44.Ballare, M., & Rogaway, P. (1993). Random oracles are practical: A paradigm for designing efficient protocols. InProceedings of the 1st ACM conference on computer and communications security (CCS’93), (pp. 62–73).Google Scholar
- 45.Shoup, V. (2004). Sequences of games: A tool for taming complexity in security proofs. Cryptology ePrint Archieve, Report 2004/332. http://eprint.iacr.org/2004/332.
- 48.Kocher, P., Jaffe, J., & Jun, B. (1999). Differential power analysis. In Proceedings of advances in cryptology (Crypto’99) (pp. 388–397).Google Scholar
- 50.Joye, M., & Olivier, F. (2005). Side-channel analysis, encyclopedia of cryptography and security. Amsterdam: Kluwer.Google Scholar