Soft Computing

, Volume 22, Issue 8, pp 2495–2506 | Cite as

A novel three-party password-based authenticated key exchange protocol with user anonymity based on chaotic maps

  • Chun-Ta Li
  • Chin-Ling ChenEmail author
  • Cheng-Chi LeeEmail author
  • Chi-Yao Weng
  • Chien-Ming Chen
Methodologies and Application


Three-party authenticated key exchange (3PAKE) protocol allows two communication users to authenticate each other and to establish a secure common session key with the help of a trusted remote server. Recently, Farash and Attari propose an efficient and secure 3PAKE protocol based on Chebyshev chaotic maps and their protocol is supported by the formal proof in the random oracle model. However, in this paper, we analyze the security of Farash–Attari’s protocol and show that it fails to resist password disclosure attack if the secret information stored in the server side is compromised. In addition, their protocol is insecure against user impersonation attack and the server is not aware of having caused problem. Moreover, the password change phase is insecure to identify the validity of request where insecurity in password change phase can cause offline password guessing attacks and is not easily reparable. To remove these security weaknesses, based on Chebyshev chaotic maps and quadratic residues, we further design an improved protocol for 3PAKE with user anonymity. In comparison with the existing chaotic map-based 3PAKE protocols, our proposed 3PAKE protocol is more secure with acceptable computation complexity and communication overhead.


Chebyshev chaotic maps Quadratic residues Password security Three-party authenticated key exchange User anonymity 



The authors would like to thank the anonymous reviewers and the Editor for their constructive and generous feedback on this paper. In addition, this research was partially supported and funded by the Ministry of Science and Technology, Taiwan, R.O.C., under contract no.: MOST 105-2221-E-165-005 and MOST 105- 2221-E-030-012.

Compliance with ethical standards

Conflict of interest

Chun-Ta Li, Chin-Ling Chen , Cheng-Chi Lee, Chi-Yao Weng declare that they have no conflict of interest.

Ethical approval

This article does not contain any studies with human participants performed by any of the authors.


  1. Aboshosha A, ElDahshan KA, Elsayed EK, Elngar AA (2016) Secure authentication protocol based on machine-metrics and RC4-EA hashing. Int J Netw Secur 18(6):1080–1088Google Scholar
  2. Bergamo P, Arco P, Santis A, Kocarev L (2005) Security of public-key cryptosystems based on Chebyshev polynomials. IEEE Trans Circuits Syst I 52(7):1382–1393MathSciNetCrossRefzbMATHGoogle Scholar
  3. Brindha T, Shaji RS (2016) A secure transaction of cloud data using conditional source trust attributes encryption mechanism. Soft Comput. doi: 10.1007/s00500-016-2405-6 Google Scholar
  4. Chen Y, Chou JS, Sun HM (2008) A novel mutual authentication scheme based on quadratic residues for RFID systems. Comput Netw 52(12):2373–2380CrossRefzbMATHGoogle Scholar
  5. Chen Y, Chou JS, Sun HM (2013) A novel biometric-based remote user authentication scheme using quadratic residues. Int J Inf Electron Eng 3(4):419–422Google Scholar
  6. Drissi A, Asimi A (2017) Behavioral and security study of the OHFGC hash function. Int J Netw Secur 19(3):335–339Google Scholar
  7. Farash MS, Attari MA (2014) An efficient and provably secure three-party password-based authenticated key exchange protocol based on Chebyshev chaotic maps. Nonlinear Dyn 77(1–2):399–411MathSciNetCrossRefzbMATHGoogle Scholar
  8. Guo C, Chang CC (2013) Chaotic maps-based password-authenticated key agreement using smart cards. Commun Nonlinear Sci Numer Simul 18(6):1433–1440MathSciNetCrossRefzbMATHGoogle Scholar
  9. He D, Chen Y, Chen J (2012) Cryptanalysis and improvement of an extended chaotic maps-based key agreement protocol. Nonlinear Dyn 69(3):1149–1157MathSciNetCrossRefzbMATHGoogle Scholar
  10. He D, Zhao W, Wu S (2013) Security analysis of a dynamic ID-based authentication scheme for multi-server environment using smart cards. Int J Netw Secur 15(5):350–356Google Scholar
  11. He D, Zeadally S, Wu L (2015) Certificateless public auditing scheme for cloud-assisted wireless body area networks. IEEE Syst J. doi: 10.1109/JSYST.2015.2428620 Google Scholar
  12. He D, Zeadally S (2015) Authentication protocol for ambient assisted living system. IEEE Commun Mag 35(1):71–77CrossRefGoogle Scholar
  13. He D, Zeadally S, Kumar N, Lee JH (2016) Anonymous authentication for wireless body area networks with provable security. IEEE Syst J. doi: 10.1109/JSYST.2016.2544805 Google Scholar
  14. He D, Wang H, Wang L, Shen J, Yang X (2016) Efficient certificateless anonymous multi-receiver encryption scheme for mobile devices. Soft Comput. doi: 10.1007/s00500-016-2231-x Google Scholar
  15. Islam Sk H, Khan MK, Li X (2015) Security analysis and improvement of ’a more secure anonymous user authentication scheme for the integrated EPR information system. Plos ONE 10(8):e0131368CrossRefGoogle Scholar
  16. Khan MK (2009) Fingerprint biometric-based self-authentication and deniable authentication schemes for the electronic world. IETE Tech Rev 26(3):191–195CrossRefGoogle Scholar
  17. Khan MK, Kumari S (2013) An authentication scheme for secure access to healthcare services. J Med Syst 37:9954. doi: 10.1007/s10916-013-9954-3 CrossRefGoogle Scholar
  18. Lai H, Xiao J, Li L, Yang Y (2012) Applying semigroup property of enhanced Chebyshev polynomials to anonymous authentication protocol. Math Probl Eng, Article ID 454823. doi: 10.1155/2012/454823
  19. Lee CC, Li CT, Hsu CW (2013) A three-party password-based authenticated key exchange protocol with user anonymity using extended chaotic maps. Nonlinear Dyn 73(1–2):125–132MathSciNetCrossRefzbMATHGoogle Scholar
  20. Li CT, Hwang MS (2010) An efficient biometrics-based remote user authentication scheme using smart cards. J Netw Comput Appl 33(1):1–5CrossRefGoogle Scholar
  21. Li CT, Lee CC (2012) A novel user authentication and privacy preserving scheme with smart cards for wireless communications. Math Comput Model 55(1–2):35–44MathSciNetCrossRefzbMATHGoogle Scholar
  22. Li CT (2013) A new password authentication and user anonymity scheme based on elliptic curve cryptography and smart card. IET Inf Secur 7(1):3–10MathSciNetCrossRefGoogle Scholar
  23. Li CT, Lee CC, Weng CY, Fan CI (2013) An extended multi-server-based user authentication and key agreement scheme with user anonymity. KSII Trans Internet Inf Syst 7(1):119–131CrossRefGoogle Scholar
  24. Li CT, Weng CY, Lee CC (2013) An advanced temporal credential-based security scheme with mutual authentication and key agreement for wireless sensor networks. Sensors 13(8):9589–9603CrossRefGoogle Scholar
  25. Li CT, Lee CC, Weng CY (2013) An extended chaotic maps based user authentication and privacy preserving scheme against DoS attacks in pervasive and ubiquitous computing environments. Nonlinear Dyn 74(4):1133–1143MathSciNetCrossRefGoogle Scholar
  26. Li X, Niu J, Kumari S, Khan MK, Liao J, Liang W (2015) Design and analysis of a chaotic maps-based three-party authenticated key agreement protocol. Nonlinear Dyn 80(3):1209V1220MathSciNetzbMATHGoogle Scholar
  27. Li CT (2016) A secure chaotic maps-based privacy-protection scheme for multi-server environments. Secur Commun Netw. doi: 10.1002/sec.1487 Google Scholar
  28. Li CT, Lee CC, Weng CY (2016a) A secure cloud-assisted wireless body area network in mobile emergency medical care system. J Med Syst 40(5):1–15. Article no. 117Google Scholar
  29. Li CT, Lee CC, Weng CY (2016b) A secure dynamic identity and chaotic maps based user authentication and key agreement scheme for e-healthcare systems. J Med Syst 40(11):1–10. Article no. 233Google Scholar
  30. Lin TH, Lee TF (2014) Secure verifier-based three-party authentication schemes without server public keys for data exchange in telecare medicine information systems. J Med Syst 38:30CrossRefGoogle Scholar
  31. Lv C, Ma M, Li H, Ma J, Zhang Y (2013) An novel three-party authenticated key exchange protocol using one-time key. J Netw Comput Appl 36(1):498–503CrossRefGoogle Scholar
  32. Mishra D, Kumari S, Khan MK, Mukhopadhyay S (2015) An anonymous biometric-based remote user-authenticated key agreement scheme for multimedia systems. Int J Commun Syst. doi: 10.1002/dac.2946 Google Scholar
  33. National Institute of Standards and Technology (2002) US department of commerce, secure hash standard. US Federal Information Processing Standard Publication, Gaithersburg, pp 180–182Google Scholar
  34. Peris-Lopez P, Hernandez-Castro JC, Estevez-Tapiador JM, Ribagorda A (2006) M2AP: a minimalist mutual-authentication protocol for low-cost RFID tags. In: Proceedings of international conference on ubiquitous intelligence and computing, vol 4195. LNCS, pp 912–923Google Scholar
  35. Ramasamy R, Muniyandi AP (2012) An efficient password authentication scheme for smart card. Int J Netw Secur 14(3):180–186Google Scholar
  36. Wen F (2014) A more secure anonymous user authentication scheme for the integrated EPR information system. J Med Syst 38:42CrossRefGoogle Scholar
  37. Wang X, Zhao J (2010) An improved key agreement protocol based on chaos. Commun Nonlinear Sci Numer Simul 15(12):4052–4057MathSciNetCrossRefzbMATHGoogle Scholar
  38. Wu W, Hu S, Yang X, Liu JK, Au MH (2015) Towards secure and cost-effective fuzzy access control in mobile cloud computing. Soft Comput. doi: 10.1007/s00500-015-1964-2 Google Scholar
  39. Xie Q, Zhao J, Yu X (2013) Chaotic maps-based three-party password-authenticated key agreement scheme. Nonlinear Dyn 74(4):1021–1027MathSciNetCrossRefzbMATHGoogle Scholar
  40. Yang L, Ma JF, Jiang Q (2012) Mutual authentication scheme with smart cards and password under trusted computing. Int J Netw Secur 14(3):156–163Google Scholar
  41. Yoon EJ, Jeon IS (2011) An efficient and secure DiffieVHellman key agreement protocol based on Chebyshev chaotic map. Commun Nonlinear Sci Numer Simul 16(6):2383–2389MathSciNetCrossRefzbMATHGoogle Scholar
  42. Zhao F, Gong P, Li S, Li M, Li P (2013) Cryptanalysis and improvement of a three-party key agreement protocol using enhanced Chebyshev polynomials. Nonlinear Dyn 74(1–2):419–427MathSciNetCrossRefzbMATHGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2017

Authors and Affiliations

  1. 1.Department of Information ManagementTainan University of TechnologyTainan CityTaiwan, ROC
  2. 2.Department of Computer Science and Information EngineeringChaoyang University of TechnologyTaichung CityTaiwan, ROC
  3. 3.School of Information EngineeringChangchun University of TechnologyChangchun CityPeople’s Republic of China
  4. 4.Department of Library and Information ScienceFu Jen Catholic UniversityNew Taipei CityTaiwan, ROC
  5. 5.Department of Photonics and Communication EngineeringAsia UniversityTaichung CityTaiwan, ROC
  6. 6.Department of Computer ScienceNational Pingtung UniversityPingtung CityTaiwan, ROC
  7. 7.Harbin Institute of Technology Shenzhen Graduate SchoolShenzhenPeople’s Republic of China

Personalised recommendations