Abstract
Chaotic maps have been applied in the design of authenticated key agreement protocols, which allow communication parties to exchange session keys in an authentic and secure manner. Guo and Chang recently proposed a novel password-authenticated key agreement protocol using smart card based on chaotic maps. They claimed that the protocol achieves the security goal of mutual authentication, as well as other essential security requirements. In this paper, we show that this protocol is susceptible to key-compromise impersonation and parallel session attacks. We also identify two weaknesses in the password change phase of the protocol that leads to authentication with old password and denial of service, respectively.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Algehawi, M.B., Azman, S.: A new identity based encryption (IBE) scheme using extended chebyshev polynomial over finite fields \({\mathbb{Z}}_p\). Phys. Lett. A 374, 4670–4674 (2010)
Alvarez, G., Li, S.: Some basic cryptographic requirements for chaos-based cryptosystems. Int. J. Bifurcat. Chaos 16, 2129–2151 (2006)
Bellare, M., Pointcheval, D., Rogaway, P.: Authenticated key exchange secure against dictionary attacks. In: Preneel, B. (ed.) EUROCRYPT. Lecture Notes in Computer Science, vol. 1807, pp. 139–155. Springer, Berlin (2000)
Bellare, M., Rogaway, P.: Entity authentication and key distribution. In: Stinson, D.R. (ed.) CRYPTO. Lecture Notes in Computer Science, vol. 773, pp. 232–249. Springer, Berlin (1993)
Bergamo, P., D’Arco, P., De Santis, A., Kocarev, L.: Security of public-key cryptosystems based on chebyshev polynomials. IEEE Trans. Circuits Syst. I Regul. Pap. 52(7), 1382–1393 (2005)
Canetti, R., Krawczyk, H.: Analysis of key-exchange protocols and their use for building secure channels. In: Pfitzmann, B. (ed.) EUROCRYPT. Lecture Notes in Computer Science, vol. 2045, pp. 453–474. Springer, Berlin (2001)
Chalkias, K., Baldimtsi, F., Hristu-Varsakelis, D., Stephanides, G.: Two types of key-compromise impersonation attacks against one-pass key establishment protocols. In: Filipe, J., Obaidat, M. (eds.) E-business and Telecommunications, Communications in Computer and Information Science, vol. 23, pp. 227–238. Springer, Berlin Heidelberg (2009)
Cheong, K.Y., Koshiba, T.: More on security of public-key cryptosystems based on chebyshev polynomials. IEEE Trans. Circuits Syst. II Express Briefs 54(9), 795–799 (2007)
Chung, H.R., Ku, W.C.: Three weaknesses in a simple three-party key exchange protocol. Inf. Sci. 178(1), 220–229 (2008)
Deng, S., Li, Y., Xiao, D.: Analysis and improvement of a chaos-based hash function construction. Commun. Nonlinear Sci. Numer. Simul. 15(5), 1338–1347 (2010)
Dojen, R., Jurcut, A., Coffey, T., Györödi, C.: On establishing and fixing a parallel session attack in a security protocol. In: Badica, C., Mangioni, G., Carchiolo, V., Burdescu, D.D. (eds.) IDC, Studies in Computational Intelligence, vol. 162, pp. 239–244. Springer, Berlin (2008)
Fan, C.I., Chan, Y.C., Zhang, Z.K.: Robust remote authentication scheme with smart cards. Comput. Secur. 24(8), 619–628 (2005)
Gong, P., Li, P., Shi, W.: A secure chaotic maps-based key agreement protocol without using smart cards. Nonlinear Dyn. 70(4), 2401–2406 (2012)
Gorantla, M.C., Boyd, C., Nieto, J.M.G.: Modeling key compromise impersonation attacks on group key exchange protocols. In: Jarecki, S., Tsudik, G. (eds.) Public Key Cryptography. Lecture Notes in Computer Science, vol. 5443, pp. 105–123. Springer, Berlin (2009)
Gorantla, M.C., Boyd, C., Nieto, J.M.G., Manulis, M.: Modeling key compromise impersonation attacks on group key exchange protocols. ACM Trans. Inf. Syst. Secur. 14(4), 28:1–28:24 (2011)
Guo, C., Chang, C.C.: Chaotic maps-based password-authenticated key agreement using smart cards. Commun. Nonlinear Sci. Numer. Simul. 18(6), 1433–1440 (2013)
Han, S.: Security of a key agreement protocol based on chaotic maps. Chaos Solitons Fractals 38(3), 764–768 (2008)
Hao, X., Wang, J., Yang, Q., Yan, X., Li, P.: A chaotic map-based authentication scheme for telecare medicine information systems. J. Med. Syst. 37(2), 1–7 (2013)
Hsu, C.L.: Security of Chien et al’.s remote user authentication scheme using smart cards. Comput. Stand. Interfaces 26(3), 167–169 (2004)
Juang, W.S., Chen, S.T., Liaw, H.T.: Robust and efficient password-authenticated key agreement using smart cards. IEEE Trans. Ind. Electron. 55(6), 2551–2556 (2008)
Just, M., Vaudenay, S.: Authenticated multi-party key agreement. In: Kim, K., Matsumoto, T. (eds.) ASIACRYPT. Lecture Notes in Computer Science, vol. 1163, pp. 36–49. Springer, Berlin (1996)
Kocarev, L.: Chaos-based cryptography: a brief overview. IEEE Circuits Syst. Mag. 1(3), 6–21 (2001)
Kocher, P.C., Jaffe, J., Jun, B.: Differential power analysis. In: Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology, CRYPTO ’99, pp. 388–397. Springer, London, UK (1999). URL http://dl.acm.org/citation.cfm?id=646764.703989
Krawczyk, H.: HMQV: a high-performance secure Diffie-Hellman protocol. In: Shoup, V. (ed.) CRYPTO. Lecture Notes in Computer Science, vol. 3621, pp. 546–566. Springer, Berlin (2005)
Lee, C.C., Chen, C.L., Wu, C.Y., Huang, S.Y.: An extended chaotic maps-based key agreement protocol with user anonymity. Nonlinear Dyn. 69(1–2), 79–87 (2012)
Lee, C.C., Li, C.T., Hsu, C.W.: A three-party password-based authenticated key exchange protocol with user anonymity using extended chaotic maps. Nonlinear Dyn. 73(1–2), 125–132 (2013)
Li, X., Qiu, W., Zheng, D., Chen, K., Li, J.: Anonymity enhancement on robust and efficient password-authenticated key agreement using smart cards. IEEE Trans. Ind. Electron. 57(2), 793–800 (2010)
Lu, R., Cao, Z.: Simple three-party key exchange protocol. Comput. Secur. 26(1), 94–97 (2007)
Maze, G.: Algebraic Methods for Constructing One-Way Trapdoor Functions. University of Notre Dame (2003)
Menezes, A., van Oorschot, P.C., Vanstone, S.A.: Handbook of Applied Cryptography. CRC Press, Boca Raton, Fl (1996)
Messerges, T., Dabbish, E., Sloan, R.: Examining smart-card security under the threat of power analysis attacks. IEEE Trans. Comput. 51(5), 541–552 (2002). doi:10.1109/TC.2002.1004593
Nam, J., Kim, S., Park, S., Won, D.: Security analysis of a nonce-based user authentication scheme using smart cards. IEICE Trans. Fundam. Electron. Commun. Comput. Sci. E90–A(1), 299–302 (2007)
Nam, J., Paik, J., Kang, H.K., Kim, U.M., Won, D.: An off-line dictionary attack on a simple three-party key exchange protocol. IEEE Commun. Lett. 13(3), 205–207 (2009)
Niu, Y., Wang, X.: An anonymous key agreement protocol based on chaotic maps. Commun. Nonlinear Sci. Numer. Simul. 16(4), 1986–1992 (2011)
Phan, R.C.W., Yau, W.C., Goi, B.M.: Cryptanalysis of simple three-party key exchange protocol (S-3PAKE). Inf. Sci. 178(13), 2849–2856 (2008)
Phan, R.C.W., Yau, W.C., Goi, B.M.: Analysis of two pairing-based three-party password authenticated key exchange protocols. In: Xiang, Y., Lopez, J., Wang, H., Zhou, W. (eds.) Proceedings of the Third International Conference on Network and System Security, pp. 102–106. IEEE Computer Society, Gold Coast, Queensland (2009)
Song, R.: Advanced smart card based password authentication protocol. Comput. Stand. Interfaces 32(5–6), 321–325 (2010)
Stern, J.: Why provable security matters? In: Biham, E. (ed.) EUROCRYPT. Lecture Notes in Computer Science, vol. 2656, pp. 449–461. Springer, Berlin (2003)
Strangio, M.: On the resilience of key agreement protocols to key compromise impersonation. In: Atzeni, A., Lioy, A. (eds.) Public Key Infrastructure. Lecture Notes in Computer Science, vol. 4043, pp. 233–247. Springer, Berlin Heidelberg (2006)
Sun, D.Z., Huai, J.P., Sun, J.Z., Li, J.X., Zhang, J.W., Feng, Z.Y.: Improvements of Juang ’s password-authenticated key agreement scheme using smart cards. IEEE Trans. Ind. Electron. 56(6), 2284–2291 (2009)
Tan, Z.: A chaotic maps-based authenticated key agreement protocol with strong anonymity. Nonlinear Dyn. 72(1–2), 311–320 (2013)
Tseng, H.R., Jan, R.H., Yang, W.: A chaotic maps-based key agreement protocol that preserves user anonymity. In: IEEE International Conference on Communications (ICC ’09), pp. 1–6 (2009). doi:10.1109/ICC.2009.5198581
Wang, D., Ma, C.G.: Cryptanalysis of a remote user authentication scheme for mobile client-server environment based on ECC. Inf. Fusion (2013). doi:10.1016/j.inffus.2012.12.002
Wang, X., Liu, L.: Cryptanalysis of a parallel sub-image encryption method with high-dimensional chaos. Nonlinear Dyn. 73(1–2), 795–800 (2013)
Wang, X., Wang, X., Zhao, J., Zhang, Z.: Chaotic encryption algorithm based on alternant of stream cipher and block cipher. Nonlinear Dyn. 63(4), 587–597 (2011)
Wang, X., Zhao, J.: An improved key agreement protocol based on chaos. Commun. Nonlinear Sci. Numer. Simul. 15(12), 4052–4057 (2010)
Wang, X.Y., Yang, L., Liu, R., Kadir, A.: A chaotic image encryption algorithm based on perceptron model. Nonlinear Dyn. 62(3), 615–621 (2010)
Wang, Y., Wong, K.W., Liao, X., Xiang, T.: A block cipher with dynamic s-boxes based on tent map. Commun. Nonlinear Sci. Numer. Simul. 14(7), 3089–3099 (2009)
Xiang, T., Wong, Kw, Liao, X.: An improved chaotic cryptosystem with external key. Commun. Nonlinear Sci. Numer. Simul. 13(9), 1879–1887 (2008)
Xiao, D., Liao, X., Deng, S.: A novel key agreement protocol based on chaotic maps. Inf. Sci. 177(4), 1136–1142 (2007)
Xue, K., Hong, P.: Security improvement on an anonymous key agreement protocol based on chaotic maps. Commun. Nonlinear Sci. Numer. Simul. 17(7), 2969–2977 (2012)
Yang, J.Z., Wang, Y.J., Qian, H.F., Zhou, Y.: On the security of two password authenticated key agreement scheme using smart cards. J. China Univ. Posts Telecommun. 19(Supplement 1), 137–141 (2012)
Yau, W.C., Phan, R.C.W., Goi, B.M., Heng, S.H.: Cryptanalysis of a provably secure cross-realm client-to-client password-authenticated key agreement protocol of CANS ’09. In: Lin, D., Tsudik, G., Wang, X. (eds.) CANS. Lecture Notes in Computer Science, vol. 7092, pp. 172–184. Springer, Berlin (2011)
Yau, W.C., Phan, R.W.: Security analysis of a chaotic map-based authentication scheme for telecare medicine information systems. J. Med. Syst. 37(6), 1–9 (2013)
Yoon, E.J.: Efficiency and security problems of anonymous key agreement protocol based on chaotic maps. Commun. Nonlinear Sci. Numer. Simul. 17(7), 2735–2740 (2012)
Zhang, L.: Cryptanalysis of the public key encryption based on multiple chaotic systems. Chaos Solitons Fractals 37(3), 669–674 (2008)
Zhang, Y., Li, C., Li, Q., Zhang, D., Shu, S.: Breaking a chaotic image encryption algorithm based on perceptron model. Nonlinear Dyn. 69(3), 1091–1096 (2012)
Zhao, F., Gong, P., Li, S., Li, M., Li, P.: Cryptanalysis and improvement of a three-party key agreement protocol using enhanced chebyshev polynomials. Nonlinear Dyn, 74(1–2), 419–427 (2013)
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Yau, WC., Phan, R.CW. Cryptanalysis of a chaotic map-based password-authenticated key agreement protocol using smart cards. Nonlinear Dyn 79, 809–821 (2015). https://doi.org/10.1007/s11071-014-1704-7
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11071-014-1704-7