On the Security of a Three Factor Remote User Authentication Scheme Using Fuzzy Extractor
A secure authenticated key exchange protocol is an important key to establish a secure wireless communication. Various research have been conducted to study the efficiency and security of these authenticated key exchange protocol. A recent work by Giri et al. proposed a three factor remote user authentication scheme using Fuzzy Extractor for single server environment. However we found that their protocol is still vulnerable against an online password guessing attack. We also found that their protocol does not provide the perfect forward secrecy. To solve such problems, we propose a simple but effective improvement.
The work of Chien-Ming Chen was supported in part by Shenzhen Technical Project under Grant number JCYJ20170307151750788 and in part by Shenzhen Technical Project under Grant number QJSCX20170327161755. The work of Tsu-Yang Wu was supported in part by the Science and Technology Development Center, Ministry of Education, China under Grant no. 2017A13025 and the Natural Science Foundation of Fujian Province under Grant no. 2018J01636.
- 1.Chen, C.M., Fang, W., Liu, S., Wu, T.Y., Pan, J.S., Wang, K.H.: Improvement on a chaotic map-based mutual anonymous authentication protocol. J. Inf. Sci. Eng. 34(2) (2018)Google Scholar
- 3.Chen, C.M., Xu, L., Wu, T.Y., Li, C.R.: On the security of a chaotic maps-based three-party authenticated key agreement protocol. J. Netw. Intell. 1(2), 61–66 (2016)Google Scholar
- 4.Giri, D., Maitra, T.: A three factor remote user authentication scheme using collision resist fuzzy extractor in single server environment. In: ITM Web of Conferences. vol. 13, p. 01020. EDP Sciences (2017)Google Scholar
- 8.Ku, W.C., Chen, C.M., Lee, H.L.: Cryptanalysis of a variant of peyravian-zunic’s password authentication scheme. IEICE Trans. Commun. 86(5), 1682–1684 (2003)Google Scholar
- 20.Wang, D., Wang, P.: Two birds with one stone: two-factor authentication with security beyond conventional bound. IEEE Trans. Dependable Secur. Comput. (2016)Google Scholar
- 25.Zhu, H., Zhang, Y., Xia, Y., Li, H.: Password-authenticated key exchange scheme using chaotic maps towards a new architecture in standard model. IJ Netw. Secur. 18(2), 326–334 (2016)Google Scholar