Abstract
In order to provide secure remote access control, a robust and efficient authentication protocol should achieve mutual authentication and session key agreement between clients and the server over public channels. Recently, Wang et al. proposed a password based authentication protocol using chaotic maps. In this paper, we demonstrate the security of their scheme, and show that Wang et al.’s scheme cannot provide session key agreement and is insecure against denial of service attack for no detecting wrong password in password change. To remedy these issues, we use the techniques of fuzzy extractor and chaotic maps to propose a three-factor remote authentication scheme. The new scheme preserves user privacy and is secure against various attacks. Detailed analysis of previous schemes in efficiency and security shows our proposed scheme is more suitable for practical application.
Similar content being viewed by others
References
Arshad, H., & Nikooghadam, M. (2014). Three-factor anonymous authentication and key agreement scheme for telecare medicine information systems. Journal of Medical Systems, 38, 136.
Burnett, A., Byrne, F., Dowling, T., & Duffy, A. (2007). A biometric identity based signature scheme. International Journal of Network Security, 5(3), 317–326.
Chen, H. M., Lo, J. W., & Yeh, C. K. (2012). An efficient and secure dynamic ID-based authentication scheme for telecare medical information systems. Journal of Medical Systems, 36(6), 3907–3915.
Das, M. L., Saxana, A., & Gulati, V. P. (2004). A dynamic ID-based remote user authentication scheme. IEEE Transactions on Consumer Electronics, 50(2), 629–631.
Dodis, Y., Reyzin, L., & Smith, A. (2004). Fuzzy extractors: How to generate strong keys from biometrics and other noisy data. In Proceedings of the advances in cryptology (Eurocrypt’04), LNCS 3027 (pp. 523–540).
Dodis, Y., Ostrovsky, R., Reyzin, L., & Smith, A. (2008). Fuzzy extractors: How to generate strong keys from biometrics and other noisy data. SIAM Journal on Computing, 38(1), 97–139.
Guo, C., & Chang, C. C. (2013). Chaotic maps-based passwordauthenticated key agreement using smart cards. Communications in Nonlinear Science and Numerical Simulation, 18(6), 1433–1440.
Hao, X., Wang, J., Yang, Q., Yan, X., & Li, P. (2013). A chaotic map-based authentication scheme for telecare medicine information systems. Journal of Medical Systems, 37(2), 9919.
He, D. B., Chen, J. H., & Zhang, R. (2012). A more secure authentication scheme for telecare medicine information systems. Journal of Medical Systems, 36, 1989–1995.
Hwang, M. S., & Li, L. H. (2000). A new remote user authentication scheme using smart cards. IEEE Transactions on Consumer Electronics, 46(1), 28–30.
Jiang, Q., Ma, J., Lu, X., & Tian, Y. (2014). Robust chaotic map-based authentication and key agreement scheme with strong anonymity for telecare medicine information systems. Journal of Medical Systems, 38(2), 1–8.
Kocarev, L., & Lian, S. (2011). Chaos-based cryptography: Theory, algorithms and applications. Berlin: Springer.
Kocher, P., Jaffe, J., & Jun, B. (1999). Differential power analysis. In Advances in cryptology—CRYPTO’99 (pp. 388–397). Springer.
Kohda, T., Tsuneda, A., & Lawrance, A. J. (2000). Correlational properties of Chebyshev chaotic sequences. Journal of Time Series Analysis, 21(2), 181–191.
Kumari, S., & Khan, M. K. (2013). More secure smart card based remote user password authentication scheme with user anonymity. Security and Communication Networks, 7, 2039–2053.
Lamport, L. (1981). Password authentication with insecure communication. Communications of the ACM, 24(11), 770–772.
Lee, C. C., & Hsu, C. W. (2013). A secure biometric-based remote user authentication with key agreement scheme using extended chaotic maps. Nonlinear Dynamics, 71, 201–211.
Li, X., Wen, Q., Li, W., Zhang, H., & Jin, Z. (2014). Secure privacypreserving biometric authentication scheme for telecare medicine information systems. Journal of Medical Systems, 38(11), 139.
Lin, H. (2014). Chaotic map based mobile dynamic ID authenticated key agreement scheme. Wireless Personal Communications, 78(2), 1487–1494. doi:10.1007/s11277-014-1829-5
Lin, H. Y. (2013). Chaotic map based mobile dynamic ID authenticaed key agreement scheme. Wireless Personal Communications., 37(2), 1–5.
Lu, Y., Li, L., Peng, H., & Yang, Y. (2015). An enhanced biometric-based authentication scheme for telecare medicine information systems using elliptic curve cryptosystem. Journal of Medical Systems, 39, 32.
Messerges, T. S., Dabbish, E. A., & Sloan, R. H. (2002). Examining smartcard security under the threat of power analysis attacks. IEEE Transactions on Computers, 51(5), 541–552.
Wang, Z., Huo, Z., & Shi, W. (2015). A dynamic identity based authentication scheme using chaotic maps for telecare medicine information systems. Journal of Medical Systems, 39, 158.
Wei, J., Hu, X., & Liu, W. (2012). An improved authentication scheme for telecare medicine information systems. Journal of Medical Systems, 36(6), 3597–3604.
Wu, Z. Y., Lee, Y. C., Lai, F., Lee, H. C., & Chung, Y. (2012). A secure authentication scheme for telecare medicine information systems. Journal of Medical Systems, 36, 1529–1535.
Xiao, D., Liao, X., & Deng, S. (2005). One-way hash function construction based on the chaotic map with changeable-parameter. Chaos, Solitons & Fractals, 241, 65–71.
Xiao, D., Liao, X., & Wong, K. (2005). An efficient entire chaos based scheme for deniable authentication. Chaos, Solitons & Fractals, 23, 1327–1331.
Acknowledgements
This study was supported by Natural Science Foundation of Zhejiang Province (No. LZ12F02005), National Basic Research Program of China (No. 2013CB834205), and Opening project of Key Laboratory of Public Security Information Application Based on Big-data Architecture, Ministry of Public Security (No. 2014DSJSY004).
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Han, L., Xie, Q., Liu, W. et al. A New Efficient Chaotic Maps Based Three Factor User Authentication and Key Agreement Scheme. Wireless Pers Commun 95, 3391–3406 (2017). https://doi.org/10.1007/s11277-017-4003-z
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11277-017-4003-z