nach oben

Wireless Personal Communications

Erschienen in:

01.07.2016

A Novel Chaotic Maps-Based User Authentication and Key Agreement Protocol for Multi-server Environments with Provable Security

verfasst von: Xiong Li, Jianwei Niu, Saru Kumari, SK Hafizul Islam, Fan Wu, Muhammad Khurram Khan, Ashok Kumar Das

Erschienen in: Wireless Personal Communications | Ausgabe 2/2016

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

The widespread popularity of the computer networks has triggered concerns about information security. Password-based user authentication with key agreement protocols have drawn attentions since it provides proper authentication of a user before granting access right to services, and then ensure secure communication over insecure channels. Recently, Lee et al. pointed out different security flaws on Tsaur et al.’s multi-server user authentication protocol, and they further proposed an extended chaotic maps-based user authentication with key agreement protocol for multi-server environments. However, we observed that Lee et al.’s protocol has some functionality and security flaws, i.e., it is inefficient in detection of unauthorized login and it does not support password change mechanism. Besides, their protocol is vulnerable to registration center spoofing attack and server spoofing attack. In order to remedy the aforementioned flaws, we proposed a novel chaotic maps-based user authentication with key agreement protocol for multi-server environments. The proposed protocol is provably secure in the random oracle model under the chaotic-maps based computational Diffie-Hellman assumption. In addition, we analyzed our protocol using BAN logic model. We also compared our protocol with Lee et al.’s protocol in aspects of computation cost, functionalities and securities.

Vorheriger Artikel Performance Analysis of Multiantenna MC DS CDMA System Over Correlated η–µ Multipath Fading Channels

Nächster Artikel Virtualization and Scheduling Methods for 5G Cognitive Radio Based Wireless Networks

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Lamport, L. (1981). Password authentication with insecure communication. Communications of the ACM, 24(11), 770–772.MathSciNetCrossRef

Horng, G. (1995). Password authentication without using a password table. Information Processing Letters, 550(5), 247–250.MathSciNetMATH

Jan, J. K., & Chen, Y. Y. (1998). Paramita wisdom password authentication scheme without verification tables. Journal of Systems and Software, 42(1), 45–57.CrossRef

He, D. B., Kumar, N., & Naveen, C. (2015). A secure temporal-credential-based mutual authentication and key agreement scheme with pseudo identity for wireless sensor networks. Information Sciences, 321, 263–277.CrossRef

He, D. B., & Wang, D. (2015). Robust biometrics-based authentication scheme for multi-server environment. IEEE Systems Journal, 9(3), 816–823.CrossRef

He, D. B., Kumar, N., Chen, J. H., Lee, C. C., Chilamkurti, N., & Yeo, S. S. (2015). Robust anonymous authentication protocol for healthcare applications using wireless medical sensor networks. Multimedia Systems, 21(1), 49–60.CrossRef

Li, X., Niu, J. W., Khan, M. K., & Liao, J. G. (2013). An enhanced smart card based remote user password authentication scheme. Journal of Network and Computer Applications, 36(5), 1365–C1371.CrossRef

Li, X., Niu, J. W., Ma, J., Wang, W. D., & Liu, C. L. (2011). Cryptanalysis and improvement of a biometrics-based remote user authentication scheme using smart cards. Journal of Network and Computer Applications, 34(1), 73–79.CrossRef

Wang, R. C., Juang, W. S., & Lei, C. L. (2011). Robust authentication and key agreement scheme preserving the privacy of secret key. Computer Communications, 34(3), 274–280.CrossRef

10.

Chang, Y. F., Tai, W. L., & Chang, H. C. (2014). Untraceable dynamic-identity-based remote user authentication scheme with verifiable password update. International Journal of Communication Systems, 27(11), 3430–3440.

11.

Li, X., Niu, J. W., Liao, G. J., & Liang, W. (2015). Cryptanalysis of a dynamic identity-based remote user authentication scheme with verifiable password update. International Journal of Communication Systems, 28(2), 374–382.CrossRef

12.

Liu, Y. C., Gong, P., Yan, X. P., & Li, P. (2015). On the security of a dynamic identity-based remote user authentication scheme with verifiable password update. International Journal of Communication Systems, 28(5), 842–847.CrossRef

13.

Li, L. H., Lin, I. C., & Hwang, M. S. (2001). A remote password authentication scheme for multi-server architecture using neural networks. IEEE Transactions on Neural Network, 12(6), 1498–1504.CrossRef

14.

Lin, I. C., Hwang, M. S., & Li, L. H. (2003). A new remote user authentication scheme for multi-server architecture. Future Generation Computer Systems, 19(1), 13–22.CrossRefMATH

15.

Juang, W. S. (2004). Efficient multi-server password authenticated key agreement using smart cards. IEEE Transactions on Consumer Electronics, 50(1), 251–255.CrossRef

16.

Chang, C. C., & Lee, J. S. (November 2004). An efficient and secure multi-server password authentication scheme using smart cards. In Proceedings of the third international conference on cyberworlds, (pp. 417–422).

17.

Tsaur, W. J., Wu, C. C., & Lee, W. B. (2004). A smart card-based remote scheme for password authentication in multi-server Internet services. Computer Standards & Interfaces, 27(1), 39–51.CrossRef

18.

Tsaur, W. J., Wu, C. C., & Lee, W. B. (2005). An enhanced user authentication scheme for multi-server Internet services. Applied Mathematics and Computation, 170(1), 258–266.MathSciNetCrossRefMATH

19.

Tsai, J. L. (2008). Efficient multi-server authentication scheme based on one-way hash function without verification table. Computers and Security, 27(3–4), 115–121.CrossRef

20.

Yoon, E. J., & Young, Y. K. (2013). Robust biometrics-based multi-server authentication with key agreement scheme for smart cards on elliptic curve cryptosystem. Journal of Supercomputing, 63(1), 235–255.CrossRef

21.

Liao, Y. P., & Hsiao, C. M. (2013). A novel multi-server remote user authentication scheme using self-certified public keys for mobile clients. Future Generation Computer Systems, 29(3), 886–900.CrossRef

22.

Lee, Y. S., Kim, E., Seok, S. J., & Jung, M. S. (2012). A smart card-based user authentication scheme to ensure the PFS in multi-server environments. IEICE Transactions on Communications, E95–B(2), 619–622.CrossRef

23.

He, D. B. (2011). Security flaws in a biometrics-based multi-server authentication with key agreement scheme. IACR Cryptology ePrint Archive, 2011/365.

24.

Chou, J. S., Chen, Y., Huang, C. H., & Huang, Y. S. (2012). Comments on four multi-server authentication protocols using smart card, IACR Cryptology ePrint Archive, 2012/406.

25.

He, D. B., & Hu, H. (2012). Cryptanalysis of a smart card-based user authentication scheme for multi-server environments. IEICE Transactions on Communications, E95–B(9), 3052–3054.CrossRef

26.

Liao, Y. P., & Wang, S. S. (2009). A secure dynamic ID based remote user authentication scheme for multi-server environment. Computer Standard & Interfaces, 31(1), 24–29.CrossRef

27.

Hsiang, H. C., & Shih, W. K. (2009). Improvement of the secure dynamic ID based remote user authentication scheme for multi-server environment. Computer Standard & Interfaces, 31(6), 1118–1123.CrossRef

28.

Sood, S. K., Sarje, A. K., & Singh, K. (2011). A secure dynamic identity based authentication protocol for multi-server architecture. Journal of Network and Computer Applications, 34(2), 609–618.CrossRef

29.

Lee, C. C., Lin, T. H., & Chang, R. X. (2011). A secure dynamic ID based remote user authentication scheme for multi-server environment using smart cards. Expert Systems with Applications, 38(11), 13863–13870.

30.

Li, X., Xiong, Y. P., Ma, J., & Wang, W. D. (2012). An efficient and security dynamic identity based authentication protocol for multi-server architecture using smart cards. Journal of Network and Computer Applications, 35(2), 763–769.CrossRef

31.

Li, X., Ma, J., Wang, W. D., Xiong, Y. P., & Zhang, J. S. (2013). A novel smart card and dynamic ID based remote user authentication scheme for multi-server environment. Mathematical and Computer Modelling, 58(1–2), 85–95.CrossRef

32.

Tsaur, W. J., Li, J. H., & Lee, W. B. (2012). An efficient and secure multi-server authentication scheme with key agreement. Journal of Systems and Software, 85(4), 876–882.CrossRef

33.

Lee, C. C., Lou, D. C., Li, C. T., & Hsu, C. W. (2014). An extended chaotic-maps-based protocol with key agreement for multiserver environments. Nonlinear Dynamics, 76(1), 853–866.MathSciNetCrossRefMATH

34.

Li, C. T., Lee, C. C., & Weng, C. Y. (2013). An extended chaotic maps based user authentication and privacy preserving scheme against DoS attacks in pervasive and ubiquitous computing environments. Nonlinear Dynamics, 74(4), 1133–1143.MathSciNetCrossRef

35.

Lee, C. C., Chen, C. L., Wu, C. Y., & Huang, S. Y. (2012). An extended chaotic maps-based key agreement protocol with user anonymity. Nonlinear Dynamics, 69(1–2), 79–87.MathSciNetCrossRefMATH

36.

He, D. B., Chen, Y. T., & Chen, J. H. (2012). Cryptanalysis and improvement of an extended chaotic maps-based key agreement protocol. Nonlinear Dynamics, 69(3), 1149–1157.MathSciNetCrossRefMATH

37.

Lai, H., Xiao, J., Li, L., et al. (2012). Applying semigroup property of enhanced chebyshev polynomials to anonymous authentication protocol. Mathematical Problems in Engineering; vol. 2012, Article ID 454823, 17 pp, 2012. doi:10.1155/2012/454823

38.

Zhao, F. J., Gong, P., Li, S., Li, M. G., & Li, P. (2013). Cryptanalysis and improvement of a three-party key agreement protocol using enhanced Chebyshev polynomials. Nonlinear Dynamics, 74(1–2), 419–427.MathSciNetCrossRefMATH

39.

Xie, Q., Zhao, J. M., & Yu, X. Y. (2013). Chaotic maps-based three-party password-authenticated key agreement scheme. Nonlinear Dynamics, 74(4), 1021–1027.MathSciNetCrossRefMATH

40.

Zhang, L. H. (2008). Cryptanalysis of the public key encryption based on multiple chaotic systems. Chaos, Solitons & Fractals, 37(3), 669–674.MathSciNetCrossRefMATH

41.

Kocarev, L., & Lian, S. (2011). Chaos-based cryptography: Theory, algorithms and applications (Vol. 354). Berlin: Springer.CrossRefMATH

42.

Tsai, C. S., Lee, C. C., & Hwang, M. S. (2006). Password authentication schemes: Current status and key issues. International Journal Network Security, 3(2), 101–115.

43.

Burrows, M., Abadi, M., & Needham, R. M. (1871). A logic of authentication. Proceedings of the Royal Society of London A—Mathematical and Physical Sciences, 1989(426), 233–271.MathSciNetMATH

44.

Ballare, M., & Rogaway, P. (1993). Random oracles are practical: A paradigm for designing efficient protocols. InProceedings of the 1st ACM conference on computer and communications security (CCS’93), (pp. 62–73).

45.

Shoup, V. (2004). Sequences of games: A tool for taming complexity in security proofs. Cryptology ePrint Archieve, Report 2004/332. http://eprint.iacr.org/2004/332.

46.

Xu, J., Zhu, W. T., & Feng, D. G. (2009). An improved smart card based password authentication scheme with provable security. Computer Standards and Interfaces, 31(4), 723–728.CrossRef

47.

Dolev, D., & Yao, A. (1983). On the security of public key protocols. IEEE Transactions on Information Theory, 29(2), 198–208.MathSciNetCrossRefMATH

48.

Kocher, P., Jaffe, J., & Jun, B. (1999). Differential power analysis. In Proceedings of advances in cryptology (Crypto’99) (pp. 388–397).

49.

Messerges, T. S., Dabbish, E. A., & Sloan, R. H. (2002). Examining smart-card security under the threat of power analysis attacks. IEEE Transactions on Computers, 51(5), 541–552.MathSciNetCrossRef

50.

Joye, M., & Olivier, F. (2005). Side-channel analysis, encyclopedia of cryptography and security. Amsterdam: Kluwer.

51.

Zhou, T., & Xu, J. (2011). Provable secure authentication protocol with anonymity for roaming service in global mobility networks. Computer Networks, 55, 205–213.CrossRefMATH

52.

Xue, K., & Hong, P. (2012). Security improvement on an anonymous key agreement protocol based on chaotic maps. Communications in Nonlinear Science and Numerical Simulation, 17, 2969–2977.MathSciNetCrossRefMATH

Titel: A Novel Chaotic Maps-Based User Authentication and Key Agreement Protocol for Multi-server Environments with Provable Security
verfasst von: Xiong Li
Jianwei Niu
Saru Kumari
SK Hafizul Islam
Fan Wu
Muhammad Khurram Khan
Ashok Kumar Das
Publikationsdatum: 01.07.2016
Verlag: Springer US
Erschienen in: Wireless Personal Communications / Ausgabe 2/2016
Print ISSN: 0929-6212
Elektronische ISSN: 1572-834X
DOI: https://doi.org/10.1007/s11277-016-3293-x

Neuer Inhalt

Bildnachweise

VDI-Icon, Profil Icon, inhalt2, Springer Professional Modul/© Springer Fachmedien Wiesbaden GmbH, Die Gewinner und Laudatoren des Sustainability Award in Automotive 2024/© Uli Regenscheit | ATZlive, Search Icon, Banner Hanser, Kundenpotenzial/© Andrii Yalanskyi / Getty Images / iStock, Toyota-Logo/© ollo / Getty Images / iStock, Sebastian Glenschek/© Hermes International, Zeitschrift Wissensmanagement Cover, PatentFit-Logo/© Springer Fachmedien Wiesbaden GmbH, ATZ-Webinar: Prototypenfreie Entwicklung durch Offline- und Driver-in-the-Loop-HiL-Tests /© (c) VI-grade, chassis.tech plus 2023/© [M] ATZlive / TÜV SÜD PRODUCT SERVICE GMBH, adäsion-Webinar-Matinee/© krystiannawrocki_ Getty Images

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Technik"

Springer Professional "Wirtschaft+Technik"

Springer Professional "Wirtschaft"

Weitere Artikel der Ausgabe 2/2016

Energy Efficient Architecture for Intra and Inter Cluster Communication for Underwater Wireless Sensor Networks

Security Enhancement of an Improved Remote User Authentication Scheme with Key Agreement

Performance Comparison of Code Discriminators in the Presence of CW Interference

The Hexagonal Geometrical Structure of the N-Coverage Networks in the G2-Lie Algebra Framework

Performance Analysis of Multiantenna MC DS CDMA System Over Correlated η–µ Multipath Fading Channels

Efficient Approximated Q-Function Form for Error Probability over Rayleigh Fading Channels

Neuer Inhalt

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.