Skip to main content
Log in

A Novel Chaotic Maps-Based User Authentication and Key Agreement Protocol for Multi-server Environments with Provable Security

  • Published:
Wireless Personal Communications Aims and scope Submit manuscript

Abstract

The widespread popularity of the computer networks has triggered concerns about information security. Password-based user authentication with key agreement protocols have drawn attentions since it provides proper authentication of a user before granting access right to services, and then ensure secure communication over insecure channels. Recently, Lee et al. pointed out different security flaws on Tsaur et al.’s multi-server user authentication protocol, and they further proposed an extended chaotic maps-based user authentication with key agreement protocol for multi-server environments. However, we observed that Lee et al.’s protocol has some functionality and security flaws, i.e., it is inefficient in detection of unauthorized login and it does not support password change mechanism. Besides, their protocol is vulnerable to registration center spoofing attack and server spoofing attack. In order to remedy the aforementioned flaws, we proposed a novel chaotic maps-based user authentication with key agreement protocol for multi-server environments. The proposed protocol is provably secure in the random oracle model under the chaotic-maps based computational Diffie-Hellman assumption. In addition, we analyzed our protocol using BAN logic model. We also compared our protocol with Lee et al.’s protocol in aspects of computation cost, functionalities and securities.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8

Similar content being viewed by others

References

  1. Lamport, L. (1981). Password authentication with insecure communication. Communications of the ACM, 24(11), 770–772.

    Article  MathSciNet  Google Scholar 

  2. Horng, G. (1995). Password authentication without using a password table. Information Processing Letters, 550(5), 247–250.

    MathSciNet  MATH  Google Scholar 

  3. Jan, J. K., & Chen, Y. Y. (1998). Paramita wisdom password authentication scheme without verification tables. Journal of Systems and Software, 42(1), 45–57.

    Article  Google Scholar 

  4. He, D. B., Kumar, N., & Naveen, C. (2015). A secure temporal-credential-based mutual authentication and key agreement scheme with pseudo identity for wireless sensor networks. Information Sciences, 321, 263–277.

    Article  Google Scholar 

  5. He, D. B., & Wang, D. (2015). Robust biometrics-based authentication scheme for multi-server environment. IEEE Systems Journal, 9(3), 816–823.

    Article  Google Scholar 

  6. He, D. B., Kumar, N., Chen, J. H., Lee, C. C., Chilamkurti, N., & Yeo, S. S. (2015). Robust anonymous authentication protocol for healthcare applications using wireless medical sensor networks. Multimedia Systems, 21(1), 49–60.

    Article  Google Scholar 

  7. Li, X., Niu, J. W., Khan, M. K., & Liao, J. G. (2013). An enhanced smart card based remote user password authentication scheme. Journal of Network and Computer Applications, 36(5), 1365–C1371.

    Article  Google Scholar 

  8. Li, X., Niu, J. W., Ma, J., Wang, W. D., & Liu, C. L. (2011). Cryptanalysis and improvement of a biometrics-based remote user authentication scheme using smart cards. Journal of Network and Computer Applications, 34(1), 73–79.

    Article  Google Scholar 

  9. Wang, R. C., Juang, W. S., & Lei, C. L. (2011). Robust authentication and key agreement scheme preserving the privacy of secret key. Computer Communications, 34(3), 274–280.

    Article  Google Scholar 

  10. Chang, Y. F., Tai, W. L., & Chang, H. C. (2014). Untraceable dynamic-identity-based remote user authentication scheme with verifiable password update. International Journal of Communication Systems, 27(11), 3430–3440.

    Google Scholar 

  11. Li, X., Niu, J. W., Liao, G. J., & Liang, W. (2015). Cryptanalysis of a dynamic identity-based remote user authentication scheme with verifiable password update. International Journal of Communication Systems, 28(2), 374–382.

    Article  Google Scholar 

  12. Liu, Y. C., Gong, P., Yan, X. P., & Li, P. (2015). On the security of a dynamic identity-based remote user authentication scheme with verifiable password update. International Journal of Communication Systems, 28(5), 842–847.

    Article  Google Scholar 

  13. Li, L. H., Lin, I. C., & Hwang, M. S. (2001). A remote password authentication scheme for multi-server architecture using neural networks. IEEE Transactions on Neural Network, 12(6), 1498–1504.

    Article  Google Scholar 

  14. Lin, I. C., Hwang, M. S., & Li, L. H. (2003). A new remote user authentication scheme for multi-server architecture. Future Generation Computer Systems, 19(1), 13–22.

    Article  MATH  Google Scholar 

  15. Juang, W. S. (2004). Efficient multi-server password authenticated key agreement using smart cards. IEEE Transactions on Consumer Electronics, 50(1), 251–255.

    Article  Google Scholar 

  16. Chang, C. C., & Lee, J. S. (November 2004). An efficient and secure multi-server password authentication scheme using smart cards. In Proceedings of the third international conference on cyberworlds, (pp. 417–422).

  17. Tsaur, W. J., Wu, C. C., & Lee, W. B. (2004). A smart card-based remote scheme for password authentication in multi-server Internet services. Computer Standards & Interfaces, 27(1), 39–51.

    Article  Google Scholar 

  18. Tsaur, W. J., Wu, C. C., & Lee, W. B. (2005). An enhanced user authentication scheme for multi-server Internet services. Applied Mathematics and Computation, 170(1), 258–266.

    Article  MathSciNet  MATH  Google Scholar 

  19. Tsai, J. L. (2008). Efficient multi-server authentication scheme based on one-way hash function without verification table. Computers and Security, 27(3–4), 115–121.

    Article  Google Scholar 

  20. Yoon, E. J., & Young, Y. K. (2013). Robust biometrics-based multi-server authentication with key agreement scheme for smart cards on elliptic curve cryptosystem. Journal of Supercomputing, 63(1), 235–255.

    Article  Google Scholar 

  21. Liao, Y. P., & Hsiao, C. M. (2013). A novel multi-server remote user authentication scheme using self-certified public keys for mobile clients. Future Generation Computer Systems, 29(3), 886–900.

    Article  Google Scholar 

  22. Lee, Y. S., Kim, E., Seok, S. J., & Jung, M. S. (2012). A smart card-based user authentication scheme to ensure the PFS in multi-server environments. IEICE Transactions on Communications, E95–B(2), 619–622.

    Article  Google Scholar 

  23. He, D. B. (2011). Security flaws in a biometrics-based multi-server authentication with key agreement scheme. IACR Cryptology ePrint Archive, 2011/365.

  24. Chou, J. S., Chen, Y., Huang, C. H., & Huang, Y. S. (2012). Comments on four multi-server authentication protocols using smart card, IACR Cryptology ePrint Archive, 2012/406.

  25. He, D. B., & Hu, H. (2012). Cryptanalysis of a smart card-based user authentication scheme for multi-server environments. IEICE Transactions on Communications, E95–B(9), 3052–3054.

    Article  Google Scholar 

  26. Liao, Y. P., & Wang, S. S. (2009). A secure dynamic ID based remote user authentication scheme for multi-server environment. Computer Standard & Interfaces, 31(1), 24–29.

    Article  Google Scholar 

  27. Hsiang, H. C., & Shih, W. K. (2009). Improvement of the secure dynamic ID based remote user authentication scheme for multi-server environment. Computer Standard & Interfaces, 31(6), 1118–1123.

    Article  Google Scholar 

  28. Sood, S. K., Sarje, A. K., & Singh, K. (2011). A secure dynamic identity based authentication protocol for multi-server architecture. Journal of Network and Computer Applications, 34(2), 609–618.

    Article  Google Scholar 

  29. Lee, C. C., Lin, T. H., & Chang, R. X. (2011). A secure dynamic ID based remote user authentication scheme for multi-server environment using smart cards. Expert Systems with Applications, 38(11), 13863–13870.

    Google Scholar 

  30. Li, X., Xiong, Y. P., Ma, J., & Wang, W. D. (2012). An efficient and security dynamic identity based authentication protocol for multi-server architecture using smart cards. Journal of Network and Computer Applications, 35(2), 763–769.

    Article  Google Scholar 

  31. Li, X., Ma, J., Wang, W. D., Xiong, Y. P., & Zhang, J. S. (2013). A novel smart card and dynamic ID based remote user authentication scheme for multi-server environment. Mathematical and Computer Modelling, 58(1–2), 85–95.

    Article  Google Scholar 

  32. Tsaur, W. J., Li, J. H., & Lee, W. B. (2012). An efficient and secure multi-server authentication scheme with key agreement. Journal of Systems and Software, 85(4), 876–882.

    Article  Google Scholar 

  33. Lee, C. C., Lou, D. C., Li, C. T., & Hsu, C. W. (2014). An extended chaotic-maps-based protocol with key agreement for multiserver environments. Nonlinear Dynamics, 76(1), 853–866.

    Article  MathSciNet  MATH  Google Scholar 

  34. Li, C. T., Lee, C. C., & Weng, C. Y. (2013). An extended chaotic maps based user authentication and privacy preserving scheme against DoS attacks in pervasive and ubiquitous computing environments. Nonlinear Dynamics, 74(4), 1133–1143.

    Article  MathSciNet  Google Scholar 

  35. Lee, C. C., Chen, C. L., Wu, C. Y., & Huang, S. Y. (2012). An extended chaotic maps-based key agreement protocol with user anonymity. Nonlinear Dynamics, 69(1–2), 79–87.

    Article  MathSciNet  MATH  Google Scholar 

  36. He, D. B., Chen, Y. T., & Chen, J. H. (2012). Cryptanalysis and improvement of an extended chaotic maps-based key agreement protocol. Nonlinear Dynamics, 69(3), 1149–1157.

    Article  MathSciNet  MATH  Google Scholar 

  37. Lai, H., Xiao, J., Li, L., et al. (2012). Applying semigroup property of enhanced chebyshev polynomials to anonymous authentication protocol. Mathematical Problems in Engineering; vol. 2012, Article ID 454823, 17 pp, 2012. doi:10.1155/2012/454823

  38. Zhao, F. J., Gong, P., Li, S., Li, M. G., & Li, P. (2013). Cryptanalysis and improvement of a three-party key agreement protocol using enhanced Chebyshev polynomials. Nonlinear Dynamics, 74(1–2), 419–427.

    Article  MathSciNet  MATH  Google Scholar 

  39. Xie, Q., Zhao, J. M., & Yu, X. Y. (2013). Chaotic maps-based three-party password-authenticated key agreement scheme. Nonlinear Dynamics, 74(4), 1021–1027.

    Article  MathSciNet  MATH  Google Scholar 

  40. Zhang, L. H. (2008). Cryptanalysis of the public key encryption based on multiple chaotic systems. Chaos, Solitons & Fractals, 37(3), 669–674.

    Article  MathSciNet  MATH  Google Scholar 

  41. Kocarev, L., & Lian, S. (2011). Chaos-based cryptography: Theory, algorithms and applications (Vol. 354). Berlin: Springer.

    Book  MATH  Google Scholar 

  42. Tsai, C. S., Lee, C. C., & Hwang, M. S. (2006). Password authentication schemes: Current status and key issues. International Journal Network Security, 3(2), 101–115.

    Google Scholar 

  43. Burrows, M., Abadi, M., & Needham, R. M. (1871). A logic of authentication. Proceedings of the Royal Society of London A—Mathematical and Physical Sciences, 1989(426), 233–271.

    MathSciNet  MATH  Google Scholar 

  44. Ballare, M., & Rogaway, P. (1993). Random oracles are practical: A paradigm for designing efficient protocols. InProceedings of the 1st ACM conference on computer and communications security (CCS’93), (pp. 62–73).

  45. Shoup, V. (2004). Sequences of games: A tool for taming complexity in security proofs. Cryptology ePrint Archieve, Report 2004/332. http://eprint.iacr.org/2004/332.

  46. Xu, J., Zhu, W. T., & Feng, D. G. (2009). An improved smart card based password authentication scheme with provable security. Computer Standards and Interfaces, 31(4), 723–728.

    Article  Google Scholar 

  47. Dolev, D., & Yao, A. (1983). On the security of public key protocols. IEEE Transactions on Information Theory, 29(2), 198–208.

    Article  MathSciNet  MATH  Google Scholar 

  48. Kocher, P., Jaffe, J., & Jun, B. (1999). Differential power analysis. In Proceedings of advances in cryptology (Crypto’99) (pp. 388–397).

  49. Messerges, T. S., Dabbish, E. A., & Sloan, R. H. (2002). Examining smart-card security under the threat of power analysis attacks. IEEE Transactions on Computers, 51(5), 541–552.

    Article  MathSciNet  Google Scholar 

  50. Joye, M., & Olivier, F. (2005). Side-channel analysis, encyclopedia of cryptography and security. Amsterdam: Kluwer.

    Google Scholar 

  51. Zhou, T., & Xu, J. (2011). Provable secure authentication protocol with anonymity for roaming service in global mobility networks. Computer Networks, 55, 205–213.

    Article  MATH  Google Scholar 

  52. Xue, K., & Hong, P. (2012). Security improvement on an anonymous key agreement protocol based on chaotic maps. Communications in Nonlinear Science and Numerical Simulation, 17, 2969–2977.

    Article  MathSciNet  MATH  Google Scholar 

Download references

Acknowledgments

This work was supported by the National Natural Science Foundation of China under Grant Nos. 61300220, 61572013 and 61572188, the General and Special Financial Grant from China Postdoctoral Science Foundation under Grant Nos. 2014M550590 and 2015T80035, respectively. SK Hafizul Islam is partially supported by OPERA Award, BITS Pilani, India. Fan Wu is supported by Fujian Education and Scientific Research Program for Young and Middle-aged Teachers under Grant No. JA14369. Besides, the authors extend their sincere appreciations to the Deanship of Scientific Research at King Saud University for its funding this Prolific Research Group (PRG-1436-16).

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Jianwei Niu.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Li, X., Niu, J., Kumari, S. et al. A Novel Chaotic Maps-Based User Authentication and Key Agreement Protocol for Multi-server Environments with Provable Security. Wireless Pers Commun 89, 569–597 (2016). https://doi.org/10.1007/s11277-016-3293-x

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11277-016-3293-x

Keywords

Navigation