Multi-factor authentication key agreement scheme based on chaotic mapping

doi:10.11772/j.issn.1001-9081.2018030642

Abstract

Abstract: In the open network environment, identity authentication is an important means to ensure information security. Aiming at the authentication protocol proposed by Li, et al (LI X, WU F, KHAN M K, et al. A secure chaotic map-based remote authentication scheme for telecare medicine information systems. Future Generation Computer Systems, 2017, 84:149-159.), some security defects were pointed out, such as user impersonation attacks and denial service attacks. In order to overcome those vulnerabilities, a new protocol scheme with multi-factor was proposed. In this protocol, extended chaotic mapping was adopted, dynamic identity was used to protect user anonymity, and three-way handshake was used to achieve asynchronous authentication. Security analysis result shows that the new protocol can resist impersonation attacks and denial service attacks and protect user anonymity and unique identity.

Key words: chaotic mapping, three-factor, authentication, key agreement, user anonymity, impersonation attack

摘要： 在开放的网络环境中，身份认证是确保信息安全的一种重要手段。针对Li等（LI X，WU F，KHAN M K，et al.A secure chaotic map-based remote authentication scheme for telecare medicine information systems.Future Generation Computer Systems，2017，84：149-159.）提出的身份认证协议，指出其容易遭受用户冒充攻击、拒绝服务攻击等缺陷，并提出一个新的多因子认证协议来修复以上安全漏洞。该协议使用了扩展混沌映射，采用动态身份保护用户匿名性，并利用三次握手技术实现异步认证。安全性分析结果表明，所提协议可以抵抗冒充攻击、拒绝服务攻击，能够保护用户匿名性和身份唯一性。

关键词: 混沌映射, 三因子, 认证, 密钥协商, 用户匿名性, 冒充攻击

CLC Number:

TN918

WANG Songwei, CHEN Jianhua. Multi-factor authentication key agreement scheme based on chaotic mapping[J]. Journal of Computer Applications, 2018, 38(10): 2940-2944.

王松伟, 陈建华. 基于混沌映射的多因子认证密钥协商协议[J]. 计算机应用, 2018, 38(10): 2940-2944.

References

[1] YI X, RAO F Y, TARI Z, et al. ID2S Password-authenticated key exchange protocols[J]. IEEE Transactions on Computers, 2016, 65(12):3687-3701.
[2] XIE Q, WONG D, WANG G, et al. Provably secure dynamic ID-based anonymous two-factor authenticated key exchange protocol with extended security model[J]. IEEE Transactions on Information Forensics & Security, 2017, 12(6):1382-1392.
[3] ZHANG L, ZHU S, TANG S. Privacy protection for telecare medicine information systems using a chaotic map-based three-factor authenticated key agreement scheme[J]. IEEE Journal of Biomedical & Health Informatics, 2017, 21(2):465.
[4] GUO X, ZHANG J. Secure group key agreement protocol based on chaotic Hash[J]. Information Sciences, 2010, 180(20):4069-4074.
[5] HAO X, WANG J, YANG Q, et al. A chaotic map-based authentication scheme for telecare medicine information systems[J]. Journal of Medical Systems, 2013, 37(2):9919.
[6] LEE T F. An efficient chaotic maps-based authentication and key agreement scheme using smartcards for telecare medicine information systems[J]. Journal of Medical Systems, 2013, 37(6):9985.
[7] JIANG Q, MA J, LU X, et al. Robust chaotic map-based authentication and key agreement scheme with strong anonymity for telecare medicine information systems[J]. Journal of Medical Systems, 2014, 38(2):12.
[8] BERGAMO P, D'ARCO P, SANTIS A D, et al. Security of public-key cryptosystems based on Chebyshev polynomials[J]. IEEE Transactions on Circuits and Systems I:Regular Papers, 2005, 52(7):1382-1393.
[9] XU X, ZHU P, WEN Q, et al. A secure and efficient authentication and key agreement scheme based on ECC for telecare medicine information systems[J]. Journal of Medical Systems, 2014, 38(1):9994.
[10] MISHRA D. A study on ID-based authentication schemes for telecare medical information system[EB/OL].[2018-01-10]. https://arxiv.org/abs/1311.0151.
[11] AMIN R, BISWAS G P. A secure three-factor user authentication and key agreement protocol for TMIS with user anonymity[J]. Journal of Medical Systems, 2015, 39(8):78.
[12] 王彩芬, 乔慧, 李亚红, 等. 改进的三因素相互认证与密钥协商方案[J]. 计算机应用研究,2018,35(2):536-541. (WANG C F, QIAO H, LI Y H, et al. Improved three-factor authenticated key agreement scheme[J]. Application Research of Computers, 2018,35(2):536-541.)
[13] PARK Y, PARK Y. Three-factor user authentication and key agreement using elliptic curve cryptosystem in wireless sensor networks[J]. Sensors, 2016, 16(12):2123.
[14] JUNG J, MOON J, LEE D, et al. Efficient and security enhanced anonymous authentication with key agreement scheme in wireless sensor networks[J]. Sensors, 2017, 17(3):644.
[15] JIANG Q, ZEADALLY S, MA J, et al. Lightweight three-factor authentication and key agreement protocol for Internet-integrated wireless sensor networks[J]. IEEE Access, 2017, 5:3376-3392.
[16] WANG D, WANG P. On the anonymity of two-factor authentication schemes for wireless sensor networks[J]. Computer Networks, 2014, 73:41-57.
[17] WANG D, HE D, WANG P, et al. Anonymous two-factor authentication in distributed systems:certain goals are beyond attainment[J]. IEEE Transactions on Dependable and Secure Computing, 2015,12(4):428-442.
[18] 汪定, 李文婷, 王平. 对三个多服务器环境下匿名身份认证协议的安全性分析[J]. 软件学报, 2018,29(7):1937-1952. (WANG D, LI W T, WANG P, et al. Cryt analysis of three anonymous authentication schemes for multi-server environment[J]. Journal of Software, 2018,29(7):1937-1952.)
[19] LI X, WU F, KHAN M K, et al. A secure chaotic map-based remote authentication scheme for telecare medicine information systems[J]. Future Generation Computer Systems, 2017, 84:149-159.
[20] RIVLIN T J. The Chebyshev polynomials[J]. Mathematics of Computation, 1974, 30(134):374.
[21] ZHANG L. Cryptanalysis of the public key encryption based on multiple chaotic systems[J]. Chaos Solitons & Fractals, 2008, 37(3):669-674.
[22] WU M, CHEN J, ZHU W, et al. Security analysis and enhancements of a multi-factor biometric authentication scheme[J]. International Journal of Electronic Security & Digital Forensics, 2016, 8(4):352.
[23] DODIS Y, REYZIN L, SMITH A. Fuzzy extractors:how to generate strong keys from biometrics and other noisy data[C]//EUROCRYPT 2004:Proceedings of the 2004 International Conference on the Theory and Applications of Cryptographic Techniques. Berlin:Springer, 2004:523-540.
[24] KOCHER P, JAFFE J, JUN B. Differential power analysis[C]//Proceedings of the 19th Annual International Cryptology Conference, LNCS 1666. Berlin:Springer, 1999:388-397.
[25] MESSERGES T S, DABBISH E A, SLOAN R H. Examining smart-card security under the threat of power analysis attacks[J]. IEEE Transactions on Computers, 2002, 51(5):541-552.
[26] BRIER E, CLAVIER C, OLIVIER F. Correlation power analysis with a leakage model[C]//CHES 2004:Proceedings of the 2004 International Workshop on Cryptographic Hardware and Embedded Systems, LNCS 3156. Berlin:Springer, 2004:16-29.
[27] TAN Z. A chaotic maps-based authenticated key agreement protocol with strong anonymity[J]. Nonlinear Dynamics, 2013, 72(1/2):311-320.