Skip to main content
Log in

An Improved and Secure Chaotic-Map Based Multi-server Authentication Protocol Based on Lu et al. and Tsai and Lo’s Scheme

  • Published:
Wireless Personal Communications Aims and scope Submit manuscript

Abstract

The simple password based authentication techniques have been evolving into more secure and advanced protocols, capable of countering the advanced breed of threats. Following this development, the multi-server authentication (MSA), lets subscribers the provision of services from various service providers out of a single registration performed initially. The user seeks to register from registration centre first, and could avail a range of services onwards. The research efforts on MSA based framework, for making it lightweight and security resilient, has been going on a reasonable pace. However, yet we have not come up with a framework that can be relied upon for deployment in an access network bearing nodes that demand low computational cost. Recently, in this regard, Tsai and Lo presented a chaotic map-based multi-server authentication protocol. However, the Tsai and Lo scheme is found vulnerable to key-compromise impersonation attack, Bergamo et al. and password guessing attack by Lu et al. In return, Lu et al. presented a model countering the flaws of Tsai and Lo scheme. We review both schemes and found that Tsai et al. is still vulnerable to more threats, and at the same time, we demonstrate that Lu et al. is also vulnerable to RC-spoofing attack, replay attack, anonymity failure and bears some technical flaws. In this paper, we propose a secure and efficient scheme improved upon Tsai et al. protocol. Besides, this study work presents the formal security analysis using BAN logic and performance efficiency has also been evaluated against contemporary protocols.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3

Similar content being viewed by others

References

  1. Xiao, D., Liao, X., & Deng, S. (2008). Using time-stamp to improve the security of a chaotic maps-based key agreement protocol. Information Sciences, 178, 1598–11602.

    Article  MathSciNet  MATH  Google Scholar 

  2. Han, S. (2008). Security of a key agreement protocol based on chaotic maps. Chaos, Solitons & Fractals, 38, 764–768.

    Article  MathSciNet  MATH  Google Scholar 

  3. Xiao, D., Liao, X., & Deng, S. (2007). A novel key agreement protocol based on chaotic maps. Information Sciences, 177, 1136–1142.

    Article  MathSciNet  Google Scholar 

  4. Xiang, T., Wong, K., & Liao, X. (2009). On the security of a novel key agreement protocol based on chaotic maps. Chaos, Solitons & Fractals, 40(2), 672–675.

    Article  MATH  Google Scholar 

  5. Han, S., & Chang, E. (2009). Chaotic map based key agreement with/out clock synchronization. Chaos, Solitons & Fractals, 39, 1283–1289.

    Article  MathSciNet  MATH  Google Scholar 

  6. Yoon, E. J., & Yoo, K. Y. (2008). A new key agreement protocol based on chaotic maps. In N. T. Nguyen, G. S. Jo, R. J. Howlett, & L. C. Jain (Eds.), Agent and multi-agent systems: Technologies and applications (pp. 897–906). Springer: Heidelberg.

    Chapter  Google Scholar 

  7. Gong, P., Li, P., & Shi, W. B. (2012). A secure chaotic maps-based key agreement protocol without using smart cards. Nonlinear Dynamics, 70(4), 2401–2406.

    Article  MathSciNet  Google Scholar 

  8. Guo, X., & Zhang, J. (2010). Secure group key agreement protocol based on chaotic hash. Information Sciences, 180, 4069–4074.

    Article  MathSciNet  MATH  Google Scholar 

  9. Niu, Y., & Wang, X. (2011). An anonymous key agreement protocol based on chaotic maps. Communications in Nonlinear Science and Numerical Simulation, 16(4), 1986–1992.

    Article  MathSciNet  MATH  Google Scholar 

  10. Wang, X., & Zhao, J. (2010). An improved key agreement protocol based on chaos. Communications in Nonlinear Science and Numerical Simulation, 15(12), 4052–4057.

    Article  MathSciNet  MATH  Google Scholar 

  11. Tseng, H., Jan, R., & Yang, W. (2009). A chaotic maps-based key agreement protocol that preserves user anonymity. In IEEE international conference on communications (ICC09) (pp. 1–6).

  12. He, D., Chen, Y., & Chen, J. H. (2012). Cryptanalysis and improvement of an extended chaotic maps-based key agreement protocol. Nonlinear Dynamics, 69(3), 1149–1157.

    Article  MathSciNet  MATH  Google Scholar 

  13. Chaudhry, S. A., Naqvi, H., Mahmood, K., Ahmad, H. F., & Khan, M. K. (2016). An improved remote user authentication scheme using elliptic curve cryptography. Wireless Personal Communication. doi:10.1007/s11277-016-3745-3.

    Google Scholar 

  14. Khan, I., Chaudhry, S. A., Sher, M., Khan, J. I., & Khan, M. K. (2016). An anonymous and provably secure biometric based authentication scheme using chaotic maps for accessing medical drop box data. Journal of Supercomputing. doi:10.1007/s11227-016-1886-5.

    Google Scholar 

  15. Guo, C., & Chang, C. C. (2013). Chaotic maps-based password-authenticated key agreement using smart cards. Communications in Nonlinear Science and Numerical Simulation, 18(6), 1433–1440.

    Article  MathSciNet  MATH  Google Scholar 

  16. Yoon, E. J. (2012). Efficiency and security problems of anonymous key agreement protocol based on chaotic maps. Communications in Nonlinear Science and Numerical Simulation, 17(7), 2735–2740.

    Article  MathSciNet  MATH  Google Scholar 

  17. Chaudhry, S. A. (2016). A secure biometric based multi-server authentication scheme for social multimedia networks. Multimedia Tools and Applications. doi:10.1007/s11042-015-3194-0.

    Google Scholar 

  18. Lee, C. C., Li, C. T., & Hsu, C. W. (2013). A three-party password-based authenticated key exchange protocol with user anonymity using extended chaotic maps. Nonlinear Dynamics, 73(1–2), 125–132.

    Article  MathSciNet  MATH  Google Scholar 

  19. Chaudhry, S. A., Naqvi, H., Sher, M., Farash, M. S., & Hassan, M. U. (2015). An improved and provably secure privacy preserving authentication protocol for SIP. Peer to Peer Networking and Applications. doi:10.1007/s12083-015-0400-9.

    Google Scholar 

  20. Chaudhry, S. A., Naqvi, H., Shon, T., Sher, M., & Farash, M. S. (2015). Cryptanalysis and improvement of an improved two factor authentication protocol for telecare medical information systems. Journal of Medical Systems. doi:10.1007/s10916-015-0244-0.

    Google Scholar 

  21. Chaudhry, S. A., Farash, M. S., Naqvi, H., Kumari, S., & Khan, M. K. (2015). An enhanced privacy preserving remote user authentication scheme with provable security. Security and Communication Networks. doi:10.1002/sec.1299.

    Google Scholar 

  22. Kocarev, L. (2001). Chaos-based cryptography: a brief overview. IEEE Circuits and Systems Magazine, 1(3), 6–21.

    Article  MathSciNet  Google Scholar 

  23. Baptista, M. S. (1998). Cryptography with chaos. Physics Letters A, 240(1–2), 50–54.

    Article  MathSciNet  MATH  Google Scholar 

  24. Xiao, D., Liao, X., & Deng, S. (2005). One-way hash function construction based on the chaotic map with changeable parameter. Chaos, Solitons & Fractals, 24, 65–71.

    Article  MathSciNet  MATH  Google Scholar 

  25. Wang, Y., Wong, K., Liao, X., & Xiang, T. (2009). A block cipher with dynamic s-boxes based on tent map. Communications in Nonlinear Science and Numerical Simulation, 14(7), 3089–3099.

    Article  MathSciNet  MATH  Google Scholar 

  26. Chen, G., Chen, Y., & Liao, X. (2007). An extended method for obtaining s-boxes based on three-dimensional chaotic Baker maps. Chaos, Solitons & Fractals, 31, 571–579.

    Article  MathSciNet  MATH  Google Scholar 

  27. Juang, W. S. (2004). Efficient multi-server password authenticated key agreement using smart cards. IEEE Transactions on Consumer Electronics, 50(1), 251–255.

    Article  Google Scholar 

  28. Chang, C. C., & Lee, J. S. (2004). An efficient and secure multi-server password authentication scheme using smart card. In Proceedings of the international conference on cyberworlds (pp. 417–422).

  29. Li, L. H., Lin, I. C., & Hwang, M. S. (2001). A remote password authentication scheme for multi-server architecture using neural networks. IEEE Transactions on Neural Networks, 12(6), 1498–1504.

    Article  Google Scholar 

  30. Yeh, K. H., & Lo, N. W. (2010). A novel remote user authentication scheme for multi-server environment without using smart cards. International Journal of Innovative Computing Information and Control, 6(8), 3467–3478.

    Google Scholar 

  31. Lee, J. S., Chang, Y. F., & Chang, C. C. (2008). A novel authentication protocol for multi-server architecture without smart cards. International Journal of Innovative Computing Information and Control, 4(6), 1357–1364.

    MathSciNet  Google Scholar 

  32. Tsai, J. L. (2008). Efficient multi-server authentication scheme based on one-way hash function without verification table. Computers & Security, 27(3–4), 115–121.

    Article  Google Scholar 

  33. Khan, M. K., & He, D. (2012). A new dynamic identity-based authentication protocol for multi-server environment using elliptic curve cryptography. Security and Communication Networks, 5(11), 1260–1266.

    Google Scholar 

  34. Li, X., Xiong, Y., Ma, J., & Wang, W. (2012). An enhanced and security dynamic identity based authentication protocol for multiserver architecture using smart cards. Journal of Network and Computer Applications, 35(2), 763–769.

    Article  Google Scholar 

  35. Yeh, K. H., Lo, N. W., & Li, Y. (2011). Cryptanalysis of Hsiang-Shih’s authentication scheme for multi-server architecture. International Journal of Communication Systems, 24(7), 829–836.

    Article  Google Scholar 

  36. Tsai, J. L., & Lo, N. W. (2015). A chaotic map-based anonymous multi-server authenticated key agreement protocol using smart card. International Journal of Communication Systems, 28(13), 1955–1963.

    Article  Google Scholar 

  37. Han, W. (2012). Weaknesses of a dynamic identity based authentication protocol for multi-server architecture. arXiv:1201.0883v1, 2012. http://arxiv.org/abs/1201.0883.

  38. Tsai, J. L., Lo, N. W., & Wu, T. C. (2013). A new password-based multi-server authentication scheme robust to password guessing attacks. Wireless Personal Communications. doi:10.1007/s11277-012-0918-6.

    Google Scholar 

  39. Lu, Y., Li, L., Peng, H., & Yang, Y. (2016). Cryptanalysis and improvement of a chaotic maps-based anonymous authenticated key agreement protocol for multiserver architecture. Security and Communication Networks, 9, 1321–1330.

    Article  Google Scholar 

  40. Dodis, Y., Reyzin, L., & Smith, A. (2004). Fuzzy extractors: How to generate strong keys from biometrics and other noisy data. Advances in Cryptology—EUROCRYPT, 3027, 523–540. doi:10.1007/978-3-540-24676-3_31.

    MathSciNet  MATH  Google Scholar 

Download references

Acknowledgements

The work of Qi XIE was supported by Natural Science Foundations of Zhejiang Province (No. LZ12F02005), and the Major State Basic Research Development (973) Program of China (No.2013CB834205).

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Azeem Irshad.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Irshad, A., Sher, M., Ashraf, M.U. et al. An Improved and Secure Chaotic-Map Based Multi-server Authentication Protocol Based on Lu et al. and Tsai and Lo’s Scheme. Wireless Pers Commun 95, 3185–3208 (2017). https://doi.org/10.1007/s11277-017-3990-0

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11277-017-3990-0

Keywords

Navigation