Security and efficiency enhancement of an anonymous three-party password-authenticated key agreement using extended chaotic maps

Recently, Lu et al. claimed that Xie et al.’s three-party password-authenticated key agreement protocol (3PAKA) using chaotic maps has three security vulnerabilities; in particular, it cannot resist offline password guessing attack, Bergamo et al.’s attack and impersonation attack, and then they pro...

Descripción completa

Detalles Bibliográficos
Autores principales: Xie, Qi, Lu, Yanrong, Tan, Xiao, Tang, Zhixiong, Hu, Bin
Formato: Online Artículo Texto
Lenguaje:English
Publicado: Public Library of Science 2018
Materias:
Research Article
Acceso en línea:https://www.ncbi.nlm.nih.gov/pmc/articles/PMC6173389/
https://www.ncbi.nlm.nih.gov/pubmed/30289897
http://dx.doi.org/10.1371/journal.pone.0203984
_version_ 1783361118143512576
author Xie, Qi
Lu, Yanrong
Tan, Xiao
Tang, Zhixiong
Hu, Bin
author_facet Xie, Qi
Lu, Yanrong
Tan, Xiao
Tang, Zhixiong
Hu, Bin
author_sort Xie, Qi
collection PubMed
description Recently, Lu et al. claimed that Xie et al.’s three-party password-authenticated key agreement protocol (3PAKA) using chaotic maps has three security vulnerabilities; in particular, it cannot resist offline password guessing attack, Bergamo et al.’s attack and impersonation attack, and then they proposed an improved protocol. However, we demonstrate that Lu et al.’s attacks on Xie et al.’s scheme are unworkable, and their improved protocol is insecure against stolen-verifier attack and off-line password guessing attack. Furthermore, we propose a novel scheme with enhanced security and efficiency. We use formal verification tool ProVerif, which is based on pi calculus, to prove security and authentication of our scheme. The efficiency of the proposed scheme is higher than other related schemes.
format Online
Article
Text
id pubmed-6173389
institution National Center for Biotechnology Information
language English
publishDate 2018
publisher Public Library of Science
record_format MEDLINE/PubMed
spelling pubmed-61733892018-10-19 Security and efficiency enhancement of an anonymous three-party password-authenticated key agreement using extended chaotic maps Xie, Qi Lu, Yanrong Tan, Xiao Tang, Zhixiong Hu, Bin PLoS One Research Article Recently, Lu et al. claimed that Xie et al.’s three-party password-authenticated key agreement protocol (3PAKA) using chaotic maps has three security vulnerabilities; in particular, it cannot resist offline password guessing attack, Bergamo et al.’s attack and impersonation attack, and then they proposed an improved protocol. However, we demonstrate that Lu et al.’s attacks on Xie et al.’s scheme are unworkable, and their improved protocol is insecure against stolen-verifier attack and off-line password guessing attack. Furthermore, we propose a novel scheme with enhanced security and efficiency. We use formal verification tool ProVerif, which is based on pi calculus, to prove security and authentication of our scheme. The efficiency of the proposed scheme is higher than other related schemes. Public Library of Science 2018-10-05 /pmc/articles/PMC6173389/ /pubmed/30289897 http://dx.doi.org/10.1371/journal.pone.0203984 Text en © 2018 Xie et al http://creativecommons.org/licenses/by/4.0/ This is an open access article distributed under the terms of the Creative Commons Attribution License (http://creativecommons.org/licenses/by/4.0/) , which permits unrestricted use, distribution, and reproduction in any medium, provided the original author and source are credited.
spellingShingle Research Article
Xie, Qi
Lu, Yanrong
Tan, Xiao
Tang, Zhixiong
Hu, Bin
Security and efficiency enhancement of an anonymous three-party password-authenticated key agreement using extended chaotic maps
title Security and efficiency enhancement of an anonymous three-party password-authenticated key agreement using extended chaotic maps
title_full Security and efficiency enhancement of an anonymous three-party password-authenticated key agreement using extended chaotic maps
title_fullStr Security and efficiency enhancement of an anonymous three-party password-authenticated key agreement using extended chaotic maps
title_full_unstemmed Security and efficiency enhancement of an anonymous three-party password-authenticated key agreement using extended chaotic maps
title_short Security and efficiency enhancement of an anonymous three-party password-authenticated key agreement using extended chaotic maps
title_sort security and efficiency enhancement of an anonymous three-party password-authenticated key agreement using extended chaotic maps
topic Research Article
url https://www.ncbi.nlm.nih.gov/pmc/articles/PMC6173389/
https://www.ncbi.nlm.nih.gov/pubmed/30289897
http://dx.doi.org/10.1371/journal.pone.0203984
work_keys_str_mv AT xieqi securityandefficiencyenhancementofananonymousthreepartypasswordauthenticatedkeyagreementusingextendedchaoticmaps
AT luyanrong securityandefficiencyenhancementofananonymousthreepartypasswordauthenticatedkeyagreementusingextendedchaoticmaps
AT tanxiao securityandefficiencyenhancementofananonymousthreepartypasswordauthenticatedkeyagreementusingextendedchaoticmaps
AT tangzhixiong securityandefficiencyenhancementofananonymousthreepartypasswordauthenticatedkeyagreementusingextendedchaoticmaps
AT hubin securityandefficiencyenhancementofananonymousthreepartypasswordauthenticatedkeyagreementusingextendedchaoticmaps

Ejemplares similares