We found a match
Your institution may have access to this item. Find your institution then sign in to continue.
- Title
Cryptanalysis and provable improvement of a chaotic maps-based mobile dynamic ID authenticated key agreement scheme.
- Authors
Zhu, Hongfeng
- Abstract
In recent years, due to the wide applications of client-server architecture, the problem of only legal users have access to use the various remote services has attracted much attention. Consequently, many chaotic maps-based authenticated key agreement schemes using static ID have been widely used. However, static ID authentication schemes cannot provide user anonymity. It is a better choice to utilize dynamic ID authentication scheme. Recently, Lin proposed a chaotic maps-based mobile dynamic ID authenticated key agreement scheme and proved that it was secure against existential active attacks. Unfortunately, in this paper, we show that Lin's scheme cannot resist dictionary attack, user spoofing attack, and denial of service attack. Moreover, the paper first proposed an attack method called exclusive-or operation with pad operation leaking attack, which can lead to the worst case scenario: an adversary can get the session key without being detected. In addition, in the password-change phase of Lin's scheme, there is no authenticated process for the user. In other words, even if anyone else inputs the two uncorrelated passwords, the mobile device will continue to update the password, which leads to the consequence that the legal user cannot log in forever. Finally, we proposed an improved protocol based on chaotic maps with provable security under the random oracle model. Compared with previous related works, the improved protocol not only can withstand existential active attacks, but also has better computational efficiency. Copyright © 2015 John Wiley & Sons, Ltd.
- Subjects
CRYPTOGRAPHY research; KEY agreement protocols (Computer network protocols); CLIENT/SERVER computing security measures; COMPUTER passwords; PHISHING prevention
- Publication
Security & Communication Networks, 2015, Vol 8, Issue 17, p2981
- ISSN
1939-0114
- Publication type
Article
- DOI
10.1002/sec.1225