中国物理B ›› 2015, Vol. 24 ›› Issue (11): 110505-110505.doi: 10.1088/1674-1056/24/11/110505

• GENERAL • 上一篇    下一篇

Chaotic maps and biometrics-based anonymous three-party authenticated key exchange protocol without using passwords

谢琪, 胡斌, 陈克非, 刘文浩, 谭肖   

  1. Hangzhou Key Laboratory of Cryptography and Network Security, Hangzhou Normal University, Hangzhou 311121, China
  • 收稿日期:2015-04-10 修回日期:2015-07-05 出版日期:2015-11-05 发布日期:2015-11-05
  • 通讯作者: Xie Qi, Liu Wen-Hao E-mail:qixie68@126.com;whl819819@163.com
  • 基金资助:
    Project supported by the Natural Science Foundation of Zhejiang Province, China (Grant No. LZ12F02005), the Major State Basic Research Development Program of China (Grant No. 2013CB834205), and the National Natural Science Foundation of China (Grant No. 61070153).

Chaotic maps and biometrics-based anonymous three-party authenticated key exchange protocol without using passwords

Xie Qi (谢琪), Hu Bin (胡斌), Chen Ke-Fei (陈克非), Liu Wen-Hao (刘文浩), Tan Xiao (谭肖)   

  1. Hangzhou Key Laboratory of Cryptography and Network Security, Hangzhou Normal University, Hangzhou 311121, China
  • Received:2015-04-10 Revised:2015-07-05 Online:2015-11-05 Published:2015-11-05
  • Contact: Xie Qi, Liu Wen-Hao E-mail:qixie68@126.com;whl819819@163.com
  • Supported by:
    Project supported by the Natural Science Foundation of Zhejiang Province, China (Grant No. LZ12F02005), the Major State Basic Research Development Program of China (Grant No. 2013CB834205), and the National Natural Science Foundation of China (Grant No. 61070153).

摘要: In three-party password authenticated key exchange (AKE) protocol, since two users use their passwords to establish a secure session key over an insecure communication channel with the help of the trusted server, such a protocol may suffer the password guessing attacks and the server has to maintain the password table. To eliminate the shortages of password-based AKE protocol, very recently, according to chaotic maps, Lee et al. [2015 Nonlinear Dyn. 79 2485] proposed a first three-party-authenticated key exchange scheme without using passwords, and claimed its security by providing a well-organized BAN logic test. Unfortunately, their protocol cannot resist impersonation attack, which is demonstrated in the present paper. To overcome their security weakness, by using chaotic maps, we propose a biometrics-based anonymous three-party AKE protocol with the same advantages. Further, we use the pi calculus-based formal verification tool ProVerif to show that our AKE protocol achieves authentication, security and anonymity, and an acceptable efficiency.

关键词: chaos, Chebyshev chaotic maps, anonymous, authenticated key exchange

Abstract: In three-party password authenticated key exchange (AKE) protocol, since two users use their passwords to establish a secure session key over an insecure communication channel with the help of the trusted server, such a protocol may suffer the password guessing attacks and the server has to maintain the password table. To eliminate the shortages of password-based AKE protocol, very recently, according to chaotic maps, Lee et al. [2015 Nonlinear Dyn. 79 2485] proposed a first three-party-authenticated key exchange scheme without using passwords, and claimed its security by providing a well-organized BAN logic test. Unfortunately, their protocol cannot resist impersonation attack, which is demonstrated in the present paper. To overcome their security weakness, by using chaotic maps, we propose a biometrics-based anonymous three-party AKE protocol with the same advantages. Further, we use the pi calculus-based formal verification tool ProVerif to show that our AKE protocol achieves authentication, security and anonymity, and an acceptable efficiency.

Key words: chaos, Chebyshev chaotic maps, anonymous, authenticated key exchange

中图分类号:  (Communication using chaos)

  • 05.45.Vx
05.45.-a (Nonlinear dynamics and chaos)