中国物理B ›› 2015, Vol. 24 ›› Issue (11): 110505-110505.doi: 10.1088/1674-1056/24/11/110505
谢琪, 胡斌, 陈克非, 刘文浩, 谭肖
Xie Qi (谢琪), Hu Bin (胡斌), Chen Ke-Fei (陈克非), Liu Wen-Hao (刘文浩), Tan Xiao (谭肖)
摘要: In three-party password authenticated key exchange (AKE) protocol, since two users use their passwords to establish a secure session key over an insecure communication channel with the help of the trusted server, such a protocol may suffer the password guessing attacks and the server has to maintain the password table. To eliminate the shortages of password-based AKE protocol, very recently, according to chaotic maps, Lee et al. [2015 Nonlinear Dyn. 79 2485] proposed a first three-party-authenticated key exchange scheme without using passwords, and claimed its security by providing a well-organized BAN logic test. Unfortunately, their protocol cannot resist impersonation attack, which is demonstrated in the present paper. To overcome their security weakness, by using chaotic maps, we propose a biometrics-based anonymous three-party AKE protocol with the same advantages. Further, we use the pi calculus-based formal verification tool ProVerif to show that our AKE protocol achieves authentication, security and anonymity, and an acceptable efficiency.
中图分类号: (Communication using chaos)