使用扩展混沌映射增强匿名三方密码认证密钥协商的安全性和效率。

Security and efficiency enhancement of an anonymous three-party password-authenticated key agreement using extended chaotic maps.

机构信息

Key Laboratory of Cryptography and Network Security, Hangzhou Normal University, Hangzhou, China.

Tianjin Key Laboratory of Advanced Networking, School of Computer Science and Technology, Tianjin University, Tianjin, China.

出版信息

PLoS One. 2018 Oct 5;13(10):e0203984. doi: 10.1371/journal.pone.0203984. eCollection 2018.

DOI:10.1371/journal.pone.0203984

PMID:30289897

原文链接:https://pmc.ncbi.nlm.nih.gov/articles/PMC6173389/

Abstract

Recently, Lu et al. claimed that Xie et al.'s three-party password-authenticated key agreement protocol (3PAKA) using chaotic maps has three security vulnerabilities; in particular, it cannot resist offline password guessing attack, Bergamo et al.'s attack and impersonation attack, and then they proposed an improved protocol. However, we demonstrate that Lu et al.'s attacks on Xie et al.'s scheme are unworkable, and their improved protocol is insecure against stolen-verifier attack and off-line password guessing attack. Furthermore, we propose a novel scheme with enhanced security and efficiency. We use formal verification tool ProVerif, which is based on pi calculus, to prove security and authentication of our scheme. The efficiency of the proposed scheme is higher than other related schemes.

摘要

最近，Lu 等人声称 Xie 等人使用混沌映射的三方密码认证密钥协商协议（3PAKA）存在三个安全漏洞；特别是，它不能抵抗离线密码猜测攻击、Bergamo 等人的攻击和冒充攻击，然后他们提出了一个改进的协议。然而，我们证明了 Lu 等人对 Xie 等人方案的攻击是不可行的，他们的改进协议在面对窃取验证器攻击和离线密码猜测攻击时是不安全的。此外，我们提出了一种具有增强安全性和效率的新方案。我们使用基于 pi 演算的形式验证工具 ProVerif 来证明我们方案的安全性和认证性。所提出方案的效率高于其他相关方案。

https://cdn.ncbi.nlm.nih.gov/pmc/blobs/6353/6173389/dfda25ea82b6/pone.0203984.g001.jpg

相似文献

Security and efficiency enhancement of an anonymous three-party password-authenticated key agreement using extended chaotic maps.使用扩展混沌映射增强匿名三方密码认证密钥协商的安全性和效率。

PLoS One. 2018 Oct 5;13(10):e0203984. doi: 10.1371/journal.pone.0203984. eCollection 2018.

An Extended Chaotic Maps-Based Three-Party Password-Authenticated Key Agreement with User Anonymity.一种基于扩展混沌映射的具有用户匿名性的三方密码认证密钥协商协议。

PLoS One. 2016 Apr 21;11(4):e0153870. doi: 10.1371/journal.pone.0153870. eCollection 2016.

An Improvement of Robust and Efficient Biometrics Based Password Authentication Scheme for Telecare Medicine Information Systems Using Extended Chaotic Maps.基于扩展混沌映射的远程医疗信息系统稳健高效生物特征密码认证方案的改进

J Med Syst. 2016 Mar;40(3):70. doi: 10.1007/s10916-015-0422-0. Epub 2016 Jan 7.

A Multiserver Biometric Authentication Scheme for TMIS using Elliptic Curve Cryptography.一种使用椭圆曲线密码学的用于TMIS的多服务器生物特征认证方案。

J Med Syst. 2016 Nov;40(11):230. doi: 10.1007/s10916-016-0592-4. Epub 2016 Sep 19.

A robust anonymous biometric-based authenticated key agreement scheme for multi-server environments.一种适用于多服务器环境的基于健壮匿名生物特征的认证密钥协商方案。

PLoS One. 2017 Nov 9;12(11):e0187403. doi: 10.1371/journal.pone.0187403. eCollection 2017.

An Improved and Secure Anonymous Biometric-Based User Authentication with Key Agreement Scheme for the Integrated EPR Information System.一种用于集成电子病历信息系统的、具有密钥协商方案的改进型安全匿名生物特征用户认证方法。

PLoS One. 2017 Jan 3;12(1):e0169414. doi: 10.1371/journal.pone.0169414. eCollection 2017.

An improved authenticated key agreement protocol for telecare medicine information system.一种用于远程医疗信息系统的改进型认证密钥协商协议。

Springerplus. 2016 May 3;5:555. doi: 10.1186/s40064-016-2018-7. eCollection 2016.

An Improved and Secure Biometric Authentication Scheme for Telecare Medicine Information Systems Based on Elliptic Curve Cryptography.基于椭圆曲线密码学的远程医疗信息系统改进和安全生物认证方案。

J Med Syst. 2015 Nov;39(11):175. doi: 10.1007/s10916-015-0335-y. Epub 2015 Sep 23.

Efficient and Security Enhanced Anonymous Authentication with Key Agreement Scheme in Wireless Sensor Networks.无线传感器网络中基于密钥协商方案的高效且增强安全性的匿名认证

Sensors (Basel). 2017 Mar 21;17(3):644. doi: 10.3390/s17030644.

Robust and efficient biometrics based password authentication scheme for telecare medicine information systems using extended chaotic maps.基于扩展混沌映射的用于远程医疗信息系统的稳健高效生物特征密码认证方案。

J Med Syst. 2015 Jun;39(6):65. doi: 10.1007/s10916-015-0229-z. Epub 2015 Apr 22.

本文引用的文献

An Extended Chaotic Maps-Based Three-Party Password-Authenticated Key Agreement with User Anonymity.一种基于扩展混沌映射的具有用户匿名性的三方密码认证密钥协商协议。

PLoS One. 2016 Apr 21;11(4):e0153870. doi: 10.1371/journal.pone.0153870. eCollection 2016.

Anonymous three-party password-authenticated key exchange scheme for Telecare Medical Information Systems.用于远程医疗信息系统的匿名三方密码认证密钥交换方案。

PLoS One. 2014 Jul 21;9(7):e102747. doi: 10.1371/journal.pone.0102747. eCollection 2014.

Smart environment as a service: three factor cloud based user authentication for telecare medical information system.智能环境即服务：用于远程医疗信息系统的基于云的三因素用户认证

J Med Syst. 2014 Jan;38(1):9997. doi: 10.1007/s10916-013-9997-5. Epub 2013 Dec 7.

文献检索

告别复杂PubMed语法，用中文像聊天一样搜索，搜遍4000万医学文献。AI智能推荐，让科研检索更轻松。

立即免费搜索

文件翻译

保留排版，准确专业，支持PDF/Word/PPT等文件格式，支持 12+语言互译。

免费翻译文档

深度研究

AI帮你快速写综述，25分钟生成高质量综述，智能提取关键信息，辅助科研写作。

立即免费体验

使用扩展混沌映射增强匿名三方密码认证密钥协商的安全性和效率。

Security and efficiency enhancement of an anonymous three-party password-authenticated key agreement using extended chaotic maps.

机构信息

出版信息

相似文献

本文引用的文献

文献检索

文件翻译

深度研究

Suppr 超能文献

相似文献

本文引用的文献