Chaotic maps and biometrics-based anonymous three-party authenticated key exchange protocol without using passwords  

作　　者：谢琪 胡斌 陈克非 刘文浩 谭肖 

机构地区：[1]Hangzhou Key Laboratory of Cryptography and Network Security, Hangzhou Normal University

出　　处：《Chinese Physics B》2015年第11期163-170,共8页中国物理B（英文版）

基　　金：supported by the Natural Science Foundation of Zhejiang Province,China(Grant No.LZ12F02005);the Major State Basic Research Development Program of China(Grant No.2013CB834205);the National Natural Science Foundation of China(Grant No.61070153)

摘　　要：In three-party password authenticated key exchange （AKE） protocol, since two users use their passwords to establish a secure session key over an insecure communication channel with the help of the trusted server, such a protocol may suffer the password guessing attacks and the server has to maintain the password table. To eliminate the shortages of password- based AKE protocol, very recently, according to chaotic maps, Lee et al. [2015 Nonlinear Dyn. 79 2485] proposed a first three-party-authenticated key exchange scheme without using passwords, and claimed its security by providing a well- organized BAN logic test. Unfortunately, their protocol cannot resist impersonation attack, which is demonstrated in the present paper. To overcome their security weakness, by using chaotic maps, we propose a biometrics-based anonymous three-party AKE protocol with the same advantages. Further, we use the pi calculus-based formal verification tool ProVerif to show that our AKE protocol achieves authentication, security and anonymity, and an acceptable efficiency.In three-party password authenticated key exchange （AKE） protocol, since two users use their passwords to establish a secure session key over an insecure communication channel with the help of the trusted server, such a protocol may suffer the password guessing attacks and the server has to maintain the password table. To eliminate the shortages of password- based AKE protocol, very recently, according to chaotic maps, Lee et al. [2015 Nonlinear Dyn. 79 2485] proposed a first three-party-authenticated key exchange scheme without using passwords, and claimed its security by providing a well- organized BAN logic test. Unfortunately, their protocol cannot resist impersonation attack, which is demonstrated in the present paper. To overcome their security weakness, by using chaotic maps, we propose a biometrics-based anonymous three-party AKE protocol with the same advantages. Further, we use the pi calculus-based formal verification tool ProVerif to show that our AKE protocol achieves authentication, security and anonymity, and an acceptable efficiency.

关 键 词：CHAOS Chebyshev chaotic maps ANONYMOUS authenticated key exchange 

分 类 号：TN918.4[电子电信—通信与信息系统]