Security-enhanced three-factor remote user authentication scheme based on Chebyshev chaotic maps

With the wide deployment of new computing paradigms, such as cloud computing and edge computing, the people can access services provided by remote servers more conveniently via the Internet. To preserve the security of those messages transmitted over the public channel, remote user authentication protocols are popularly implemented in various information systems. Recently, Park et al. pointed that Cao and Ge’s three-factor authentication scheme suffers from offline identity guessing attack and server impersonation attack. They also proposed a new scheme after presenting the corresponding cryptanalysis. However, we found that Park et al.’s scheme is vulnerable to offline password guessing attack, which is the most serious threat against this kind of authentication scheme. In addition, their scheme cannot provide complete correctness due to the misuse of bio-hashing and also fails to achieve user untraceability and perfect forward secrecy. To conquer these security pitfalls, we put forward a password, smart card, and biometrics-based three-factor remote user authentication scheme using the extended Chebyshev chaotic maps. The security analysis indicates that the proposed scheme can withstand various well-known attacks including offline guessing attack, impersonation attack, and so on. The performance evaluation shows that the proposed scheme provides stronger security guarantee at the cost of acceptable computation overhead. Thus, the proposed scheme is more desirable for securing communication in mobile networks.