Open AccessSecurity and efficiency enhancement of an anonymous three-party password-authenticated key agreement using extended chaotic maps
Author(s) -
Qi Xie,
Yu Lu,
Xiao Tan,
Zhixiong Tang,
Bin Hu
Publication year - 2018
Publication title -
plos one
Language(s) - English
Resource type - Journals
SCImago Journal Rank - 0.99
H-Index - 332
ISSN - 1932-6203
DOI - 10.1371/journal.pone.0203984
Subject(s) - password , zero knowledge password proof , computer security , computer science , password cracking , challenge–response authentication , dictionary attack , protocol (science) , scheme (mathematics) , authentication (law) , key (lock) , one time password , security analysis , authentication protocol , mathematics , medicine , mathematical analysis , alternative medicine , pathology
Recently, Lu et al. claimed that Xie et al.’s three-party password-authenticated key agreement protocol (3PAKA) using chaotic maps has three security vulnerabilities; in particular, it cannot resist offline password guessing attack, Bergamo et al.’s attack and impersonation attack, and then they proposed an improved protocol. However, we demonstrate that Lu et al.’s attacks on Xie et al.’s scheme are unworkable, and their improved protocol is insecure against stolen-verifier attack and off-line password guessing attack. Furthermore, we propose a novel scheme with enhanced security and efficiency. We use formal verification tool ProVerif, which is based on pi calculus, to prove security and authentication of our scheme. The efficiency of the proposed scheme is higher than other related schemes.