In the three-party password authenticated key agreement based on chaotic map,by using week passwords,users can share the session key in order to avoid security threats in the authentication process of a public key infrastructure or storing long-term key.By analyzing the chaotic map-based password authenticated key agreement protocols proposed by Lee,we find that the agreement cannot change the password.Besides,it can only be applied to the two-way communication between the user and the server.In order to improve this scheme,we propose two user-anonymous three-party password authentication key agreement protocols based on Chebyshev chaotic map:one is based on synchronized clocks,while the other is based on nonces.The protocol based on synchronized clocks has less traffic,while the protocol based on nonces is easier to implement.The advantage of the two protocols is that users selects only one simple password for mutual authentication and key negotiation.The server does not need to protect the user password table,which can avoid the password-related attacks.In addition,in the process of mutual authentication,the user uses a temporary identity and hash function to achieve the user anonymity,while enhancing the security of the protocol and reducing the number of messages in the communication process as well.As a result,the efficiency of the agreement is improved,with perfect forward security.And its security is proven by BAN logic.%在基于混沌的三方口令认证密钥协商协议中,用户通过低熵的口令实现相互认证和共享会话密钥,以避免在身份认证过程中公钥基础设施或存储用户长期密钥的安全威胁.通过分析Lee提出的基于混沌映射的口令认证密钥协商协议,发现其协议不能进行口令变更,而且仅适用于用户和服务器之间的两方通信.为了改进此方案,提出两个基于切比雪夫混沌映射的用户匿名三方口令认证密钥协商协议,包括基于时钟同步的密钥协商方案和基于随机数的密钥协商方案.其中基于时钟同步的用户匿名三方口令认证密钥协商协议通信量少,基于随机数的用户匿名三方口令认证密钥协商协议更容易实现.两个方案的优点是用户仅选择一个简单的口令进行相互认证和密钥协商,服务器不需要再保护用户口令表,避免了口令相关的攻击,而且在相互认证过程中用户使用临时身份和哈希函数,实现用户匿名性,在增强协议安全性的同时,减少了通信过程中消息的数量,提高了协议的执行效率,具有完美前向安全,并用BAN逻辑证明了其安全性.
展开▼
