RESUMO
Three-party authentication key exchange is a protocol that allows two users to set up a session key for encrypted communication by the help of a trusted remote server. Providing user anonymity and mutual authentication in the authentication key exchange is important security requirements to protect users' privacy and enhance its security performance. Recently Li proposed a chaotic maps-based authentication key exchange protocol which attempts to provide mutual authentication and user anonymity, but we found that there were some faults in the key exchange phase and password change phase of his scheme. We prove that Li's scheme does not provide user anonymity and that the user's privacy information is disclosed, and propose enhanced three-party authentication key exchange protocol that provides user anonymity and we analyse its security properties and verify its validity based on BAN logic and AVISPA tool.
Assuntos
Segurança Computacional , Telemedicina , Confidencialidade , Sistemas de Informação , PrivacidadeRESUMO
Three-party authentication key exchange (3PAKE) is a protocol that allows two users to set up a common session key with the help of a trusted remote server, which is effective for secret communication between clients in a large-scale network environment. Since chaotic maps have superior characteristics, researchers have recently presented some of the studies that apply it to authentication key exchange and cryptography. Providing user anonymity in the authentication key exchange is one of the important security requirements to protect users' personal secrets. We analyse Lu et al.'s scheme which attempts to provide user anonymity and we prove that his scheme has errors in the key exchange phase and password change phase. We propose a round-effective three-party authentication key exchange (3PAKE) protocol that provides user anonymity and we analyse its security properties based on BAN logic and AVISPA tool.