Abstract
Password authenticated key agreement protocol allowsusers to use an easy-to-remember password and establish asecure session key with the help of a trusted server.Recently, Farash and Attari proposed an improved keyagreement protocol based on chaotic maps and theypointed out that Gong et al.'s protocol is vulnerable tostolen-verifier attack and password change pitfalls.However, in this paper, we analyze the security ofFarash-Attari's protocol and show that it fails to resistknown-key attack if the previous session key sharedbetween two parties is compromised. In addition, theirprotocol is insecure against many logged-in users' attackand the server is not aware of having caused problem. Tofill the security gaps, we further design an improvedprotocol for password authenticated key agreement withuser anonymity. To the best of our knowledge, none of therecently proposed password authenticated key agreementprotocols can ensure anonymous interactions between thelogin user and the remote server and this work is the firstattempt to provide a secure user anonymity protocolwithout using smart cards and symmetric keyen/decryptions in remote login environments.
Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
