Abstract
Recently many authentication protocols using an extended chaotic map were suggested for a mobile user. Many researchers demonstrated that authentication protocol needs to provide key agreement, mutual authentication, and user anonymity between mobile user and server and resilience to many possible attacks. In this paper, we cautiously analyzed chaotic-map-based authentication scheme and proved that it is still insecure to off-line identity guessing, user and server impersonation, and on-line identity guessing attacks. To address these vulnerabilities, we proposed an improved protocol based on an extended chaotic map and a fuzzy extractor. We proved the security of the proposed protocol using a random oracle and AVISPA (Automated Validation of Internet Security Protocols and Applications) tool. Furthermore, we present an informal security analysis to make sure that the improved protocol is invulnerable to possible attacks. The proposed protocol is also computationally efficient when compared to other previous protocols.
Highlights
Given recent developments in mobile telecommunications and the rapid spread of mobile devices, there is a growing importance of wireless and wired networking services that utilize bygone and current positional information from users carrying mobile devices with location tracking capabilities [1]
Since Lamport [2] presented the first authentication scheme based on passwords in 1981, various remote user authentication schemes [3, 4] based on passwords have been proposed
Since a server under a password-based remote user authentication protocol needs to store a verification table, which stores the password to determine the credentials of a remote user, the server arranges for extra storage for the verification table
Summary
Given recent developments in mobile telecommunications and the rapid spread of mobile devices, there is a growing importance of wireless and wired networking services that utilize bygone and current positional information from users carrying mobile devices with location tracking capabilities [1]. The problem with passwordbased authentication scheme is that it can be stolen or lost and making it difficult to remember on a regular basis For these reasons, many researchers have presented new remote user authentication protocols that use biometrics. Many attacks were demonstrated by Han [31] To overcome these vulnerabilities in [23], Han et al [24] presented an enhanced user authentication protocol using chaos and asserted that their protocol resists all possible attacks. Lee et al [25] presented an improved chaotic map-based authentication protocol, and He et al [29] proved that Lee et al.’s protocol does not resist DoS and insider attacks. (iii) Third, we analyze that the proposed protocol has better robustness and a lower computational cost with a performance analysis
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
