Efficient and Secure Temporal Credential-Based Authenticated Key Agreement Using Extended Chaotic Maps for Wireless Sensor Networks
Abstract
:1. Introduction
1.1. Our Contributions
1.2. Enhanced Chebyshev Polynomial and Extended Chaotic Maps
1.2.1. Enhanced Chebyshev Polynomial
1.2.2. Extended Chaotic Map-Based Discrete Logarithm Problem
1.2.3. Extended Chaotic Map-Based Diffie-Hellman Problem
1.3. Organization of the Paper
2. The Temporal Credential-Based Scheme of Li et al. and Its Weaknesses
IDi, PWi | Identity and password pair of user Ui |
SIDj | Pre-configured identity of the sensor node Sj |
KGWN_U, KGWN_S | The long-term secret keys only known to GWN. |
p | A large prime number |
TCRi, TCRj | A temporal credential issued by GWN to Ui / Sj |
Ei | The expiration time of Ui’s temporal credential. |
t1,t2,…,t6 | The timestamp values. |
Δt | The expected time interval for the transmission delay. |
h(.) | A collision free one-way hash function [28] |
A→B:M | A sends message M to B through a common channel. |
⊕ | The exclusive-or (XOR) operation |
M1||M2 | Message M1 concatenates to message M2. |
2.1. Review of the Temporal Credential-Based Scheme of Li et al.
2.1.1. Pre-Registration Phase
2.1.2. Registration Phase
- (1)
- Registration phase for users
- Step 1:
- Ui → GWN: {IDprei, t1,VIi, CIi, DIi}Ui selects his/her IDi, password PWi, and a random number ri, computes and sends {IDprei, t1, VIi, CIi, DIi} to GWN, where VIi = h(t1||h(IDprei||PWprei)), CIi = h(IDprei||PWprei) ⨁ h(IDi||PWi||ri), DIi = IDi ⨁ h(IDprei||PWprei) and t1 is the current timestamp.
- Step 2:
- GWN → Ui: {h(Qi), smartcard}GWN checks the validity of t1, retrieves h(IDprei||PWprei) by using IDprei, computes VIi* = h(t1||h(IDprei||PWprei)) and checks VIi* =? VIi. Then GWN computes Qi = CIi ⨁ h(IDprei||PWprei) = h(IDi||PWi||ri), DIi = IDi ⨁ h(IDprei||PWprei), Pi = h(IDi||Ei), TCRi = h(KGMN_U||Pi||Ei) and PTCi = TCRi ⨁ Qi and personalizes the smart card for Ui with the parameters: {h(.), h(Qi), Ei, PTCi}. GWN maintains a write protected file, where the status-bit indicates the status of the user, i.e., when Ui is logged-in to GWN, the status-bit is 1, otherwise it is 0. Finally, GWN sends h(Qi) and smart card to Ui.
- Step 3:
- Ui and authenticates GWN by checking h(h(IDi||PWi||ri)) =? h(Qi) and enters ri into his/her smart card. Then the smart card contains {h(.), h(Qi), Ei, PTCi, ri}.
- (2)
- Registration phase for sensor nodes
- Step 1:
- Sj → GWN: {SIDj, t2,VIj}Sj computes VIj = h(t2||h(SIDj||rj)) and sends {SIDj, t2,VIj} to GWN, where t2 is the current timestamp.
- Step 2:
- GWN → Sj: {t3, Qj, REGj}GWN checks the validity of t2, retrieves h(SIDj||rj) by using SIDj and computes VIj* = h(t2||h(SIDj||rj)), checks VIj* =? VIj, computes TCRj = h(KGMN_S||SIDj), Qj = h(t3||h(SIDj||rj)) and REGj = h(h(SIDj||rj)||t3) ⨁ TCRj, and sends {t3, Qj, REGj} to Sj, where t3 is the current system timestamp.
- Step 3:
- Sj checks the validity of t3 and h(t3||h(SIDj||rj)) =? Qj, computes its temporal credential TCRj = REGj ⨁ h(h(SIDj||rj)||t3) and stores it.
2.1.3. Login Phase
- Step 1:
- Ui inserts his/her smart card into a card reader and enters IDi and PWi.
- Step 2:
- The smartcard retrieves ri, computes Qi' = h(IDi||PWi||ri) and checks h(Qi') =? h(Qi). If successful, Ui passes the verification, allows to read the information stored in the smartcard, and computes TCRi = PTCi ⨁ Qi'.
2.1.4. Authentication and Key Agreement Phase
- Step 1:
- Ui → GWN: {DIDi, Ci, PKSi, t4, Ei, Pi}Ui computes DIDi = IDi ⨁ h(TCRi||t4), Ci = h(h(IDi||PWi||ri)||t4) ⨁ TCRi, PKSi = Ki ⨁ h(TCRi||t4||"000"), and sends {DIDi, Ci, PKSi, t4, Ei, Pi} to GWN, where t4 is the current timestamp.
- Step 2:
- GWN → Sj: {t5, DIDi, DIDGWN, CGWN, PKSGWN}GWN checks the validity of t4, computes TCRi* = h(KGMN_U||Pi||Ei) and IDi = DIDi ⨁ h(TCRi*||t4) and retrieves Ui's password-verifier of Qi = h(IDi||PWi||ri) by using IDi. Then, GWN further computes Ci* = h(Qi ||t4) ⨁ TCRi*, verifies Ci* =? Ci, sets the status-bit as “1” and records t4 in the 4th field of the identity table. GWN computes Ki = PKSi ⨁ h(TCRi*||t4||"000") and chooses a nearby suitable sensor node Sj as the accessed sensor node. GWN further computes Sj’s temporal credential TCRj = h(KGWN_S||SIDj), DIDGWN = IDi ⨁ h(DIDi||TCRj||t5), CGWN = h(IDi||TCRj||t5) and PKSGWN = Ki ⨁ h(TCRi||t5) and sends {t5, DIDi, DIDGWN, CGWN, PKSGWN} to Sj, where t5 is the current timestamp of GWN.
- Step 3:
- Sj → GWN, Ui: {SIDj, t6, Cj, PKSj}Sj checks the validity of t5, computes IDi = DIDGWN ⨁ h(DIDi||TCRj||t5) and CGWN* = h(IDi||TCRj||t5), and checks CGWN* =? CGWN. If unsuccessful, Sj terminates this session; otherwise, Sj convinces that the received message is from a legitimate GWN. Moreover, Sj computes Ki = PKSGWN ⨁ h(TCRi||t5), Cj = h(Kj||IDi||SIDj||t6) and PKSj = Kj ⨁ h(Ki||t6) and sends {SIDj, t6, Cj, PKSj} to GWN and Ui, where t6 is the current timestamp of Sj.
- Step 4:
- Ui and GWN separately computes Kj = PKSj ⨁ h(Ki||t6) and Cj*= h(Kj||IDi||SIDj||t6). GWN authenticates Sj by checking Cj* =? Cj. Ui authenticates Sj and GWN by checking Cj* =? Cj. Finally, Ui and Sj computes a common session key Kij = h(Ki||Kj) for later securing communications.
2.2. Weaknesses of Temporal Credential-Based Scheme of Li et al.
2.2.1. Vulnerability to Impersonation Attacks
- Step 1:
- First, the adversary A retrieves Pi using Ei. In the authentication and key agreement phase, A can compute DIDi =IDi ⨁ h(TCRi||t4), Ci = h(h(Qi||t4)⨁TCRi), PKSi = Ki ⨁ h(TCRi||t4||"000"), where t4 is the current timestamp. Then, A successfully impersonates Ui and sends {DIDi, Ci, PKSi, t4, Ei, Pi} to GWN.
- Step 2:
- GWN checks t4, computes TCRi* =h(KGWN_U||Pi||Ei) and IDi =DIDi ⨁ h(TCRi*||t4), Ci* = h(h(Qi||t4)⨁TCRi*) and verifies Ci* =? Ci*. Then, GWN computes Ki = PKSi ⨁ h(TCRi||t4||"000"), TCRj =h(KGWN_S||SIDj), DIDGWN = IDi ⨁ h(DIDi||TCRj||t5), CGWN = h(IDi||TCRj||t5) and PKSGWN = Ki ⨁ h(TCRi||t5) and sends {t5, DIDi, DIDGWN, CGWN, PKSGWN} to Sj, where t5 is the current timestamp of GWN.
- Step 3:
- Sj checks t5, computes IDi = DIDGWN ⨁ h(DIDi||TCRj||t5), CGWN* = h(IDi||TCRj||t5), Ki = PKSGWN ⨁ h(TCRi||t5)and Cj = h(Kj||IDi||SIDj||t6); verifies CGWN* =? CGWN, and responds by sending {SIDj, t6, Cj, PKSj} to GWN and A, where PKSj = Kj ⨁ h(Ki||t6). Finally, A computes Kj = PKSj ⨁ h(Ki||t6) and shares the common session key Kij = h(Ki||Kj) with Sj.
2.2.2. Failure to Protect the Privacy of Users
2.2.3. Vulnerability to Stolen Verifier Attacks
- Step 1:
- A → GWN: {DIDi**, Ci t4**, PKSi, t4**, Ei, Pi}A randomly selects Ki**, computes DIDi** = IDi ⨁ h(TCRi||t4**), Ci** = h(Qi||t4**) ⨁ TCRi and PKSi** = Ki** ⨁ h(TCRi||t4**||"000"), where t4** is the current timestamp, and sends {DIDi**, Ci t4**, PKSi, t4**, Ei, Pi} to GWN.
- Step 2:
- GWN → Sj: {t5, DIDi**, DIDGWN, CGWN, PKSGWN}GWN validates t4**, computes TCRi* = h(KGMN_U||Pi||Ei) and IDi = DIDi** ⨁ h(TCRi*||t4**), and retrieves Qi = h(IDi||PWi||ri). Then, GWN verifies h(Qi ||t4**) ⨁ TCRi* = Ci**, computes Ki = PKSi ⨁ h(TCRi*||t4**||"000") , TCRj = h(KGWN_S||SIDj), DIDGWN = IDi ⨁ h(DIDi**||TCRj||t5), CGWN = h(IDi||TCRj||t5) and PKSGWN = Ki ⨁ h(TCRi||t5), and sends {t5, DIDi**, DIDGWN, CGWN, PKSGWN} to Sj, where t5 is the current timestamp of GWN.
- Step 3:
- Sj → GWN, Ui: {SIDj, t6, Cj, PKSj}Sj validates t5. If successful, Sj computes IDi = DIDGWN ⨁ h(DIDi**||TCRj||t5) and CGWN* = h(IDi||TCRj||t5) and checks CGWN* =? CGWN, computes Ki** = PKSGWN ⨁ h(TCRi||t5), Cj = h(Kj||IDi||SIDj||t6) and PKSj = Kj ⨁ h(Ki**||t6) and sends out {SIDj, t6, Cj, PKSj}.
- Step 4:
- Upon receiving {SIDj, t6, Cj, PKSj}, A computes Kj = PKSj ⨁ h(Ki**||t6) and a common session key Kij = h(Ki||Kj) that is shared with Sj.
3. Proposed Temporal Credential-Based Scheme Using Chaotic Maps for WSNs
3.1. Parameter Generation Phase
- Step 1:
- The gateway node GWN randomly selects KGWN as its master secret key.
- Step 2:
- GWN computes PKG = TKGWN(x) mod p, where x is a random number, p is a large prime number and (PKG, T(.), x, p) are public parameters.
3.2. Pre-Registration Phase
3.3. Registration Phase
3.3.1. Registration Phase for Users
- Step 1:
- Ui → GWN: {X0, X1, REGi, t1}Ui chooses his/her identity IDi, password PWi, random numbers r and ri, and computes KUG = Tr(PKG) mod p, X0 = Tr(x) mod p, REGi = KUG ⨁ (IDprei║IDi║h(IDi║PWi║ri), and X1 = h(KUG║h(IDi║PWi║ri)║t1), where t1 is the current timestamp. Then Ui sends {X0, X1, REGi, t1} to GWN.
- Step 2:
- GWN → Ui: {Y0, Y1}Upon receiving the register message form Ui, GWN checks the validity of t1 and computes KUG = TKGWN(X0) mod p and IDprei║IDi║h(IDi║PWi║ri) = REGi ⨁ KUG, and extracts (IDprei, IDi, h(IDi║PWi║ri)). If GWN successfully checks h(KUG║h(IDi║PWi ║ri)║t1) =? X1 and verifies that IDprei is in GWN’s storage and has not been registered, then generates an expiration time Ei, and computes Ui’s temporal credential TCRi= h(KGMN||IDi||Ei), D1= TCRi⨁ h(IDi║PWi║ri), Y0 = D1 ⨁ h(KUG║t1) and Y1 = h(D1║KUG║t1). Then, GWN sends {Y0, Y1} to Ui. GWN also stores (h(IDi), Ei) in its storage and maintains a status-bit b and a last login field to indicate the status of the user. If Ui logins GWN, b = 1, otherwise b = 0.
- Step 3:
- After receiving the response message form GWN, Ui computes D1 = Y0 ⨁ h(KUG║t1), checks h(D1║KUG║t1) =? Y1. If successful, Ui inserts (D1, PKG, T(.), x , p, h(.), ri) into a smartcard and finishes the registration.
3.3.2. Registration Phase for Sensor Nodes
- Step 1:
- Sj → GWN: {SIDj, Z0, t2}Sj computes REGj = h(SIDj║rj), Z0 = h(REGj║t2), and sends {SIDj, Z0, t2} to GWN, where t2 is the current timestamp.
- Step 2:
- GWN → Sj: {SIDj, Y2, Y3}Upon receiving {SIDj, Z0, t2}, GWN successfully checks the validity of t2 and h(REGj||t2) =? Z0 and verifies that SIDj has not been registered, then computes Sj’s temporal credential TCRj = h(KGWN║REGj), Qj = TCRj ⨁ REGj, Y2 = TCRj ⨁ h(t2║REGj), Y3 = h(TCRj║REGj║t2) stores (SIDj, Qj) in its storage, and sends {SIDj, Y2, Y3} to Sj.
- Step 3:
- Sj computes its temporal credential TCRj = Y2 ⨁ h(t2║REGj), checks h(TCRj║REGj║t2) =? Y3, and stores (SIDj, TCRj, REGj, T(.), x, p, h(.)) in its storage.
3.4. Login and Authentication Phase
- Step 1:
- Ui → GWN: M1 = {DIDi, X2, X3, t3}Ui inserts his smart card, inputs IDi, and PWi, computes TCRi = D1 ⨁ h(IDi║PWi║ri), generates a random number u, calculates K1 = Tu(PKG) mod p, DIDi = IDi ⨁ K1 and X2 = Tu(x) mod p, X3 = h(IDi║K1║TCRi║t3), where t3 is the current timestamp, and sends M1 = {DIDi, X2, X3, t3} to GWN.
- Step 2:
- GWN → Sj: M2 = {DIDG, X2, Y4, t4}Upon receiving M1, GWN checks the validity of t3. If unsuccessful, GWN rejects this service request; Otherwise GWN computes K1' = TKGWN(X2) mod p, IDi' = DIDi ⨁ K1', retrieval Ei by h(IDi'), computes TCRi = h(KGMN||IDi'||Ei), and checks the status-bit, X3 =? h(IDi'║K1║TCRi║t3). If unsuccessful, GWN rejects this service request; Otherwise GWN updates the status-bit, and chooses an accessed sensor node sensor node Sj which is nearby and suitable, computes K2 = h(Qj║t4), DIDG = IDi' ⨁ K2, Y4 = h(Qj║IDi'║X2║t4), where t4 is the current timestamp, and sends M2 = {DIDG, X2, Y4, t4} to Sj.
- Step 3:
- Sj → GWN: M3 = {Z1, Z2, Z3, t5}Upon receiving M2, Sj checks the validity of t4. If unsuccessful, Sj aborts this service request; Otherwise Sj computes Qj = TCRj ⨁ REGj, K2' = h(Qj║t4), IDi" = DIDG ⨁ K2', and checks Y4 =? h(Qj║IDi"║X2║t4). If unsuccessful, Sj still aborts this service request; Otherwise, Sj generates v, calculates Z1 = Tv(x) mod p, sk = Tv(X2) mod p, Z2 = h(K2'║IDi"║SIDj║t5), Z3 = h(sk║IDi"║SIDj║t5), where t5 is the current timestamp, and sends M3 = {Z1, Z2, Z3, t5} to GWN.
- Step 4:
- GWN → Ui: M4 = {SIDj, Z1, Z3, t5}Upon receiving M3, GWN checks the validity of t5. If unsuccessful, GWN rejects this request; Otherwise, GWN authenticates Sj by checking Z2 =? h(K2║IDi'║SIDj║t5), and sends M4 = {SIDj, Z1, Z3, t5} to Ui.
- Step 5:
- Upon receiving M4, Ui checks the validity of t5. If unsuccessful, Ui aborts this request; Otherwise, Ui computes sk' = Tu(Z1) mod p and authenticates GWN and Sj by checking Z3 =? h(sk'║IDi║SIDj║t5). Finally, Ui and Sj obtain a common session key sk = Tuv(x) mod p for later securing communications.
3.5. Password Change Phase
- Step 1:
- Ui inserts his smart card and inputs his/her identity IDi, old password PWi, and a new password PWi'.
- Step 2:
- The smart card computes Qi = h(IDi║PWi║ri) and Qi' = h(IDi║PWi'║ri) and D1' = D1 ⨁ Qi ⨁ Qi'. Then the smart card replaces D1 with D1'.
4. Security Analyses
4.1. Communication Model
4.1.1. Communicating Participants:
4.1.2. Oracle Queries:
- (1)
- Send(ΠVm, M): This query models the capacity of an adversary A to control all communications in P. A sends a message M to oracle ΠVm; then ΠVm sends back a response message using P. A can initiate the execution of P by sending a query (ΠVm, "start") to a user oracle ΠVm.
- (2)
- Corrupt(V): This query models the perfect forward secrecy of P, meaning that a compromised long-lived key fails to endanger previous session keys. The adversary A sends a corrupt query to a participant V, and returns V's long-life key.
- (3)
- Hash(M): This query models adversary A’s reception of hash results by sending queries to a random oracle Ω. Upon receiving a query, Ωchecks whether a record (M, r) has been queried and recorded in the H-table. If (M, r) in the H-table, then Ω replies r to A; otherwise it returns a nonce r', and keeps (M, r') in the H-table.
- (4)
- Reveal(ΠVm): This query models the known key security of P: a compromised session key fails to reveal other session keys, and is only available if oracle ΠVm has accepted.
- (5)
- Test(ΠVm): This query models the session key security to determine the indistinguishability of the real session key from a random string. During the execution of scheme P, adversary A sends queries to the oracle, including a single Test query at any time. Then, ΠVm flips an unbiased coin c. If c equals 1, then ΠVm returns the real session key sk; otherwise, it returns a random string to A.
4.2. Security Definitions
4.2.1. Partnering: Two user oracles ΠUim and ΠSjn are partnered if:
- (1)
- ΠUim and ΠSjn directly exchange message flows and
- (2)
- only ΠUim and ΠSjn have the same session key sk.
4.2.2. Freshness: An Oracle ΠUim is Fresh in P if:
- (1)
- ΠUim or ΠSjn has accepted a session key sk and
- (2)
- ΠUim and ΠSjn have not been sent a Reveal query.
4.2.3. Session Key Security (AKE Security):
4.2.4. Mutual Authentication (MA Security)
4.3. Providing Session Key Security (AKE Security)
4.4. Providing Mutual Authentication
- —
- When receiving Send or Hash queries involving Ui and GWN, and involving GWN and Sj, A1 replies the results by executing the proposed scheme.
- —
- When receiving Hash queries involving Ui and Sj, A1 replies corresponding authenticators to Ama by making the same queries to the oracle Hash involving Ui and Sj.
- —
- When receiving Test queries, A1 replies these queries by using the coin bit c that it has previously selected and the computed session keys.
4.5. Protecting Privacy of Users
4.6. Resistance to Privileged Insider Attacks
4.7. Resistance to Impersonation Attacks
4.8. Resistance to Off-Line Password Guessing Attacks
4.9. Resistance to Undetectable On-Line Password Guessing Attacks
4.10. Resistance to Stolen Verifier Attacks
4.11. Resistance to Lost Smartcard Attacks
4.12. Resistance to Many Logged-in Users Attacks
5. Performance Analyses and Functionality Comparisons
5.1. Performance Analyses
Yeh et al. [16] | Xue et al. [8] | Li et al. [9] | Kim et al. [35] | Our Scheme | ||
---|---|---|---|---|---|---|
Ui | 2 Te + 1 Th | 7 Th | 9 Th | 8 Th | 3 Tc + 3 Th | |
Computations | Sj | 2 Te + 3 Th | 5 Th | 6 Th | 2 Th | 2 Tc + 4 Th |
GWN | 4 Te + 4 Th | 10 Th | 11 Th | 8 Th | 1 Tc + 6 Th | |
Total | 8 Te + 8 Th | 22 Th | 26 Th | 18 Th | 6 Tc + 13 Th |
5.2. Functionality Comparisons
Yeh et al. [16] | Xue et al. [8] | Li et al. [9] | Kim et al. [35] | Our Scheme | |
---|---|---|---|---|---|
Providing mutual authentication | Yes | Yes | Yes | Yes | Yes |
Providing session key security | Yes | Yes | Yes | Yes | Yes |
Providing privacy protection | No | No | No | No | Yes |
Resisting privileged insider attacks | Yes | No | Yes | Yes | Yes |
Resisting to impersonation attacks | Yes | Yes | No | Yes | Yes |
Resisting password guessing attacks | No | No | Yes | Yes | Yes |
Resisting stolen verifier attacks | Yes | No | No | Yes | Yes |
Resisting lost smartcard attacks | No | No | Yes | Yes | Yes |
Resisting many logged-in users attacks | No | No | Yes | Yes | Yes |
6. Conclusions
Acknowledgments
Conflicts of Interest
References
- Delgado-Mohatar, O.; Fuster-Sabater, A.; Sierra, J.M. A light-weight authentication scheme for wireless sensor networks. Ad Hoc Netw. 2011, 9, 727–735. [Google Scholar] [CrossRef]
- Li, C.T.; Hwang, M.S. A lightweight anonymous routing protocol without public key en/decryptions for wireless ad hoc networks. Inf. Sci. 2011, 181, 5333–5347. [Google Scholar] [CrossRef]
- Li, Z.; Gong, G. Computationally efficient mutual entity authentication in wireless sensor networks. Ad Hoc Netw. 2011, 9, 204–215. [Google Scholar] [CrossRef]
- Das, A.K. Improving Identity-based Random Key Establishment Scheme for Large-scale hierarchical wireless sensor networks. Int. J. Netw. Secur. 2012, 14, 1–21. [Google Scholar]
- Mi, Q.; Stankovic, J.A.; Stoleru, R. Practical and secure localization and key distribution for wireless sensor networks. Ad Hoc Netw. 2012, 10, 946–961. [Google Scholar] [CrossRef]
- Jie, H.; Guohua, O. A public key polynomial-based key pre-distribution scheme for large-scale wireless sensor networks. Ad Hoc Sens. Wirel. Netw. 2012, 16, 45–64. [Google Scholar]
- Han, K.; Kim, K.; Choi, W.; Choi, H.H.; Seo, J.; Shon, T. Efficient authenticated key agreement protocols for dynamic wireless sensor networks. Ad Hoc Sens. Wirel. Netw. 2012, 14, 251–269. [Google Scholar]
- Xue, K.; Ma, C.; Hong, P.; Ding, R. A temporal-credential-based mutual authentication and key agreement scheme for wireless sensor networks. J. Netw. Comput. Appl. 2013, 36, 316–323. [Google Scholar] [CrossRef]
- Li, C.T.; Weng, C.Y.; Lee, C.C. An advanced temporal credential-based security scheme with mutual authentication and key agreement for wireless sensor networks. Sensors 2013, 13, 9589–9603. [Google Scholar] [CrossRef] [PubMed]
- Wong, K.H.M.; Zheng, Y.; Cao, J.; Wang, S. A dynamic user authentication scheme for wireless sensor networks. In Proceedings of the IEEE International Conference on Sensor Networks, Ubiquitous, and Trustworthy Computing, Taichung, Taiwan, 5–7 June 2007; pp. 32–58.
- Xu, J.; Zhu, W.; Feng, D. An improved smart card based password authentication scheme with provable security. Comput. Stand. Interfaces 2009, 31, 723–728. [Google Scholar] [CrossRef]
- Das, M.L. Two-factor user authentication scheme in wireless sensor networks. IEEE Trans. Wirel. Commun. 2009, 8, 1086–1090. [Google Scholar] [CrossRef]
- He, D.; Gao, Y.; Chan, S.; Chen, C.; Bu, J. An enhanced two-factor user authentication scheme in wireless sensor networks. Ad Hoc Sens. Wirel. Netw. 2010, 10, 361–371. [Google Scholar]
- Khan, M.K.; Alghathbar, K. Cryptanalysis and security improvements of two-factor user authentication in wireless sensor networks. Sensors 2010, 10, 2450–2459. [Google Scholar] [CrossRef] [PubMed]
- Song, R. Advanced smart card based password authentication protocol. Comput. Stand. Interfaces 2010, 32, 321–325. [Google Scholar] [CrossRef]
- Yeh, H.L.; Chen, T.H.; Liu, P.C.; Kim, T.H.; Wei, H.W. A secure authentication protocol for wireless sensor networks using elliptic curves cryptography. Sens. J. 2011, 11, 4767–4779. [Google Scholar] [CrossRef] [PubMed]
- Chen, T.H.; Shih, W.K. A robust mutual authentication protocol for wireless sensor networks. ETRI J. 2010, 32, 704–712. [Google Scholar] [CrossRef]
- Bergamo, P.; D’Arco, P.; Santis, A.; Kocarev, L. Security of public-key cryptosystems based on Chebyshev polynomials. IEEE Trans. Circuits Syst. I 2005, 52, 1382–1393. [Google Scholar] [CrossRef]
- Kocarev, L.; Tasev, Z. Public-key encryption based on Chebyshev maps. In Proceedings of the International Symposium on Circuits and Systems, Bangkok, Thailand, 25–28 May 2003; pp. III-28–III-31.
- Mason, J.C.; Handscomb, D.C. Chebyshev. Polynomials; Chapman & Hall/CRC: Boca Raton, Florida, FL, USA, 2003. [Google Scholar]
- Zhang, L. Cryptanalysis of the public key encryption based on multiple chaotic systems. Chaos Solitons. Fractals 2008, 37, 669–674. [Google Scholar] [CrossRef]
- Lee, C.C.; Chen, C.L.; Wu, C.Y.; Huang, S.Y. An extended chaotic maps-based key agreement protocol with user anonymity. Nonlinear Dyn. 2012, 69, 79–87. [Google Scholar] [CrossRef]
- Lee, C.C.; Hsu, C.W. A secure biometric-based remote user authentication with key agreement scheme using extended chaotic maps. Nonlinear Dyn. 2013, 71, 201–211. [Google Scholar] [CrossRef]
- Lee, T.F. An efficient chaotic maps-based authentication and key agreement scheme using smartcards for telecare medicine information systems. J. Med. Syst. 2013, 37. [Google Scholar] [CrossRef] [PubMed]
- Lee, T.F. Verifier-based three-party authentication schemes using extended chaotic maps for data exchange in telecare medicine information systems. Comput. Meth. Programs Biomed. 2014, 117, 464–472. [Google Scholar] [CrossRef] [PubMed]
- Farash, M.S.; Attari, M.A. An efficient and provably secure three-party password-based authenticated key exchange protocol based on Chebyshev chaotic maps. Nonlinear Dyn. 2014, 77, 399–411. [Google Scholar] [CrossRef]
- Lou, D.C.; Lee, T.F.; Lin, T.H. Efficient biometric authenticated key agreements based on extended chaotic maps for telecare medicine information systems. J. Med. Syst. 2015, 39. [Google Scholar] [CrossRef] [PubMed]
- Stallings, W. Cryptography and Network Security: Principles and Practice, 5th ed.; Pearson: Upper Saddle River, NJ, USA, 2011. [Google Scholar]
- Lee, T.F. User authentication scheme with anonymity, unlinkability and untrackability for global mobility networks. Secur. Commun. Netw. 2013, 6, 1404–1413. [Google Scholar] [CrossRef]
- Abdalla, M.; Pointcheval, D. Simple password-based authenticated key protocols. Proc. Topics in Cryptology—CT-RSA 2005; San Francisco, CA, USA, 14–18 February 2005; pp. 191–208. [Google Scholar]
- Bellare, M.; Pointcheval, D.; Rogaway, P. Authenticated key exchange secure against dictionary attacks. Proc. Adv. Cryptol. Eurocrypt 2000; Bruges, Belgium, 14–18 May 2000; pp. 122–138. [Google Scholar]
- Boyko, V.; MacKenzie, P.; Patel, S. Provably secure password-based authenticated key exchange protocols using Diffie-Hellman. Proc. Adv. Cryptol. Eurocrypt 2000; Bruges, Belgium, 14–18 May 2000; pp. 156–171. [Google Scholar]
- Lee, T.F.; Hwang, T. Provably secure and efficient authentication techniques for the global mobility network. J. Syst. Soft. 2011, 84, 1717–1725. [Google Scholar] [CrossRef]
- Shoup, V. Sequences of Games: A Tool for Taming Complexity in Security Proofs, Manuscript. Available online: http:// www.shoup.net (accessed on 18 January 2015).
- Kim, J.; Lee, D.; Jeon, W.; Lee, Y.; Won, D. Security analysis and improvements of two-factor mutual authentication with key agreement in wireless sensor networks. Sensors 2014, 14, 6443–6462. [Google Scholar] [CrossRef] [PubMed]
- Xiao, D.; Liao, X.; Deng, S. One-way hash function construction based on the chaotic map with changeable-parameter. Chaos Solitons Fractals 2005, 24, 65–71. [Google Scholar] [CrossRef]
- Wu, S.; Chen, K. An efficient key-management scheme for hierarchical access control in E-Medicine system. J. Med. Syst. 2012, 36, 2325–2337. [Google Scholar] [CrossRef] [PubMed]
- Cheng, Z.Y.; Liu, Y.; Chang, C.C.; Chang, S.C. Authenticated RFID security mechanism based on chaotic maps. Secur. Commun. Netw. 2013, 6, 247–256. [Google Scholar] [CrossRef]
© 2015 by the authors; licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution license (http://creativecommons.org/licenses/by/4.0/).
Share and Cite
Lee, T.-F. Efficient and Secure Temporal Credential-Based Authenticated Key Agreement Using Extended Chaotic Maps for Wireless Sensor Networks. Sensors 2015, 15, 14960-14980. https://doi.org/10.3390/s150714960
Lee T-F. Efficient and Secure Temporal Credential-Based Authenticated Key Agreement Using Extended Chaotic Maps for Wireless Sensor Networks. Sensors. 2015; 15(7):14960-14980. https://doi.org/10.3390/s150714960
Chicago/Turabian StyleLee, Tian-Fu. 2015. "Efficient and Secure Temporal Credential-Based Authenticated Key Agreement Using Extended Chaotic Maps for Wireless Sensor Networks" Sensors 15, no. 7: 14960-14980. https://doi.org/10.3390/s150714960