About this Journal Submit a Manuscript Table of Contents
Mathematical Problems in Engineering
Volume 2012 (2012), Article ID 454823, 17 pages
http://dx.doi.org/10.1155/2012/454823
Research Article

Applying Semigroup Property of Enhanced Chebyshev Polynomials to Anonymous Authentication Protocol

1School of Science, Beijing University of Posts and Telecommunications, Beijing 100876, China
2Information Security Center, Beijing University of Posts and Telecommunications, Beijing 100876, China
3National Engineering Laboratory for Disaster Backup and Recovery, Beijing University of Posts and Telecommunications, Beijing 100876, China

Received 15 May 2012; Accepted 22 June 2012

Academic Editor: Ming Li

Copyright © 2012 Hong Lai et al. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

Abstract

We apply semigroup property of enhanced Chebyshev polynomials to present an anonymous authentication protocol. This paper aims at improving security and reducing computational and storage overhead. The proposed scheme not only has much lower computational complexity and cost in the initialization phase but also allows the users to choose their passwords freely. Moreover, it can provide revocation of lost or stolen smart card, which can resist man-in-the-middle attack and off-line dictionary attack together with various known attacks.

1. Introduction

With rapid developments in limits and possibilities of communications and information transmissions, there is a growing demand of authentication protocol, which has greatly spurred research activities in authentication protocols' study. In general, the server authenticates the users by matching the user's identity and password after establishing a secure channel [1]. Since the server establishes a secure channel before asking identity/password information, an attacker can open a connection to a server thatdoes not respond when identity/password information is inquired by the server, which results in the consumption of the resources of the server. Moreover, the attacker can set up many connections and consume all the resources of the server. However, this method is vulnerable to denial of service (DoS) attack and cannot discriminate an impostor who fraudulently obtains access privileges (e.g., user's identity and password) from the real user. Later, Li and Hwang [2] proposed a biometrics-based remote user authentication scheme using smart cards. Soon, Li et al. [3, 4] improved Li and Hwang's scheme. There is no doubt that most existing authentication protocols only achieve “heuristic” security, that is, the underlying hardness assumptions of these protocols are not perfect. However, we discover the references [59], which contain the detection of the DDOS attacks by consuming all, or mostly, the resources of the server can be assured, providing a more hopeful line of investigation for us to future study.

Later, Bellovin and Merritt [10] firstly presented a two-party password authenticated key exchange (2PAKE) protocol which permits a user and a server to establish a session key over an insecure channel to address the problem mentioned above. In their protocol, each user just shares an easy-to-remember password with the trusted server. Regretfully, Patel [11] pointed out that it was easy for an adversary to guess the passwords used for authentication in Bellovin and Merritt's protocol. In order to avoid these attacks, many 2PAKE protocols with weak passwords for authentication have been presented by the researchers [1218]. However, in these 2PAKE protocols, every user has to share a different password with his/her peer. It is usually rather inconvenient for applications in large-scale communication environments. To surmount this weakness, three-party PAKE (3PAKE) protocols have been proposed in [1922]. Unlike 2PAKE protocols, 3PAKE protocol is a very practical mechanism to establish secure session key through authenticating each other with a trusted server's help. There are two common weaknesses in these schemes as follows. They needs more communications rounds to reduce computational load. However, as early as in 1995, Gong pointed out that the number of rounds is a key standard for weighing against the performance of a protocol. The sensitive table that stores the shared secret between the server and the designed users will be an attractive target leading to potential server compromise. In 2008, Chen et al. [23] proposed a round and computation-efficient three-party authenticated key exchange protocol, which addressed the above mentioned problems. However, we find that their scheme still exist following four drawbacks. It has computational efficiency problems in initialization phase. User has no choice in choosing his password. It cannot protect user anonymity. There is no provision for revocation of lost or stolen smart card, which is susceptible to man-in-the-middle attack.

Therefore, in this paper, password-based anonymous authentication protocol defined over enhanced Chebyshev polynomials is proposed. A number of outstanding mathematicians and numerical analysts have said that Chebyshev polynomials are everywhere dense in numerical analysis. There is scarcely any area of numerical analysis where Chebyshev polynomials do not drop in like surprise visitors, and indeed there are now a number of subjects in which these polynomials take a significant position in modern developments [24]. One is taken on a journey which leads into all areas of numerical analysis by studying Chebyshev polynomials. Moreover, due to the semigroup property of enhanced Chebyshev polynomials, the well-known discrete logarithm problem and the Diffie-Hellman problem are proved to hold in enhanced Chebyshev polynomials [25]. Thus, we apply semigroup property of enhanced Chebyshev polynomials to present an anonymous authentication protocol. Moreover, our proposed protocol has the following features.(1)It has much lower computational complexity and cost in the initialization phase.(2)It allows the users to choose their passwords freely.(3)It can provide revocation of lost or stolen smart card, which can resist man-in-the-middle attack.(4)There is no need to find primitive elements, large prime, and even large number.

The rest of this paper is organized as follows. Section 2 gives description of enhanced Chebyshev polynomials and some hard problems based on them. Section 3 briefly reviews Chen et al.'s protocol and describes its disadvantages. In Section 4, we apply semigroup property of enhanced Chebyshev polynomials to design an anonymous authentication protocol. We analyze the security of proposed scheme in Section 5, and computational efficiency analysis is made in Section 6. Finally, we conclude this paper in Section 7.

2. Preliminaries

In this section, we review some basic definitions concerning enhanced Chebyshev polynomials and some hard problems based on the enhanced Chebyshev polynomials [26].

Definition 2.1 (Chebyshev polynomials). The Chebyshev polynomials of degree are defined as
The recurrent formulas are where , and .
The first few Chebyshev polynomials are
It can be identified that Chebyshev polynomial has the following properties:(1)semigroup property as (2)chaotic property,

When , Chebyshev polynomials map of degree is a chaotic map with its invariant density as for Lyapunov exponent .

Definition 2.2 (enhanced Chebyshev polynomials). In order to enhance the property of the Chebyshev chaotic map, Zhang [27] proved that the semigroup property holds for Chebyshev polynomials defined on interval . This paper uses the following enhanced Chebyshev polynomials: where , and is a large prime number. Obviously,
So the semigroup property still holds and the enhanced Chebyshev polynomials also commute under composition.

Definition 2.3 (the discrete logarithm problem (DLP)). DLP is explained by the following. Given an element , find the integer , such that .

Definition 2.4 (the Diffie-Hellman problem (DHP)). DHP is explained by the following. Given an element , and the values of , , what is the value of ?

3. Review of Chen et al.'s Protocol

This section reviews Chen et al.'s protocol (showed in Figure 1). Some of the notations used in this protocol are defined in Table 1.

tab1
Table 1: Some of the notations used in Chen et al.'s protocol.
454823.fig.001
Figure 1: Authenticated key exchange phase in Chen et al.'s protocol.
3.1. Initialization Phase

In this phase, and ought to register with to be legal participants, and should choose issue secret keys, which will be used in the subsequent phase. Through taking for an example, executes the following steps to authorize .(1)Randomly choose and calculate .(2)Generate signature as 's self-verified token, where  , , and .(3)Store the authentication information into a smart card and then deliver it to in a secure way.

To test whether is authorized by , retrieves as , and then verifies .

Similarly, after obtains the authorization information stored in the smart card from , he can ensure that whether is valid by using the method mentioned above.

3.2. Authentication key Exchange Phase

This phase aims to establish the session key with 's help. It just needs three rounds to achieve this goal.

Round 1:
(1)Randomly choose an integer and compute   , , then transmits and to ; where is the time stamp obtained by from the local clock to ensure the freshness of the message.(2)   transmits and to .

Round 2:
After receiving the message from , does the following steps.(1)Randomly choose an integer and compute , , and send to , where is the time stamp obtained by from the local clock to ensure the freshness of the message.(2)Calculate the session key and then transmit to .

Round 3:
In this round, does the following steps.(1)Verify whether is fresher than the one received in the last request. If so, apply to computing and , and then compute . In the following, test to authenticate the identity of ; if it holds, calculates and transmits it to .(2)Test whether is fresher than the one received in the last request. If so, calculates and computes . Then, check to authenticate the identity of ; if it holds, calculates and transmits it to .(3)Independently, tests whether is in a valid period, where is the time when the message transmitted from after Round 2 was received. If so, uses the received to compute the session key . Then, it computes and checks to authenticate ; if it holds, computes and sends it to .

After this round, tests whether is in a valid period, where is the time when was received. If so, calculates and tests to verify the correctness of . If it holds, finishes this protocol.

Similarly, tests if is in a valid period, where is the time when was received. If so, calculates and tests to verify the correctness of . If it holds, completes this protocol.

3.3. Disadvantages of Chen et al.'s Protocol

In this section, we argue that Chen et al.'s scheme still has four disadvantages. The detailed description of the weaknesses is as follows.

3.3.1. Computational Efficiency Problem

In the initialization phase of Chen et al.'s protocol, has to compute all the authenticated information for and for . Server has to perform two modular exponentiation operations, which are more expensive than other operations in Chen et al.'s protocol. Hence, it has low efficiency in this phase.

3.3.2. Lack of User Friendliness

In Chen et al.'s scheme, the password is chosen by the server without the consent of , thus, can only passively accept the password from . It is not practical for real life applications, such as on-line banking and e-mail subscription. Moreover, chosen by the server could be long and random (e.g., 160 bits), which might be difficult for a registered user to remember easily, and it is most likely that may forget this long and random password if he is not frequently using the system. Hence, Chen et al.'s scheme has lack of user friendliness.

3.3.3. No Protecting User Anonymity

In authenticated key exchange phase of Chen et al.'s scheme, are sent to over insecure channel in the authentication message: , . In certain authentication scenarios, such as e-voting and secret online-order placement, it is fairly crucial to protect the privacy of a user. Once an attacker sniffs the communication parties involved in the authentication process, he can easily analyze the transaction being performed by users. Hence, Chen et al.'s scheme fails to provide the user anonymity in the authentication phase.

3.3.4. No Provision for Revocation of Lost or Stolen Smart Card

In case the smart card is lost or stolen, the attacker may impersonate the legal user using the lost or stolen smart card, so there should be a mechanism to ensure that the system can revoke the lost or stolen smart card to avoid the possible attacks. Providing for revocation is also one of the requirements of smart card-based authentication protocols. By keeping record of valid card identifier of every registered user, the authentication system can tell the valid card from the invalid one. Regretfully, Chen et al.'s scheme ignored this feature and there is no mechanism to revoke the lost smart card. Moreover, the drawback would become catastrophic if an attacker has got the lost smart card by accident and has revealed the authentication message of a legal user by any means to login into the system for performing secure transaction, such as on-line banking and e-commerce. Thus, Chen et al.'s scheme failed to provide the important feature of smart card-based authentication for revoking the lost smart cards without changing the user's identities.

3.3.5. Man-in-the-Middle Attack

Due to Section 3.3.4, unqualified users can easily launch a man-in-the-middle attack when the smart card is stolen. The steps of the attack is outlined in Figure 2 and explained as follows.

454823.fig.002
Figure 2: Man-in-the-middle attack in Chen et al.'s protocol.

Suppose an adversary had stolen the smart card from the legal user, then he can obtain the authenticated values and . Let be 's ephemeral public key, and is chosen by . Then, he replaces and with and in Round 3. The notation “” denotes the transmitted message that is manipulated by . The purpose of is to share a session key with by posing as and to share a session key with by posing as . The specific process is as follows.

Round 1:

Round 2:
When receiving the message from , calculates the session key with , as , , then calculates the session key with as , .

Round 3:

In this round, because obtains the value , he can compute for mutual authentication with ; similarly, can also use to calculate for mutual authentication with .
When receiving the values and , and authenticate the server using their own parameters. Then computes for , it confirms if is valid from its own knowledge. calculates and sends it to to achieve session key agreement.
Finally, has shared the session key with and with . In this case, the authenticate mechanism of the Chen et al.'s protocol does not help.

4. An Anonymous Authentication Protocol Using Semiproperty of Enhanced Chebyshev Polynomials

To surmount serious latency security problems in the Chen et al.'s protocol, we apply semigroup property of enhanced Chebyshev polynomials to designing a new anonymous authentication protocol.

4.1. Notations

In the section, we describe some of the notations used in our protocol (Table 2).

tab2
Table 2: Some of the notations used in our paper.
4.2. Initialization Phase

In this phase, the users and the server need some intercommunication for user's registration.

We take for an example. To register with to become a valid user , and will do the following steps.(1) : freely chooses an easy-to-remember password and identity , then computes and sends to .(2) When receiving from , first tests if . If , should ask to submit a different password.(3) : Then, computes , for convenience, stores into a smart card and then delivers it to face to face.

Of course, registers with in the same way.

4.3. Authentication Key Exchange Phase

This phase aims to establish a session key . To achieve this goal, and first compute and using their own passwords and the public key of as their authentication information respectively. Note that can be precomputed. This phase also includes three rounds (shown phase in Figure 3) and the detailed descriptions are as follows.

454823.fig.003
Figure 3: Authenticated key exchange phase in our proposed protocol.

Round 1:
(1)Calculates and , then transmits and to S; where the meaning of is the same as that in the Chen et al.'s protocol.(2)  A transmits and to .

Round 2:
On receiving the request transmitted from , does the following steps.(1)calculates and sends to ; the meaning of is the same as that in the Chen et al.'s protocol.(2) calculates the session key and transmits to .

Round 3:
In this round, does the following steps.(1)Verify if is in a valid time interval. If so, decrypts with his private key to reveal and . Then, calculates and computes . Finally, test , if it holds, calculates and transmits it to .(2)Test whether is in a valid time interval. If so, calculates and computes . Then, he tests , if it holds, calculates , and transmits it to .(3)Independently, tests if is in a valid period, where is the time when received the message from . If so, calculates and ; then, tests ; if it holds, calculates and sends it to .
After this round, tests if is in a valid period, where is the time when was received. If so, calculates and tests to verify the correctness of . If it holds, finishes this protocol.
Similarly, tests if is in a valid period, where is the time when was received. If so, calculates and tests to verify the correctness of . If it holds, finishes this protocol.

5. Security Analysis

The enhanced scheme is a modified form of the Chen et al.'s scheme. Hence, we just discuss the enhanced and some important security features of the proposed scheme instead of discussing the security analysis that has been already shown in [23]. Before analyzing the security properties, we stress the following two facts to prove security that authenticated key agreement protocol should meet. It is widely believed that there is no polynomial-time algorithm to solve DLP and DHP based on enhanced Chebyshev polynomials with nonnegligible probability. The chaotic hash function has collision-free and irreversible properties.

5.1. Securely Chosen and Update Password

In our proposed scheme, is able to freely choose and change his password without any hassle of contacting the server . Any users except cannot change or update the password without knowing the corresponding valid and of the smart card holder.

5.2. Revocation of Smart Card

In our proposed scheme, if 's smart card is stolen or lost, he can request the server to revoke his smart card for future use. can revoke the smart card directly. If an adversary who steals 's smart card wants to derive from , this will be impossible, because just knows the secret key , and he is faced with the discrete logarithm problem (DLP) too. Hence, the old smart card becomes useless for future use.

5.3. The Proposed Protocol Can Resist Man-in-the-Middle Attack

Due to , if the adversary attempts to login to , it needs to derive / from /. However, it is widely believed that there is no polynomial-time algorithm to solve DLP based on enhanced Chebyshev polynomials with nonnegligible probability. Moreover, because just knows the secret key , he even cannot obtain . So the adversary cannot compute . Due to the same reason, the adversary cannot calculate either, that is, our protocol can resist man-in-the-middle attack.

5.4. Protection of User Anonymity

The anonymity feature of users is that the real identity of user should be protected from being revealed by any other entity except . Our protocol can preserve the identity anonymity for any user which can be explained as follows.

is hidden in . Because just knows the secret key , even if adversary can obtain from the stolen smart card, he still cannot decrypt .

5.5. The Proposed Protocol Can Provide Mutual Authentication

Similarly to Chen et al.'s scheme, we analyze this property from three aspects: authentications among , , and .

Case 1. and To authenticate , needs to suppose that they own the same session key. In this protocol, is responsible for confirming both the origin and integrity of the received message in step to help them authenticate each other. ensures that the received messages and are truly sent from and , respectively, and that no modification has occurred. Meanwhile, sends the respective evidence and for the origin and the integrity of and . Based on the premise that is trustworthy, / is convinced that the origin of / is when the validity of / is verified. As only / knows the secret / of /, the common session key is generated by / as . Because the session key is only known by /, no one can forge a valid or . Therefore, mutual authentication between and is achieved while the session key confirmation is guaranteed.

Case 2. and To achieve the mutual authentication between and , on the one hand, has to verify the validity of the evidence . On the other hand, must test the validity of to authenticate . These evidences are computed with the common secret key. Because only and know the common secret key , where equals , no one can counterfeit the evidence. When validity of and is tested by and , respectively, the integrity of the transmitted message from that contains is confirmed by and the integrity of evidence from is confirmed by . Thus, mutual authentication between and is achieved.

Case 3. and The analysis of the mutual authentication between and is done likewise. Except and , no one knows the secret key . Therefore, mutual authentication between and is achieved by verifying the validity of and , respectively.

5.6. The Proposed Protocol Can Resist Bergamo et al.'s Attack

In addition, because our protocol is based on semigroup property of enhanced Chebyshev polynomials, we should consider Bergamo et al.'s attack [20]. Bergamo et al.'s attack is based on the condition that an adversary can obtain the related elements and . In the proposed protocol, an attacker could get and easily, but they cannot obtain and , even though the attacker is a legal user. Besides, the proposed protocol utilizes the enhanced Chebyshev polynomials, in which the periodicity of the cosine function is avoided by extending the interval of from to . Therefore, the attacker have no way to perform a successful attack using Bergamo et al.'s method.

5.7. The Proposed Protocol Can Resist Off-Line Dictionary Attack

In the off-line dictionary attack, the adversary can recode all transmitted messages in the initialization phase and attempt to guess using identities and passwords from the recorded massages. An attacker tries to obtain identity and password verification information from , he must guess correctly at the same time. However, the probability of guessing the three numbers correctly in the same attempt is nearly zero. Furthermore, even if the attacker guesses one parameter correctly, he or she cannot verify it with any password verifier information. Hence, the proposed protocol is secure against off-line dictionary attack.

According to the above analysis, we list the security properties' comparison of Chen et al.'s protocol and our protocol in Table 3.

tab3
Table 3: Comparison of security properties.

6. Computational Efficiency Analysis

The proposed protocol is achieved through DLP and DHP problems based on enhanced Chebyshev polynomials. It enjoys the following advantages. In the initial phase, we take for example, only needs to test , where denotes the users' component of authentication information and computes . However, in Chen et al.'s protocol, has to compute . In a word, our protocol greatly reduces the computational complexity and computational cost. Hence, our scheme is more efficient and practical. can be precomputed off-line in our protocol, which improves the computational efficiency and saves communication bandwidth. The detailed comparison is shown in Table 4.

tab4
Table 4: Comparison of computation overhead in initialization phase.

7. Conclusion

In this paper, we have applied semigroup property of enhanced Chebyshev polynomials to present a novel authenticated key exchange protocol. To the best of our knowledge, it is the first time to realize three-party authenticated key exchange protocol preserving user anonymity with semigroup property of enhanced Chebyshev polynomials. First, we argued that Chen et al.'s protocol has computational efficiency problem in initialization phase and cannot protect user anonymity, user has no choice in choosing his password, and there is no provision for revocation of lost or stolen smart card leading to man-in-the-middle attack. To surmount these identified drawbacks, we have proposed an enhanced protocol to reduce computational complexity and computational cost in initialization phase and improve security. Hence, our proposed protocol is more efficient and practical. Furthermore, analysis shows that our protocol can resist various kinds of attacks.

Acknowledgments

The authors are grateful to the anonymous referees for their valuable comments and suggestions to improve the presentation of this paper. This work is supported by the National Basic Research Program of China (973 Program) (Grant no. 2010CB923200), the National Natural Science Foundation of China (Grant nos. 61003285, 61121061), the Foundation for the Author of National Excellent Doctoral Dissertation of PR China (Grant no. 200951), the Asia Foresight Program under NSFC Grant (Grant no. 61061040320), and the Specialized Research Fund for the Doctoral Program of Higher Education (Grant no. 20100005110002).

References

  1. T. Dierks, “The transport layer security (tls) protocol version 1.2 s,” no. 5246, August 2008, http://www.ietf.org/rfc/rfc5246.txt.
  2. C. T. Li and M. S. Hwang, “An efficient biometrics-based remote user authentication scheme using smartcards,” Journal of Network and Computer Applications, vol. 33, no. 1, pp. 1–5, 2010.
  3. X. Li , J. W. Niu, J. Ma, W. D. Wang, and C. L. Liu, “Cryptanalysis and improvement of a biometrics-based remote user authentication scheme using smart cards,” Journal of Network and Computer Applications, vol. 34, no. 1, pp. 73–79, 2011.
  4. X. Li, Y. P. Xiong, J. Ma, and W. D. Wang, “An efficient and security dynamic identity based authentication protocol for multi-server architecture using smart cards,” Journal of Network and Computer Applications, vol. 35, no. 2, pp. 763–769, 2012.
  5. M. Li and W. Zhao, “A model to partly but reliably distinguish DDOS flood traffic from aggregated one,” Mathematical Problems in Engineering, vol. 2012, Article ID 860569, 12 pages, 2012. View at Publisher · View at Google Scholar
  6. M. Li, “An approach to reliably identifying signs of DDOS flood attacks based on LRD traffic pattern recognition,” Computers and Security, vol. 23, no. 7, pp. 549–558, 2004.
  7. M. Li, “Change trend of averaged Hurst parameter of traffic under DDOS flood attacks,” Computers and Security, vol. 25, no. 3, pp. 213–220, 2006.
  8. M. Li and W. Zhao, “Representation of a stochastic traffic bound,” IEEE Transactions on Parallel and Distributed Systems, vol. 21, no. 9, pp. 1368–1372, 2010.
  9. R. Bettati, W. Zhao, and D. Teodor, “Real-time intrusion detection and suppression in ATM networks,” in Proceedings of the 1st USENIX Workshop on Intrusion Detection and Network Monitoring, Santa Clara, Calif, USA, April 1999.
  10. S. M. Bellovin and M. Merritt, “Encrypted key exchange: password-based protocols secure against dictionary attacks,” in Proceedings of IEEE Computer Society Symposium on Research in Security and Privacy, pp. 72–84, Oakland, Calif, USA, 1992.
  11. S. Patel, “Number theoretic attacks on secure password schemes,” in Proceedings of IEEE Symposium on Security and Privacy, pp. 236–247, 1997.
  12. N. McCullagh and P. S. L. M. Barreto, “A new two-party identity-based authenticated key agreement,” in Topics in Cryptology—CT-RSA 2005, vol. 3376 of Lecture Notes in Computer Science, pp. 262–274, Springer, Berlin, Germany, 2005. View at Publisher · View at Google Scholar · View at Zentralblatt MATH
  13. M. Abdalla, D. Catalano, C. Chevalier, and D. Pointcheval, “Efficient two-party password-based key exchange protocols in the UC framework,” in Topics in Cryptology—CT-RSA 2008, vol. 4964 of Lecture Notes in Computer Science, pp. 335–351, Springer, Heidelberg, Germany, 2008. View at Publisher · View at Google Scholar · View at Zentralblatt MATH
  14. G. Xie, “Cryptanalysis of Noel McCullagh and Paulo S.L.M. Barretos twoparty identity-based key agreement, Cryptology ePrint Archive,” Report 2004/308, 2004, http://eprint.iacr.org/2004/308.
  15. N. McCullagh and P. S. L. M. Barreto, “A new two-party identity-based authenticated key agreement, Cryptology ePrint Archive,” Report 2004/122, 2004, http://eprint.iacr.org/2004/122.
  16. J. Kwon, K. Sakurai, and D. Lee, “One-round protocol for two-party verifierbased password-authenticated key exchange,” in Communications and Multimedia Security, H. Leitold and E. Markatos, Eds., vol. 4237 of Lecture Notes in Computer Science, pp. 87–96, Springer, Heidelberg, Germany, 2006.
  17. K. P. Xue and P. L. Hong, “Security improvement on an anonymous key agreement protocol based on chaotic maps,” Communications in Nonlinear Science and Numerical Simulation, vol. 17, pp. 2969–2977, 2012.
  18. J. Kwon, K. Sakurai, and D. Lee, “One-round protocol for two-party verifierbased password-authenticated key exchange,” in Communications and Multimedia Security, H. Leitold and E. Markatos, Eds., vol. 4237 of Lecture Notes in Computer Science, pp. 87–96, Springer, Heidelberg, Germany, 2006.
  19. O. K. Jeong, I. R. Jeong, K. Sakurai, and D. H. Lee, “Efficient verifierbased password-authenticated key exchange in the three-party setting,” Computer Standards and Interfaces, vol. 29, pp. 513–520, 2007. View at Publisher · View at Google Scholar
  20. C. L. Lin, H. M Sun, M. Steiner, and T. Hwang, “Three-party encrypted key exchange without server public-keys,” IEEE Communication Letters, vol. 5, pp. 497–499, 2001.
  21. C. C. Chang and Y. F. Chang, “A novel three-party encrypted key exchange protocol,” Computer Standards and Interfaces, vol. 26, pp. 471–476, 2004.
  22. D. Wang and X. Wei, “A new key exchange scheme based on extended chebyshev polynomials,” in Proceedings of the 4th WSEAS International Conference on Applied Mathematics and Computer Science, pp. 1–5, Rio de Janeiro, Brazil, 2005.
  23. T. H. Chen, W. B. Lee, and H. B. Chen, “A round- and computation-efficient three-party authenticated key exchange protocol,” The Journal of Systems and Software, vol. 81, pp. 1581–1590, 2008.
  24. G. J. Fee and M. B. Monagan, “Cryptography using chebyshev polynomial,” Maple Summer Workshop, Burnaby, Canada, 2004, http://oldweb.cecm.sfu.ca/CAG/papers/Cheb.pdf.
  25. H. Tseng, R. Jan, and W. Yang, “A chaotic maps-based key agreement protocol that preserves user anonymity,” in Proceedings of the IEEE International Conference on Communications (ICC '09), pp. 1–6, 2009.
  26. E.-J. Yoon and I.-S. Jeon, “An efficient and secure Diffie-Hellman key agreement protocol based on Chebyshev chaotic map,” Communications in Nonlinear Science and Numerical Simulation, vol. 16, no. 6, pp. 2383–2389, 2011. View at Publisher · View at Google Scholar · View at Zentralblatt MATH
  27. L. Zhang, “Cryptanalysis of the public key encryption based on multiple chaotic systems,” Chaos, Solitons and Fractals, vol. 37, no. 3, pp. 669–674, 2008. View at Publisher · View at Google Scholar · View at Zentralblatt MATH