Applied Computational Intelligence and Soft Computing

Volume 2016, Article ID 3916942, 10 pages

http://dx.doi.org/10.1155/2016/3916942

## An Efficient Chaotic Map-Based Authentication Scheme with Mutual Anonymity

^{1}College of Computer Science and Technology, Chongqing University of Posts and Telecommunications, Chongqing 400065, China^{2}College of Computer Science, Chongqing University, Chongqing 400044, China^{3}College of Mathematical Sciences, Dezhou University, Dezhou 253023, China^{4}School of Electronic Engineering, Dublin City University, Dublin 9, Ireland

Received 19 December 2015; Revised 7 March 2016; Accepted 17 March 2016

Academic Editor: Christian W. Dawson

Copyright © 2016 Yousheng Zhou et al. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

#### Abstract

A chaotic map-based mutual authentication scheme with strong anonymity is proposed in this paper, in which the real identity of the user is encrypted with a shared key between the user and the trusted server. Only the trusted server can determine the real identity of a user during the authentication, and any other entities including other users of the system get nothing about the user’s real identity. In addition, the shared key of encryption can be easily computed by the user and trusted server using the Chebyshev map without additional burdensome key management. Once the partnered two users are authenticated by the trusted server, they can easily proceed with the agreement of the session key. Formal security analysis demonstrates that the proposed scheme is secure under the random oracle model.

#### 1. Introduction

Due to its characteristic of sensibility of initial conditions and the chaotic parameter, a chaos system shows aperiodicity and pseudorandomness, and it has been widely used in many cryptographic constructions, such as chaotic system based hash functions [1–3], chaotic system based encryption [4–8], and chaotic based block cipher [9], and so forth.

Authentication and key agreement are the fundamental blocks used to achieve authenticity and confidentiality in cryptographic system. Much efforts on chaotic maps based authentication and key establishment have been made in recent years. In 2009, Han and Chang [10] proposed a chaotic map-based key agreement protocol, which removes the constraint of synchronization. However, Yoon and Yoo [11] pointed out that Han and Chang’s [10] scheme cannot counter replay attack. Later, Tseng et al. [12] presented a chaotic map-based key agreement protocol for smart card-oriented application, which is vulnerable to internal attack and lacks perfect forward security as pointed out by Niu and Wang [13]. Though Niu and Wang [13] improved Tseng et al.’s [12] scheme and proposed a new one, it is expensive and cannot resist DoS attack. In addition, other researchers investigated the improvement for key agreement of smart card [14, 15]. Wang and Zhao [16] first proposed trusted third party (TTP) based key agreement scheme using the Chebyshev chaotic maps, which is improved by Yoon and Jeon [17] for its vulnerability to tampering attack. In 2012, Lai et al. [18] developed a novel TTP based key agreement protocol using the extended Chebyshev map, but their scheme cannot counter internal attack and off-line key guessing attack [19]. Later, Lee et al. [20] presented a mutual anonymous authentication scheme with the extended Chebyshev map, but it can incur the man-in-the-middle attack. Tan [21] proposed a novel authentication and key agreement protocol with smart card, which can achieve user anonymity; however, the cost consumption is expensive. To cut the heavy computation cost due to the smart card, Gong et al. [22] proposed an improved chaotic map-based key management scheme without a smart card. However, Wang and Luan [23] pointed out that Gong et al.’s scheme exists key management issues and potential security problems and then proposed a new secure key agreement protocol. In addition, some chaotic maps based schemes [24–28] have been investigated for solving various security problems.

Although a lot of works on chaotic maps based authentication have been made, most of them cannot provide mutual authentication and are vulnerable to external attack. Only few schemes address this issue using encryption; however, the confidentiality of these schemes is not perfect, since internal users of the system can know the real identities of others during the execution of the authentication process. As the popularity of wireless communication enabled devices, the private information of users, such as identity and locations, can be easily illegally intercepted and then exploited to trace individuals by potential attackers [29]. The privacy of the user has attracted increasing attention from both industry and academia nowadays. To the best of our knowledge, a scheme can that addresses this privacy requirement does not exist. Motived by this, a mutual chaotic map-based authentication scheme with mutual anonymity is proposed in this paper, which has the following properties.

*(**1) Mutual Strong Anonymity*. When user, Alice, in the system interacts with another user, Bob, to fulfill the authentication process, no entity except the trusted server can learn some information about the real identity of Alice and Bob. Furthermore, Alice and Bob cannot determine the opposite side as well; that is, Alice does not know Bob’s real identity and vice versa.

*(**2) Untraceability*. Any internal user cannot connect any two authentication sessions; that is, to say, even if a system user Alice has established a session with the same user Bob who was once authenticated, Alice still cannot determine that the opposite side is Bob using the historic session. In addition, any external entities cannot determine whether users in one session are the similar to users in another session using the intercepted messages.

The rest of the paper is organized as follows; some related basics and definitions are introduced in Section 2. The concrete construction of the proposed scheme is illustrated in Section 3. Analysis and comparison are presented in Section 4. At last, the paper is concluded.

#### 2. Preliminaries

This section introduces the common user requirements, the security requirements for mutual authentication, some basics about the Chebyshev chaotic map and its advantage, and the security definitions.

##### 2.1. Requirements

###### 2.1.1. User Requirements

Given that the authentication scheme to be constructed should be easy to use, the following user requirements need to be satisfied.

*(**1) Independency*. The system should enable users to choose their seeds to produce the shared encryption/decryption keys independently, which means the user can encrypt the transferred messages with a distinctive key in a new authentication session without additional agreement with the trusted server in advance.

*(**2) Round-Optimization*. When a user wants to authenticate another entity, the number of the interactive rounds should be minimized as much as possible, which is helpful to save computation and communication cost, meanwhile users’ experiences will be enhanced as well.

*(**3) Anonymity*. From the user perspective, his real identity needs protection and it should not be exposed to other entities except the trusted server.

###### 2.1.2. Security Requirements

Since the objective of our proposed protocol is to provide a reliable and robust authentication mechanism to counter all possible outside and inside attacks, based on previous studies [21–25, 32, 33], we give the following critical requirements to provide secure authentication.

*(**1) Mutual Authentication*. After the involved partnered two users finish the process of authentication, they should be convinced that the opposite user is an authentic one, not a forged one.

*(**2) Efficiency*. Since the process of mutual authentication is on-line and the trusted server is required to support all authentication processes, the communication and computation costs should be as low as possible.

*(**3) Integrity*. This means the involved entities can verify the integrity of received messages, which aims to detect possible damage to those messages.

*(**4) Confidentiality*. After the authentication process, a session key should be produced for both partnered users to provide a secure communication, and it ensures forward secrecy as well.

Next, a brief introduction of the Chebyshev map and some related preliminaries [25, 31, 33] are given.

##### 2.2. The Chebyshev Chaotic Maps

###### 2.2.1. Definitions of Chebyshev Chaotic Maps

*Definition 1. *Let be an integer, , and an -order Chebyshev polynomial map is defined as follows:

According to the definition, the Chebyshev polynomial map can also be defined recursively as follows:where and , .

The Chebyshev polynomial map has the following two properties.

(1) Semigroup property is as follows:where , are two integers, .

(2) Chaos property is as follows. When is bigger than 1, an -degree Chebyshev polynomial map has the constant measure and positive Lyapunov exponent .

According to the periodicity of , there exist multiple associated with the same to make the equation hold. To improve the security of classic Chebyshev polynomial map, Zhang [33] gave a proof that the Chebyshev polynomial map still keeps the semigroup property over the interval , which is called* the extended Chebyshev chaotic maps* with the following definition:where , , and is a big prime number. It can be easily found the following equation holds as well:

*Definition 2 (discrete logarithm problem (DLP)). *Given any two big integers , , find an integer to make the equation hold.

*Definition 3 (decisional Diffie-Hellman problem (DDH)). *Given , , and , where , , and are unknown, determine whether equation holds or not.

###### 2.2.2. The Advantages of Using Chebyshev Chaotic Maps

As a chaotic system characterizes excellent properties of diffusion and confusion, it is widely used to design various cryptographic schemes. Our design aims to provide a secure efficient mutual authentication with strong anonymity, and this means encryption will be integrated to keep the confidentiality of the identities. However, the traditional public key cryptography schemes are not desirable to achieve it since the management of encryption key in these schemes produces heavy computational burden. Inspired by the excellent semigroup property, the extended Chebyshev chaotic map over the finite field is used to develop our protocol since the discrete logarithm problem and Diffie-Hellman problem are assumed to be intractable within polynomial time [21]. However, there are no hardness assumptions of the discrete logarithm problems or the Diffie-Hellman problems about the Chebyshev chaotic maps over the interval [34], so that it is still challenging to design a secure chaotic map-based key agreement protocol over the interval . Meanwhile, with the Chebyshev chaotic map, our proposed based scheme enables the users and trusted server efficiently to generate the shared encryption key and agree session key without additional key management. Though there are some other types of chaos systems, only the extended Chebyshev chaotic map has the semigroup property and satisfies the requirements stated above. In addition, the Chebyshev map has good chaotic properties with mixture and ergodicity, and the chaotic sequences generated by the Chebyshev map have good statistical distribution characteristics as the mean is 0 [35]. Wang et al. [7, 8] pointed out that low dimension chaotic maps have degradation of dynamics in finite precision computations in computers; however, this issue can be addressed using appropriate implementation; for example, Liu et al. [36] proposed an analogue-digital mixed method to solve the dynamical degradation of digital chaotic system. Given the previous advantages, the extended Chebyshev chaotic map is used to construct mutual authentication with strong anonymity in this paper.

##### 2.3. Security Definitions

Based on the attack model in literatures [37, 38], the security model of the proposed chaotic map based mutual authentication and key agreement with strong anonymity is defined in this section. In the model, the capability of the adversary is defined by the following interactive game which consists of oracle queries and security assumptions.

can join the game through issuing series of oracle queries to any participant from the entity set including the trusted server. During the interactive activities, is assigned with some attacking capabilities to the authentication protocol. The communication channel is under the full control of , which means can intercept, block, inject, delete, and modify any message transferred via this channel. The queries that can issue are as follows.

. This query is designed to assign with passive attacking capability. After the execution of this query, all the transferred messages produced by the honest parities will be output according to the definition of .

. This query is designed to simulate the situation that has controlled the whole communication process. can issue query on to , and the corresponding entity from will compute the results according to and respond to .

. This query is used to simulate the known key attacking. If it is a valid session, all the computed shared session keys by will be responded to and null will be responded to otherwise.

. This query is used to simulate that corrupts entities from . can obtain the permanent password and real identification of with this query.

. This query is designed to assign with the capability of accessing the encryption oracle. In order to respond to correctly, a list is needed to setup and maintenance. Upon receiving the query , first check if there exists some entry in . If yes, return of the corresponding entry; otherwise, a random value will be returned. Meanwhile, a new tuple will be added into . Equivalently, for the decryption query , first check if there exists some entry in , if yes, return of the corresponding entry, and a random value will be returned, otherwise. Meanwhile, the new tuple will be added to .

. This query is utilized to simulate hashing for . To respond to effectively, a list will be set up. Upon receiving the query on from , firstly check if there already exists some entry in . If yes, return the value of the existing entry to . Otherwise, generate a random value as the response and add to at the same time.

. This query is used to measure the semantic security of the session key . If the entity of this session key has already computed with his partnered peer, return to . Otherwise, null will be responded to. can also issue a single query to , and will make an unbiased toss to demine the response. If , return to . Otherwise, return a random value.

*Definition 4 (security of the session key (ASK-Secure)). *In an adversary involved interactive game, the adversary can arbitrarily issue Test query, where the response is the real session key or a random value. If issued a Test query to an unauthorized entity, would be responded with . If issued a Test query to a dishonest entity or the entity whose peer is dishonest, the corresponding real session key will be responded to. Otherwise, a random from an unbiased coin toss is used to determine that the response is the real session key or a random value. would guess the uncovered through analyzing the response. Let the event , and let be the advantage that wins the distinguishability of . If is negligible, then is called ASK-Secure [37].

*Definition 5 (security of symmetric encryption (OT-Secure)). *One-time security of symmetric encryption (-Secure) [39] means that the indistinguishability of symmetric encryption under the passive attack can also be called find-guess security. Let be a symmetric encryption scheme and let be an adversary of , and then consider the following interactive game between and .(1)Choose .(2)Input to run . outputs two distinctive messages and the state .(3)Choose randomly and compute .(4)Input and run , and then outputs .

The advantage of represents how far it will guess the right with the possibility bigger than ; that is . During the whole process of the game, is passive; in other words, it cannot access any encryption or decryption oracle.

#### 3. Concrete Construction

The detailed construction of the proposed scheme is presented in this section. For convenience, the descriptions of all symbols to be used are listed in Description of Symbols.

Suppose there exist three entities in our scheme, two system users , , who need to authenticate each other, and a trusted third party Tread. During the authentication, Tread will authenticate and using their submitted messages. If Tread identifies that or has been revoked, the authentication process will be terminated. The whole process of authentication consists of two stages, that is, registration and authentication including key establishment.

At the beginning of registration, , generate their passwords, respectively. They precompute passwords using a hash function and then submit them to Tread together with identifications and other related information. Upon receiving the registration queries from and , Tread will check the validity of the submitted information. If yes, the registering is successful and Tread would securely store the needed information locally. The authenticating can be launched by or , and then the process will be conducted through the following interactive steps.

##### 3.1. Registration

A user can register using the following steps.

(1) Tread chooses two random numbers and a big prime number , then computes , and publishes .

(2) User chooses his and computes , and then sends to Tread.

(3) Tread checks the validity of and using . If yes, it stores . Otherwise, user fails to register in the system.

##### 3.2. Mutual Authentication and Key Establishment

Users and can finish the authentication and establishment by following the steps shown in Figure 1.