An extended chaotic-maps-based protocol with key agreement for multiserver environments

Due to the rapid development and growth of computer networks, there have been greater and greater demands for remote password authentication protocols. Recently, the focus has been on protocols for multiserver environments that run on smart cards. These protocols typically count on the nonce or timestamp to provide protection against the replay attack. However, as Tsaur et al. pointed out, these protocols have some security issues such as disturbance in clock synchronization and vulnerability to the man-in-the-middle attack. In order to solve the above problems, Tsaur et al. proposed a multiserver authentication scheme with key agreement in 2012, and they claimed that their scheme could effectively achieve password-authenticated key agreement while getting around the technical difficulty of implementing clock synchronization in multiserver environments. Unfortunately, we found out that Tsaur et al.’s protocol still has the following weaknesses: (1) inability to resist privileged insider attack, (2) inability to resist known-plaintext attack, (3) inability to provide user anonymity, and (4) lack of perfect forward secrecy. To fix these secure flaws of Tsaur et al.’s protocol, in this paper, we shall propose an improved multiserver authentication protocol with key agreement based on extended chaotic maps. We shall also offer formal proof of smooth execution of the improved authenticated key agreement protocol.     

A chaotic maps-based authenticated key agreement protocol with strong anonymity

In wireless communication environments, the authenticated key agreement with user anonymity is important. Recently, many chaotic maps-based anonymous authenticated key agreement protocols have been proposed. Tseng et al. applied Chebyshev chaotic maps to propose an anonymous key agreement protocol. Unfortunately, Niu et al. demonstrated that Tseng et al.’s protocol cannot protect the user anonymity and it suffers from insider attacks. Xue et al. improved Tseng et al.’s protocol. However, we have found that their improved protocol still cannot provide strong anonymity and it is vulnerable to the man-in-the-middle attack. To remove these weaknesses, we have proposed a novel chaotic maps-based authenticated key agreement protocol. The proposed protocol cannot only resist these attacks, but also provide strong anonymity.     

An extended chaotic maps based user authentication and privacy preserving scheme against DoS attacks in pervasive and ubiquitous computing environments

As the era of pervasive and ubiquitous computing comes close, hand-held and smart devices are expected to achieve the dream of all time everywhere computing. Remote user authentication is important to verify the legitimacy of a login user over an insecure communication channel. Furthermore, in order to protect user privacy such that others cannot trace login users by eavesdropping the communication messages, several researchers proposed some dynamic ID-based remote user authentication schemes for providing user anonymity. On the other hand, the denial-of-service (DoS) attacks may make legal users unable to access a remote server by intercepting the authentication message which a login user sends to the remote server. It will make the latest user identities kept by login user and the remote server differ from each other. To ensure user anonymity and prevent such DoS attacks, we propose an extended chaotic map and dynamic ID-based user authentication scheme against DoS attacks. The proposed scheme is suitable for use in pervasive computing environments such as online financial authentication since it can ensure security while maintaining efficiency.     

An extended chaotic maps-based key agreement protocol with user anonymity

A key agreement protocol is used to derive a shared secure session key by two or more parties, but no party can predetermine the resulting value. Users can securely exchange information over an open network by using the shared session key to encrypt/decrypt secure information. Recently, several key agreement protocols based on chaotic maps are proposed. Xiao et al. proposed a novel key agreement protocol based on chaotic maps and claimed their protocol can resist the known attack which is proposed by Bergamo et al. However, Han et al. and Xiang et al. pointed out that the Xiao et al. protocol is still insecure. To overcome these attacks, we shall propose an extended chaotic maps-based key agreement protocol. The proposed protocol not only can resist these attacks, but also provide mutual authentication and user anonymity.     

Cryptanalysis and enhancement of a chaotic maps-based three-party password authenticated key exchange protocol

Recently, Lee et al. (Nonlinear Dyn, 73(1–2):125–132, 2013) proposed a three party password authenticated key exchange with user anonymity by utilizing extended chaotic maps. They claimed that their protocol is more secure than previously proposed schemes. In this paper, our analysis shows that Lee et al.’s protocol suffers from two kinds of attacks: (1) man-in-the-middle attack, and (2) user anonymity attack. To overcome these weakness, we propose an enhanced protocol that can resist the attacks described and yet with comparable efficiency.     

Cryptanalysis and improvement of an extended chaotic maps-based key agreement protocol

Very recently, Lee et?al. (C.?Lee, C.?Chen, C.?Wu, S.?Huang, An extended chaotic maps-based key agreement protocol with user anonymity, Nonlinear Dynamics, doi:10.1007/s11071-011-0247-4) proposed a chaotic maps-based key agreement protocol with user anonymity and claimed their protocol could resist various attacks. In this paper, we will point out that Lee et?al.??s protocol suffers from three weaknesses: (1)?inability of resisting the privileged insider attack; (2)?inability of resisting the denial-of-service attack; and (3)?inability of providing anonymity. To overcome the weaknesses, we also proposed an improved protocol. The analysis shows our protocol is more suitable for practical applications.     

A secure chaotic maps-based key agreement protocol without using smart cards

To guarantee secure communication, many maps-based key agreement protocols have been proposed. Due to inherent tamper-resistance, most of them are based on smart cards. Unfortunately, the cost of cards and readers makes these protocols costly. In the real world, common storage devices, such as universal serial bus (USB) thumb drives, portable HDDs, mobile phones, and laptop or desktop PCs, are widely used, and they are much cheaper or more convenient for storing user authentication information. These devices do not provide tamper-resistance; it is a challenge to design a secure authentication protocol using these kinds of memory devices. In this paper, we will propose a maps-based key agreement protocol without using smart cards. According to our analysis, the proposed protocol guarantees mutual authentication, and also resists different attacks. Therefore, our protocol is suitable even for practical applications.     

A three-party password-based authenticated key exchange protocol with user anonymity using extended chaotic maps

In this paper, we propose a scheme utilizing three-party password-based authenticated key exchange protocol with user anonymity using extended chaotic maps, which is more efficient and secure than previously proposed schemes. In order to enhance the efficiency and security, we use the extended chaotic maps to encrypt and decrypt the information transmitted by the user or the server. In addition, the proposed protocol provides user anonymity to guarantee the identity of users, which is transmitted in the insecure public network.     

A revised key agreement protocol based on chaotic maps

Very recently, Chen et al. proposed a security-enhanced key agreement protocol based on Chebyshev chaotic map. They claimed that the proposed protocol can achieve session key agreement shared among the server and user with security and users anonymity. Although, in this paper, we will prove that Chen et al.’s protocol cannot guarantee security and user anonymity against internal adversary who is a legal user. Furthermore, we give some improvements to dominate the mentioned shortcomings. The analysis shows that our proposed improvements are secure and efficient.     

Analysis and improvement of a chaos-based symmetric image encryption scheme using a bit-level permutation

Recently, a chaos-based symmetric image encryption scheme using a bit-level permutation was proposed. In this paper, we analyze the potential flaws in Zhu’s algorithm in detail and develop a chosen-plaintext attack and chosen-ciphertext attack on Zhu’s algorithm. The proposed attack indicates that the Arnold cat map applied directly in image encryptions is not suitable for cryptography. We also propose the corresponding improved scheme. The improved scheme preserves the merits of the original one.     

Cryptanalysis and improvement of a three-party key agreement protocol using enhanced Chebyshev polynomials

Three-party key agreement protocol is an important cryptographic mechanism for secure communication, which allows two parties authenticate each other with the help of a trusted server. Very recently, Lai et al.’s proposed a novel three-party key agreement protocol using the enhanced Chebyshev chaotic map and claimed their protocol could withstand various attacks. Unfortunately, in this paper, we will show their protocol is vulnerable to the privileged insider attack and the off-line password guessing attack. To solve the problems, we propose an improved three-party key agreement protocol using the enhanced Chebyshev chaotic map. Security analysis and performance analysis show our protocol not only could withstand various attacks, but also has similar performance. Therefore, it is very suitable for practical applications.     

Provably secure dynamic identity-based three-factor password authentication scheme using extended chaotic maps

With the aim of guaranteeing secure communication through public networks, three-factor password authentication (TF-PWA) scheme plays a key role in many internet applications. Since in TF-PWA scheme, the communicating entities can mutually authenticate each other and generate a shared session key, which will be used for secure exchange of messages in succeeding communication among them. As a result, the TF-PWA schemes gain enormous consideration in recent years. More recently, due to light-weight features of the extended chaotic map, it is also extensively applied in designing of public key encryption, key agreement, image encryption, S-box, hash function, digital signature, password authentication, etc. The aim of this paper was to design a dynamic identity-based three-factor password authentication scheme using extended chaotic map (ECM-TF-PWA) in the random oracle model. The proposed scheme is provably secure based on the intractability assumption of chaotic map-based Diffie–Hellman problem. The informal security analysis gives the evidence that our scheme protects all attacks and provides functionality attributes that are needed in a three-factor authentication system. Besides, the performance discussion shows that our scheme performs better than others in respect of computation and communication cost.     

Cryptanalysis and improvement of a chaotic map-based key agreement protocol using Chebyshev sequence membership testing

Recently, Gong et al. (Nonlinear Dyn, doi:10.1007/s11071-012-0628-3, 2012) proposed a chaotic map-based key agreement protocol without using smart cards. They claimed that the protocol is secure against password-guessing attacks. However, we show that Gong et al.’s protocol is vulnerable to partition attacks, whereby the adversary can guess the correct password off-line. We also demonstrate that the protocol suffers from a a stolen-verifier attack along with password change pitfalls. Thereafter, we proposed an chaotic map-based key agreement protocol without using smart cards to conquer the mentioned weaknesses. The security analysis of the proposed protocol shows that it is suitable for the applications with higher security requirement.     

Design and application of an S-box using complete Latin square

Since a substitution box (S-box) is the nonlinearity part of a symmetric key encryption scheme, it directly determines the performance and security level of the encryption scheme. Thus, generating S-box with high performance and efficiency is attracting. This paper proposes a novel method to construct S-box using the complete Latin square and chaotic system. First, a complete Latin square is generated using the chaotic sequences produced by a chaotic system. Then an S-box is constructed using the complete Latin square. Performance analyses show that the S-box generated by our proposed method has a high performance and can achieve strong ability to resist many security attacks such as the linear attack, differential attack and so on. To show the efficiency of the constructed S-box, this paper further applies the S-box to image encryption application. Security analyses show that the developed image encryption algorithm is able to encrypt different kinds of images into cipher images with uniformly distributed histograms. Performance evaluations demonstrate that it has a high security level and can outperform several state-of-the-art encryption algorithms.

     

An image encryption scheme combining chaos with cycle operation for DNA sequences

An image encryption scheme is proposed using high-dimensional chaotic systems and cycle operation for DNA sequences. In the scheme, the pixels of the original image are encoded randomly with the DNA coding rule controlled by a key stream produced from Chen’s hyper-chaos. In addition to confusion on the DNA sequence matrix with Lorenz system, a cycle operation for DNA sequences is projected to diffuse the pixel values of the image. In order to enhance the diffusion effect, a bitwise exclusive-OR operation is carried out for the decoded matrices with a binary key stream, and then the cipher-image is obtained. Simulation results demonstrate that the proposed image encryption scheme with acceptable robustness is secure against exhaustive attack, statistical attack and differential attack.     

Event-based secure consensus of multiple AUVs under DoS attacks

In this paper, the event-based triggering method is adopted to investigate the secure consensus issue of multiple autonomous underwater vehicles (AUVs) under denial-of-service (DoS) attacks. DoS attack is a form of time-sequence-based cyber attack, which can destroy the normal service of the control target or network. First, based on an event-triggered mechanism, a novel secure control protocol is proposed. Second, the upper bounds of attack duration and attack frequency are given to ensure that multiple AUVs under DoS attacks can reach consensus. Third, an event-triggered mechanism with exponential variables is developed to avoid the continuous update of the controller, thereby reducing the burdens of communication and calculation. Zeno behavior can be strictly ruled out for each AUV under this triggering mechanism. Finally, the simulation results illustrate the feasibility of the proposed scheme.

     

Chaotic maps-based three-party password-authenticated key agreement scheme

Since chaos theory related to cryptography has been addressed widely, many chaotic maps based two-party password-authenticated key agreement (2PAKA) schemes have been proposed. However, to the best of our knowledge, no chaotic maps based three-party password-authenticated key agreement (3PAKA) protocol without using a timestamp has been proposed, yet. In this paper, we propose the first chaotic maps-based 3PAKA protocol without a timestamp. The proposed protocol is not based on the traditional public key cryptosystem but is based on chaotic maps, which not only achieves perfect forward secrecy without using a timestamp, modular exponentiation and scalar multiplication on an elliptic curve, but is also robust to resist various attacks such as password guessing attacks, impersonation attacks, man-in-the-middle attacks, etc.     

A novel secure image transmission scheme based on synchronization of fractional-order discrete-time hyperchaotic systems

In this paper, a secure image transmission scheme based on synchronization of fractional-order discrete-time hyperchaotic systems is proposed. In this scheme, a fractional-order modified-Hénon map is considered as a transmitter, the system parameters and fractional orders are considered as secret keys. As a receiver, a step-by-step delayed observer is used, and based on this one, an exact synchronization is established. To make the transmission scheme secure, an encryption function is used to cipher the original information using a key stream obtained from the chaotic map sequences. Moreover, to further enhance the scheme security, the ciphered information is inserted by inclusion method in the chaotic map dynamics. The first contribution of this paper is to propose new results on the observability and the observability matching condition of nonlinear discrete-time fractional-order systems. To the best of our knowledge, these features have not been addressed in the literature. In the second contribution, the design of delayed discrete observer, based on fractional-order discrete-time hyperchaotic system, is proposed. The feasibility of this realization is demonstrated. Finally, different analysis are introduced to test the proposed scheme security. Simulation results are presented to highlight the performances of our method. These results show that, our scheme can resist different kinds of attacks and it exhibits good performance.     

An image encryption scheme based on time-delay and hyperchaotic system

In this paper, a novel image encryption scheme based on time-delay and hyperchaotic system is suggested. The time-delay phenomenon is commonly observed in daily life and is incorporated in the generation of pseudo-random chaotic sequences. To further increase the degree of randomness, the output of the hyperchaotic system is processed before appending to the generated sequence. A novel permutation function for shuffling the position index, together with the double diffusion operations in both forward and reverse directions, is employed to enhance the encryption performance. Experimental results and security analyses show that the proposed scheme has a large key space and can resist known-plaintext and chosen-plaintext attacks. Moreover, the encryption scheme can be easily modified to adopt other hyperchaotic systems under the same structure.     

Provably secure three-party key agreement protocol using Chebyshev chaotic maps in the standard model

Recently, several key agreement protocols based on Chebyshev chaotic maps have been proposed in the literature. However, they can normally achieve “heuristic” security, that is, once drawbacks are found in these protocols, they are either modified to resist the new attacks, or are discarded. Under these circumstances, it is necessary and significant to define standard security models that can precisely characterize the capabilities of the participants and a potent adversary. Hence, we propose to use public key encryption based on enhanced Chebyshev chaotic maps and pseudo-random function ensembles to construct an efficient three-party key agreement protocol under the standard model, in which the adversary is able to make a wider range of queries and have more freedom than the other proposed schemes. In the design of our protocol, we follow the ideas in the recent key agreement protocol of Yang and Cao’s. The proposed protocol is shown to be provably secure if decisional Diffie–Hellman problem, which is based on Chebyshev chaotic maps, is computationally infeasible. To the best of our knowledge, our protocol is the first provably secure 3PAKE protocol using Chebyshev chaotic maps under the standard model.