Enhancing the security of password authenticated key agreement protocols based on chaotic maps

• We demonstrate the weaknesses of the protocols of Xiao et al. and Guo and Zhang.
• We present two secure password-based authenticated key agreement protocols using chaotic maps.
• The proposed protocols prevent the weaknesses in previous protocols and reduce transmissions.
• The proposed protocols do not require extra equipments for storing long-term secrets in the client.

Password authenticated key agreement allows users to only keep a weak password and establish an authentication key shared with a server. However, the chaotic maps based authenticated key agreement protocol of Xiao et al. in which time-stamps are used to resist replaying attacks and the subsequent group key agreement protocol of Guo and Zhang in which chaotic hash is used as an alternative are insecure against off-line password guessing attacks and violate the session key security. Therefore, this work presents two secure password authenticated key agreement protocols based on chaotic maps. One is based on synchronized clocks, while the other uses nonces. Besides preventing the limitations of previous protocols and reducing the number of messages during communication, the proposed protocols do not require extra equipment for storing long-term secrets in the client.