Security improvement on an anonymous key agreement protocol based on chaotic maps

In 2009, Tseng et al. proposed a password sharing and chaotic map based key agreement protocol (Tseng et al.’s protocol). They claimed that the protocol provided mutual authentication between a server and a user, and allowed the user to anonymously interact with the server to establish a shared session key. However, in 2011, Niu et al. have proved that Tseng et al.’s protocol cannot guarantee user anonymity and protocol security when there is an internal adversary who is a legitimate user. Also it cannot provide perfect forward secrecy. Then Niu et al. introduced a trust third party (TTP) into their protocol designing (Niu et al.’s protocol). But according to our research, Niu et al.’s protocol is found to have several unsatisfactory drawbacks. Based on reconsidering Tseng et al.’s protocol without introducing TTP, we give some improvements to meet the original security and performance requirements. Meanwhile our proposed protocol overcomes the security flaws of Tseng et al.’s protocol.

► We analyse the security flaws of Tseng et al.’s protocol and Niu et al.’s protocol.
► We design a new chaotic map and password sharing based anonymous key agreement protocol without TTP (trust third party).
► Based on Tseng et al.’s protocol, we modify the computation of Regi and redesign protocol steps.
► Our protocol meets the contributory property, provides user anonymity, and has no security disclosure after node compromise.