| Article ID | Journal | Published Year | Pages | File Type |
|---|---|---|---|---|
| 755720 | Communications in Nonlinear Science and Numerical Simulation | 2015 | 7 Pages |
•This paper demonstrates some security flaws of the Guo–Chang chaotic maps-based password-authenticated key agreement.•Specifically, some relation with user identities and the shared session key in their scheme could be compromised.•An improved scheme eliminating these weaknesses is also addressed.
Elaborating on the security of password-based authenticated key agreement, in this paper, the author cryptanalyzes a chaotic maps-based password-authenticated key agreement proposed by Guo and Chang recently. Specifically, their protocol could not achieve strong user anonymity due to a fixed parameter and a malicious adversary is able to derive the shared session key by manipulating the property of Chebyshev chaotic maps. Additionally, the author also presents an improved scheme to eliminate the above weaknesses and still maintain the efficiency.
