부산대학교 도서관

Recently, Lu et al. claimed that Xie et al.'s three-party password-authenticated key agreement protocol (3PAKA) using chaotic maps has three security vulnerabilities; in particular, it cannot resist offline password guessing attack, Bergamo et al.'s attack and impersonation attack, and then they proposed an improved protocol. However, we demonstrate that Lu et al.'s attacks on Xie et al.'s scheme are unworkable, and their improved protocol is insecure against stolen-verifier attack and off-line password guessing attack. Furthermore, we propose a novel scheme with enhanced security and efficiency. We use formal verification tool ProVerif, which is based on pi calculus, to prove security and authentication of our scheme. The efficiency of the proposed scheme is higher than other related schemes.