Practical and Provably Secure Three-Factor Authentication Protocol Based on Extended Chaotic-Maps for Mobile Lightweight Devices

Due to the limitations of symmetric-key techniques, authentication and key agreement (AKA) protocols based on public-key techniques have attracted much attention, providing secure access and communication mechanism for various application environments. Among these public-key techniques used for AKA protocols, chaotic-map is more effective than scalar multiplication and modular exponentiation, and it offers a list of desirable cryptographic properties such as un-predictability, un-repeatability, un-certainty, and higher efficiency than scalar multiplication and modular exponentiation. Furthermore, it is usually believed that three-factor AKA protocols can achieve a higher security level than single- and two-factor protocols. However, none of existing three-factor AKA protocols can meet all security requirements. One of the most prevalent problems is how to balance security and usability, and particularly how to achieve truly three-factor security while providing password change friendliness. To deal with this problem, in this article we put forward a provably secure three-factor AKA protocol based on extended chaotic-maps for mobile lightweight devices, by adopting the techniques of "Fuzzy-Verifiers" and "Honeywords". We prove the security of the proposed protocol in the random oracle model, assuming the intractability of extended chaotic-maps Computational Diffie-Hellman problem. We also simulate the protocol by using the AVISPA tool. The security analysis and simulation results show that our protocol can meet all 13 evaluation criteria regarding security. We also assess the performance of our protocol by comparing with seven other related protocols. The evaluation results demonstrate that our protocol offers better balance between security and usability over state-of-the-art ones.