Recently, Lee et al. (Nonlinear Dyn, 73(1–2):125–132, 2013) proposed a three party password authenticated key exchange with user anonymity by utilizing extended chaotic maps. They claimed that their protocol is more secure than previously proposed schemes. In this paper, our analysis shows that Lee et al.’s protocol suffers from two kinds of attacks: (1) man-in-the-middle attack, and (2) user anonymity attack. To overcome these weakness, we propose an enhanced protocol that can resist the attacks described and yet with comparable efficiency.
This is a preview of subscription content, log in to check access
The work is supported by the National Basic Research Program of China (Grant No. 2013CB338003 and 2012CB315905), the National High Technology Research and Development Program of China (Grant No. 2012AA01A40 3), the National Natural Science Foundation of China (Grant No. 61170278, 91118006, and 61379150), and China Postdoctoral Science Foundation (Grant No. 2014M552524).)