CRYPTANALYSIS ON “PRACTICAL AND PROVABLY SECURE THREE-FACTOR AUTHENTICATION PROTOCOL BASED ON EXTENDED CHAOTIC-MAPS FOR MOBILE LIGHTWEIGHT DEVICES”

Abstract

Authentication and key agreement (AKA) plays an important role in an open network environment in order to secure communication between two or more participants. Authentication and key agreement (AKA) protocols should protect the sensitive information against a malicious adversary by providing a variety of services, such as authentication, user credentials’ privacy, when the smart card is lost/stolen or the private key of a user or a server is revealed. Unfortunately, most of the existing an authentication and key agreement (AKA) protocols proposed in the literature do not safe against smart card loss attacks. Recently, in 2020, Shuming et al. proposed a secure three-factor authentication protocol based on extended chaotic-maps for mobile lightweight devices. In this paper, we analyze the Shuming et al’s protocol and show that Shuming et al’s scheme is vulnerable to privileged-insider attacks with the help of both offline password guessing attacks, user impersonation, Parallel session attacks and thus, their scheme fails to prevent known sessionspecific temporary information attack. In addition, we show that their scheme does not provide strong user’s anonymity. Furthermore, Shuming et al’s scheme cannot safe against smart card loss attacks. Apart from these, Shuming et al’s scheme has launch DoS attack.