Recently, chaos has been treated as a good way to reduce computational complexity while satisfying security requirements of a key agreement protocol. Guo and Zhang (Inf Sci 180(20):4069-4074, 2010) proposed an chaotic public-key cryptosystem-based key agreement protocol. Lee (Inf Sci 290:63-71, 2015) has proved that Guo et al.'s scheme cannot resist off-line password guess attack. In this paper, we furtherly demonstrate Guo et al.'s scheme has redundancy in protocol design and still has some security flaws. Furthermore, we present an improved secure password and chaos-based two-party key agreement protocol, which can solve the security threats of replay and denial-of-service attacks. Meanwhile, we simplify the protocol steps to reduce redundancy in protocol design. From security and performance analysis, our proposed protocol can resist the security flaws in related works, and it has less communication overhead and computational complexity.

• 出版日期2016-4
• 单位合肥学院; 中国科学技术大学