Shu Jian,Chunxiang Xu

2009-01-01

Abstract:The goal of password-based authenticated exchange protocol is established secure key by using preshared human-memorable password.Most of existing schemes either have computation burden or rely on the random oracle model.A new scheme without random oracles is proposed,which requires only one generator.Due to not using CPA or CCA2 public encryption scheme,the proposed protocol is efficient in computational cost and simple in protocol description when compared other solutions without random oracles.Specifically,this protocol reduces 64% of the exponential computations of the protocol proposed by Yin Yin et al.in the paper of "Provable secure encrypted key exchange protocol under standard model".The security of the proposed scheme has been proven in the standard model under DDH assumption.

Jianqing Fu,Jian Chen,Rong Fan,XiaoPing Chen,Lingdi Ping

DOI: https://doi.org/10.1109/wcse.2009.731

2009-01-01

Abstract:With the widespread use of mobile devices, authentication and privacy of identification become important issues. We analyzed the security flaws and shortcomings of a delegation-based authentication protocol which was proposed by Caimu Tang, et al., and provided an improved protocol. We use elliptic-curve cryptography and hash chain to ensure the safety of system in our scheme. The research results reveal that the improved protocol can not only corrects the security flaws but also improve the efficiency of key management and reduce the computational load.

Jun-Han Yang,Tian-Jie Cao

DOI: https://doi.org/10.1016/j.jss.2011.08.024

IF: 3.5

2012-01-01

Journal of Systems and Software

Abstract:Three-party password authenticated key exchange protocol is a very practical mechanism to establish secure session key through authenticating each other with the help of a trusted server. Most three-party password authenticated key exchange protocols only guarantee security in the random oracle model. However, a random oracle based cryptographic construction may be insecure when the oracle is replaced by real function. Moreover, some previous unknown attacks appear with the advance of the adversary capability. Therefore, a suitable standard model which can imitate a wider variety of attack scenarios for 3PAKE protocol is needed. Aim at resisting dictionary attack, unknown key-share attack and password-compromise impersonation attack, an expanded standard model for 3PAKE protocol is given. Meanwhile, through applying ElGamal encryption scheme and pseudorandom function, a specific three-party password authenticated key exchange protocol is proposed. The security of the proposed protocol is proven in the new standard model. The result shows that the present protocol has stronger security by comparing with other existing protocols, which covers the following security properties: (1) semantic security, (2) key privacy, (3) client-to-server authentication, (4) mutual authentication, (5) resistance to various known attacks, and (6) forward security.

Yang ZHANG,Chaoyang LI,Xiangjun XIN,Fagen LI

DOI: https://doi.org/10.16186/j.cnki.1673-9787.2017.05.015

2017-01-01

Abstract:In order to improve the security and efficiency of the key agreement protocol,a secure one-pass and two-party authenticated key agreement protocol is proposed.In this protocol,a certificateless digital signature is sent to the receiver,in which the sender's public key,identification number,time stamp,and other identifiable information are signed.Then,the receiver verifies the variety of the digital signature.The session key is built by using the Diffie-Hellman key agreement protocol.The new protocol can be proved to be secure in random oracle model;it can also satisfy the properties of known session key secrecy,forward secrecy,uncontrollability of the session key and key compromise impersonation resilience.

Junhan Yang,Tianjie Cao

2011-01-01

Journal of Computational Information Systems

Abstract:With advances in elliptic curve cryptography, Li et al. and Yoon et al. proposed two password-authenticated key exchange protocols without server's public key. They claimed to be secure against several possible attacks, securely update user passwords without a complicated process, and also provide explicit key authentication in the case of a session key agreement. Unfortunately, Li et al.'s protocol is vulnerable to off-line dictionary attack and man-in-the-middle attack. Meanwhile Yoon et al.'s protocol is subject to off-line dictionary attack and fails to provide backward secrecy. In this paper, we conduct a detailed analysis on the flaws and also propose a verifier-based password-authenticated key exchange protocol via elliptic curves which is secure against various known attacks. Copyright © 2011 Binary Information Press.

Victor Boyko,Philip MacKenzie,Sarvar Patel

DOI: https://doi.org/10.1007/3-540-45539-6_12

2000-01-01

Abstract:When designing password-authenticated key exchange protocols (as opposed to key exchange protocols authenticated using crypto-graphically secure keys), one must not allow any information to be leaked that would allow verification of the password (a weak shared key), since an attacker who obtains this information may be able to run an off-line dictionary attack to determine the correct password. We present a new protocol called PAK which is the first Diffie-Hellman-based password-authenticated key exchange protocol to provide a formal proof of security (in the random oracle model) against both passive and active adversaries. In addition to the PAK protocol that provides mutual explicit authentication, we also show a more efficient protocol called PPK that is provably secure in the implicit-authentication model. We then extend PAK to a protocol called PAK-X, in which one side (the client) stores a plaintext version of the password, while the other side (the server) only stores a verifier for the password. We formally prove security of PAK-X, even when the server is compromised. Our formal model for password-authenticated key exchange is new, and may be of independent interest.

舒剑,许春香

DOI: https://doi.org/10.3969/j.issn.1000-436x.2010.03.008

2010-01-01

Abstract:The security of a recently proposed password-based authenticated key exchange protocol was analyzed. Al- though it was provably secure in the standard model, it was vulnerable to reflection attacks. A modify scheme was pro- posed, which eliminated the defect of original scheme and improved the efficiency of the protocol. The security of the proposed scheme had been proven in the standard model under DDH assumption. The results show that it provides per- fect forward secrecy.

XU Chun-xiang,HE Xiao-hu

DOI: https://doi.org/10.3969/j.issn.1001-0548.2012.04.023

2012-01-01

Abstract:Three-party password-based authenticated key exchange protocols allow two clients to authenticate each other and establish a shared session key through a trusted server who preserves clients’ passwords or verifiers about passwords.However,because of the low entropy of passwords,password-based authenticated key exchange protocols are vulnerable to dictionary attacks.Based on available protocols,a new efficient three-party password-based authenticated key exchange protocol is proposed by combining the symmetric encryption algorithm with the method of two-party key exchange protocol of Diffie-Hellman.Results indicate that and the proposed protocol can resist against various attacks and provide the perfect forward security.

舒剑,许春香

DOI: https://doi.org/10.3969/j.issn.1001-0548.2009.03.018

2009-01-01

Abstract:The security of an authenticated group key exchange is analyzed,the results show that it is insecure due to redundancy of the exchange messages.Based on the protocol of Burmester and Desmedt,an improved protocol is proposed with merits in terms of computation and communication.The improved protocol provides not only the capability of forward secrecy and mutual authentication,but also the capability against man-in-middle attack.The protocol is proven secure in the random-oracle and ideal-cipher models under the computational Diffie-Hellman(CDH) assumption.

ZHU Chang-sheng,LIU Peng-hui,WANG Qing-rong,CAO Lai-cheng

DOI: https://doi.org/10.3724/sp.j.1087.2011.01862

2011-01-01

Journal of Computer Applications

Abstract:How to keep mutual anonymity between two entities is one of the critical issues for Trusted Computation(TC).According to the characteristics of TC,an efficient password-based authenticated key exchange scheme was proposed.Adopting threshold cryptography and fuzzy ID set,the scheme achieved mutual anonymity between user and server sharing ID set.On the premise of secure hashing,the analysis and the proving procedure based on the Random Oracle Model(ROM) show this scheme is secure against dictionary attack and resource-depletion DoS(Denial-of-Service) attack under the computational Diffie-Hellman intractability assumption.This scheme effectively preserves the user's privacy and server's privacy,and compared with other schemes such as VIET et al.'s scheme,it is more efficient.

Junhan Yang,Tianjie Cao

DOI: https://doi.org/10.1166/sl.2013.2960

2013-01-01

Sensor Letters

Abstract:In this paper, a novel three-party authenticated key exchange protocol is proposed based onkey encapsulation sensor mechanism. It consists of two components: an efficient 2-party CL-KEM based authentication and key exchange protocol and a 3-party MAC based key exchange protocol. Fortunately, the present protocol is probably secure in the standard model. It achieves both forward security and mutual authentication. It is also secure against key compromise impersonation attacks.

Yang Junhan,Cao Tianjie

DOI: https://doi.org/10.3969/j.issn.1673-4807.2012.03.016

2012-01-01

Abstract:The authors find the password authentication protocol using smart card proposed by Lee et al.suffers from off-line dictionary attack,user impersonation attack and lacks of key exchange.To solve these problems,an improved scheme is put forward and the security of the novel protocol is proved using the formal security model. The result shows that the novel protocol can not only conquer the security problem of the original protocol but also retain all security characteristics of the original protocol.

Hu Xiong,Qianhong Wu,Zhong Chen

DOI: https://doi.org/10.1007/978-3-642-24861-0_6

2011-01-01

Abstract:Certificateless authenticated key exchange (CL-AKE) protocols do not suffer from intricate certificate management or heavy trust reliance on a third party. Unfortunately, these advantages are partially counteracted in most CL-AKE protocols which require expensive pairing operations. This paper proposes a new CL-AKE protocol without requiring any pairing operation during the protocol execution, although a pairing map may be required to realize a Decisional Diffie-Hellman (DDH) oracle in the security proof. With implicit authentication, we illustrate modular proofs in a security model incorporating standard definitions of AKE protocols and certificateless cryptography. Analysis shows that our protocol is also efficient.

Shuhong Wang,Jie Wang,Maozhi Xu

DOI: https://doi.org/10.1007/978-3-540-24852-1_30

2004-01-01

Abstract:A password-authenticated key exchange scheme allows two entities, who only share a memorable password, to authenticate each other and to agree on a. cryptographic session key. Instead of considering it in the classic client and server scenarios, Byun et al. recently proposed a password-authenticated key exchange protocol in a cross-realm setting where two clients in different realms obtain a secret session key as well as mutual authentication, with the help of respective servers. In this paper, we first, point out that the proposed protocol is not secure, due to the choice of invalid parameters (say, subgroup generator). Furthermore, we show in detail that, even with properly chosen parameters, the protocol has still some secure flaws. We provide three attacks to illustrate the insecurity of the protocol. Finally, countermeasures are also given, which are believed able to withstand our attacks.

Jianbin Hu,Hu Xiong,Zhi Guan,Cong Tang,Yonggang Wang,Wei Xin,Zhong Chen

DOI: https://doi.org/10.1109/ISPAW.2011.15

2011-01-01

Abstract:Key agreement protocols are multi-party protocols in which entities exchange public information allowing them to create a common secret key that is known only to those entities and which cannot be predetermined by any party. Recently, the notion of certificateless public key cryptography was introduced to mitigate the heavy certificate management burden in traditional public key infrastructure and key escrow problem in ID-based cryptosystem. In this paper, we present an efficient certificateless three-party authenticated key agreement protocol based on certificateless signature scheme. We show that the proposed protocol is secure (i.e. conforms to defined security attributes) while being efficient.

Hu Xiong,Yanan Chen,Zhong Chen,Fagen Li

DOI: https://doi.org/10.2316/Journal.202.2013.1.202-3540

2015-01-01

International Journal of Computers and Applications

Abstract:Three-party password-based authenticated key exchange (3PAKE) protocols allow two users (clients) to establish a session key with the help of an authenticated server over an insecure channel. Owning to the significance in building a secure communication channel, a number of approaches have been suggested over the years. However, the lack of formal security proof is a major issue in the related literature. In this paper, we propose a simple 3PAKE protocol based upon elliptic curve cryptography along with formal security proof under the decisional Diffie-Hellman assumption. Experimental results by using the automated validation of Internet security protocols and applications tool also show that the proposed protocol is secure against various malicious attacks. Compared with previous work, the proposed protocol has lower computation costs and lighter communication loads.

XIANG Yong-qian,CHEN Jian-hua

DOI: https://doi.org/10.3969/j.issn.1671-1122.2012.11.009

2012-01-01

Abstract:In order to ensure the security of communications in the public network environment,a tripartite authenticated key exchange protocol has been widespread concern.In 2009,Yang et al proposed a tripartite authenticated key exchange protocol based on elliptic curve cryptography in mobile e-commerce environment.However,Tan pointed out that the protocol of Yang et al.was suffered a counterfeit attack.In order to improve security,Tan proposed an improved agreement.However,Nose pointed out that Tan's protocol can not resist counterfeit attacks and man-in-the-middle attack.In order to improve security,Author propose a new tripartite authenticated key exchange protocol.

Hu Xiong,Zhong Chen,Fagen Li

DOI: https://doi.org/10.1016/j.mcm.2011.10.001

2012-01-01

Mathematical and Computer Modelling

Abstract:Authenticated key agreement (AKA) protocols are multi-party protocols in which entities exchange public information allowing them to create a common secret key that is known only to those entities over an open network. Recently, in order to circumvent the key escrow problem inherent to ID-based cryptography and the certificate management burden in traditional public key infrastructure, the notion of certificateless public key cryptography (CL-PKC) was introduced. In this paper, we first present a security model for certificateless AKA protocols for three parties, and then propose an efficient construction based on bilinear pairings. The security of the proposed scheme can be proved to be equivalent to the computational Diffie–Hellman problem in the random oracle model.

Haimin Jin,Duncan S. Wong,Yinlong Xu

DOI: https://doi.org/10.1007/978-3-540-77048-0_4

2007-01-01

Abstract:One of the prominent advantages of password-only two-server authenticated key exchange is that the user password will remain secure against offline dictionary attacks even after one of the servers has been compromised. The first system of this type was proposed by Yang, Deng and Bao in 2006. The system is efficient with a total of eight communication rounds in one protocol run. However, the security assumptions are strong. It assumes that one particular server cannot be compromised by an active adversary. It also assumes that there exists a secure communication channel between the two servers. Recently, a new protocol has been proposed by the same group of researchers. The new one removes these assumptions, but in return pays a very high price on the communication overhead. It takes altogether ten rounds to complete one protocol run and requires more computation. Therefore, the question remains is whether it is possible to build a protocol which can significantly reduce the number of communication rounds without introducing additional security assumptions or computational complexity. In this paper, we give an affirmative answer by proposing a very efficient protocol with no additional assumption introduced. The protocol requires only six communication rounds without increasing the computational complexity.

LIU Jie,LI Jian-hua

DOI: https://doi.org/10.3778/j.issn.1002-8331.2008.14.031

2008-01-01

Computer Engineering and Applications Journal

Abstract:Investigate a Diffie-Hellman key exchange protocol which is integrated into digital signature algorithm.Analyze Phan's improved protocol and give a further improvement.Then a novel key exchange protocol based on RSA-OAEP cryptosystem is presented.The protocol is simple,efficient and can provide standard security attributes that key exchange protocols should have.