Chun-Li Lin,Hung-Min Sun,Tzonelih Hwang

DOI: https://doi.org/10.1145/506106.506108

2000-01-01

ACM SIGOPS Operating Systems Review

Abstract:Password-based mechanism is the widely used method for authentication since it allows people to choose their own passwords without any assistant device to generate or store. However, people are used to choose easy-to-remember passwords such that guessing attacks could succeed. In 1992, Bellovin and Merritt proposed Encrypted Key Exchange (EKE) protocols for preventing guessing attacks, in which two communication parties A and B securely share a possibly weak password in advance. In large communication environments, it is inconvenient in key management that every two communication parties mutually share a secret. Three-party EKE protocols, in which all parties (clients) share their secrets with a trusted server only, are more suitable for large communication environments. In 1995, Steiner, Tsudik and Waidner proposed a realization of three-party EKE protocol which is later demonstrated that it is vulnerable to undetectable on-line guessing attacks. In this paper, We will show a new off-line guessing attack on Steiner, Tsudik and Waidners' protocol. Besides, we will also propose a new three-party EKE protocol which not only is secure against both the off-line guessing attack and undetectable on-line guessing attacks but also satisfies the security properties of perfect forward secrecy and known-key security.

HM Sun,BC Chen,T Hwang

DOI: https://doi.org/10.1016/j.jss.2003.11.017

IF: 3.5

2004-01-01

Journal of Systems and Software

Abstract:Key exchange protocol is important for sending secret messages using the session key between two parties. In order to reach the objective, the premise is to generate a session key securely. Encryption key exchange was first proposed to generate a session key with a weak authenticated password against guessing attacks. Next, another authenticated key exchange protocols for three-party, two clients who request the session key and one server who authenticates the user's identity and assist in generating a session key, were proposed. In this paper, we focus on the three-party authenticated key exchange protocol. In addition to analyzing and improving a password-based authenticated key exchange protocol, a new verified-based protocol is also proposed.

CL Lin,HM Sun,M Steiner,T Hwang

DOI: https://doi.org/10.1016/j.cose.2004.06.007

IF: 5.105

2004-01-01

Computers & Security

Abstract:Three-party key-exchange protocols with password authentication-clients share an easy-to-remember password with a trusted server only-are very suitable for applications requiring secure communications between many light-weight clients (end users); it is simply impractical that every two clients share a common secret. Steiner, Tsudik and Waidner (1995) proposed a realization of such a three-party protocol based on the encrypted key exchange (EKE) protocols. However, their protocol was later demonstrated to be vulnerable to off-line and undetectable on-line guessing attacks. Lin, Sun and Hwang (see ACM Operating Syst. Rev., vol.34, no. 4, p.12-20, 2000) proposed a secure three-party protocol with server public-keys. However, the approach of using server public-keys is not always a satisfactory solution and is impractical for some environments. We propose a secure three-party EKE protocol without server public-keys.

Hu Xiong,Yanan Chen,Zhi Guan,Zhong Chen

DOI: https://doi.org/10.1016/j.ins.2013.02.004

IF: 8.1

2013-01-01

Information Sciences

Abstract:Three-party password-based authenticated key exchange (3PAKE) protocols allow two users (clients) to establish a session key with the support from an authenticated server over an insecure channel. Several 3PAKE protocols, which do not require server public keys, have been proposed recently. In this paper, we use Chang et al.’s protocol as a case study and demonstrate that all of the 3PAKE protocols without server public keys are not secure against Key Compromise Impersonation (KCI) attack. A detailed analysis of flaw in these protocols has been conducted and we hope that by identifying this design flaw, similar structural mistakes can be avoided in future designs. Furthermore, we propose an improved protocol that remedies the weakness of these protocols and prove its security in a widely accepted model.

Hu Xiong,Yanan Chen,Zhong Chen,Fagen Li

DOI: https://doi.org/10.2316/Journal.202.2013.1.202-3540

2015-01-01

International Journal of Computers and Applications

Abstract:Three-party password-based authenticated key exchange (3PAKE) protocols allow two users (clients) to establish a session key with the help of an authenticated server over an insecure channel. Owning to the significance in building a secure communication channel, a number of approaches have been suggested over the years. However, the lack of formal security proof is a major issue in the related literature. In this paper, we propose a simple 3PAKE protocol based upon elliptic curve cryptography along with formal security proof under the decisional Diffie-Hellman assumption. Experimental results by using the automated validation of Internet security protocols and applications tool also show that the proposed protocol is secure against various malicious attacks. Compared with previous work, the proposed protocol has lower computation costs and lighter communication loads.

Her-Tyan Yeh,Hung-Min Sun

DOI: https://doi.org/10.1145/583800.583802

2002-01-01

Abstract:AbstractPassword-based mechanism is the widely used method for user authentication. Many password-based authenticated key exchange protocols have been proposed to resist password guessing attacks. In this paper, we present a simple authenticated key agreement protocol called SAKA which is simple and cost-effective. To examine its security, we provide a formal proof of security to show its strength against both passive and active adversaries. Compared with the previously best protocols, SAKA has less number of steps and less computation cost.

XIE Qi,CHEN De-ren,YU Xiu-yuan

IF: 2.034

2010-01-01

Systems Engineering

Abstract:In 2009, Park, et al. proposed an efficient remote user authentication protocol. They claimed that their protocol was the first password and smart card based remote user authentication scheme which can resist the off-line password guessing attack, and had many advantages over existing solutions such as no password tables and timestamp, low communication and computational costs. However, this paper shows that their protocol cannot resist the forgery attack and off-line password guessing attack. To overcome the security weaknesses, two improved schemes based on either nonce or timestamp without affecting the merits of the Park, et al. scheme are proposed. Technical discussions are provided to show that the improved protocol is secure, efficient and practical.

CL Lin,HA Wen,T Hwang,HM Sun

2004-01-01

IEICE Transactions on Fundamentals of Electronics Communications and Computer Sciences

Abstract:We will propose a key-agreement-type three-party password-authenticated key exchange protocol. The proposed protocol is quite efficient and, among the same type of protocols, is the first to be formally proven to be secure. A three-party formal model for security proof is proposed based on [25] and [26]. We construct a simulator in this model to show that our proposed protocol is secure under reasonable and well-defined cryptographic primitives.

Her-Tyan Yeh,Hung-Min Sun

DOI: https://doi.org/10.1016/s0164-1212(03)00093-1

IF: 3.5

2004-01-01

Journal of Systems and Software

Abstract:Up to now, most of the literature on three-party authentication and key distribution protocols has focused on the environment in which two users (clients) establish a session key through an authentication server. In this paper, we discuss another environment in which a user (client) requests service from an application server through an authentication server. We propose two secure and efficient authentication protocols (KTAP: key transfer authentication protocol and KAAP: key agreement authentication protocol) to fit this environment. These two proposed protocols can be efficiently applied to various communication systems in distributed computing environments since they provide security, efficiency, and reliability.

LIAN Huanhuan,HOU Huiying,ZHAO Yunlei

DOI: https://doi.org/10.11959/j.issn.1000−436x.2022062

2022-01-01

Abstract:In view of the fact that server stored the passwords directly in plaintext, there was a risk of server compromise, and two-party PAKE protocol was not suitable for large-scale communication systems, a three-party verifier-based password authenticated key exchange protocol from lattices was proposed.Hashing scheme and zero-knowledge password policy check were combined to realize the generation of verifier and the password checking.A novel verifier-based 3PAKE protocol was constructed by using CCA-secure public-key encryption from lattices, which realized mutual authentication.Security and performance analysis shows that the proposed protocol has better advantages in communication efficiency and security.

Hu Xiong,Zhong Chen,Fagen Li

DOI: https://doi.org/10.1016/j.jnca.2012.10.001

IF: 7.574

2013-01-01

Journal of Network and Computer Applications

Abstract:Key agreement allows multi-parties exchanging public information to create a common secret key that is known only to those entities over an insecure network. In the recent years, several identity-based (ID-based) authenticated key agreement protocols have been proposed and most of them broken. In this paper, we formalize the security model of ID-based authenticated tripartite key agreement protocol and propose a provably secure ID-based authenticated key agreement protocol for three parties with formal security proof under the computational Diffie-Hellman assumption. Experimental results by using the AVISPA tool show that the proposed protocol is secure against various malicious attacks.

ZHU Chang-sheng,LIU Peng-hui,WANG Qing-rong,CAO Lai-cheng

DOI: https://doi.org/10.3724/sp.j.1087.2011.01862

2011-01-01

Journal of Computer Applications

Abstract:How to keep mutual anonymity between two entities is one of the critical issues for Trusted Computation(TC).According to the characteristics of TC,an efficient password-based authenticated key exchange scheme was proposed.Adopting threshold cryptography and fuzzy ID set,the scheme achieved mutual anonymity between user and server sharing ID set.On the premise of secure hashing,the analysis and the proving procedure based on the Random Oracle Model(ROM) show this scheme is secure against dictionary attack and resource-depletion DoS(Denial-of-Service) attack under the computational Diffie-Hellman intractability assumption.This scheme effectively preserves the user's privacy and server's privacy,and compared with other schemes such as VIET et al.'s scheme,it is more efficient.

Yunxia Han,Chunxiang Xu,Changsong Jiang,Kefei Chen

DOI: https://doi.org/10.1109/tdsc.2024.3382359

2024-01-01

IEEE Transactions on Dependable and Secure Computing

Abstract:Two-factor authentication key exchange (AKE) is an effective way to strengthen the security of password-authenticated key exchange. Most two-factor AKE schemes using smart cards as the second factor require users to have the second factor with them any time, which causes users inconveniences. Biometrics provide a user-friendly manner to achieve two-factor AKE since they need not be carried. However, biometrics may have less entropy than expected and would suffer from offline guessing attacks. In this paper, we propose a secure two-factor authentication key exchange scheme TAKE that resists offline guessing attacks against biometrics and passwords. In TAKE, a user generates a combined factor of his/her biometrics and password. To protect the combined factor, the user and the server leverages secure two-party computation to blind it with a key which is protected in a trusted execution environment. Thus, TAKE prevents an adversary from eavesdropping on the combined factor, and simultaneously guarantees that he cannot recover the combined factor from blinded one to undertake offline guessing attacks even if he compromises the server and obtains the blinded combined factor. We provide the formal security proof of TAKE. The experiments show that TAKE is efficient in terms of storage, computation, and communication overhead.

computer science, information systems, software engineering, hardware & architecture

Shuhong Wang,Jie Wang,Maozhi Xu

DOI: https://doi.org/10.1007/978-3-540-24852-1_30

2004-01-01

Abstract:A password-authenticated key exchange scheme allows two entities, who only share a memorable password, to authenticate each other and to agree on a. cryptographic session key. Instead of considering it in the classic client and server scenarios, Byun et al. recently proposed a password-authenticated key exchange protocol in a cross-realm setting where two clients in different realms obtain a secret session key as well as mutual authentication, with the help of respective servers. In this paper, we first, point out that the proposed protocol is not secure, due to the choice of invalid parameters (say, subgroup generator). Furthermore, we show in detail that, even with properly chosen parameters, the protocol has still some secure flaws. We provide three attacks to illustrate the insecurity of the protocol. Finally, countermeasures are also given, which are believed able to withstand our attacks.

Adam Groce,Jonathan Katz

DOI: https://doi.org/10.1145/1866307.1866365

2010-01-01

Abstract:Protocols for password-based authenticated key exchange (PAKE) allow two users who share only a short, low-entropy password to agree on a cryptographically strong session key. The challenge in designing such protocols is that they must be immune to off-line dictionary attacks in which an eavesdropping adversary exhaustively enumerates the dictionary of likely passwords in an attempt to match a password to the set of observed transcripts. To date, few general frameworks for constructing PAKE protocols in the standard model are known. Here, we abstract and generalize a protocol by Jiang and Gong to give a new methodology for realizing PAKE without random oracles, in the common reference string model. In addition to giving a new approach to the problem, the resulting construction off ers several advantages over prior work. We also describe an extension of our protocol that is secure within the universal composability (UC) framework and, when instantiated using El Gamal encryption, is more efficient than a previous protocol of Canetti et al.

Kyongsok Pak,Songho Pak,Cholman Ho,Myongsuk Pak,Choljin Hwang

DOI: https://doi.org/10.1371/journal.pone.0213976

IF: 3.7

2019-03-20

PLoS ONE

Abstract:Three-party authentication key exchange (3PAKE) is a protocol that allows two users to set up a common session key with the help of a trusted remote server, which is effective for secret communication between clients in a large-scale network environment. Since chaotic maps have superior characteristics, researchers have recently presented some of the studies that apply it to authentication key exchange and cryptography. Providing user anonymity in the authentication key exchange is one of the important security requirements to protect users' personal secrets. We analyse Lu et al.'s scheme which attempts to provide user anonymity and we prove that his scheme has errors in the key exchange phase and password change phase. We propose a round-effective three-party authentication key exchange (3PAKE) protocol that provides user anonymity and we analyse its security properties based on BAN logic and AVISPA tool.

Jianbin Hu,Hu Xiong,Zhi Guan,Cong Tang,Yonggang Wang,Wei Xin,Zhong Chen

DOI: https://doi.org/10.1109/ISPAW.2011.15

2011-01-01

Abstract:Key agreement protocols are multi-party protocols in which entities exchange public information allowing them to create a common secret key that is known only to those entities and which cannot be predetermined by any party. Recently, the notion of certificateless public key cryptography was introduced to mitigate the heavy certificate management burden in traditional public key infrastructure and key escrow problem in ID-based cryptosystem. In this paper, we present an efficient certificateless three-party authenticated key agreement protocol based on certificateless signature scheme. We show that the proposed protocol is secure (i.e. conforms to defined security attributes) while being efficient.

Chao Liu,Zhongxiang Zheng,Keting Jia,Qidi You

DOI: https://doi.org/10.1007/978-3-030-34339-2_4

2019-01-01

Abstract:Three-party key exchange, where two clients aim to agree a session key with the help of a trusted server, is prevalent in present-day systems. In this paper, we present a practical and secure three-party password-based authenticated key exchange protocol over ideal lattices. Aside from hash functions our protocol does not rely on external primitives in the construction and the security of our protocol is directly relied on the Ring Learning with Errors (RLWE) assumption. Our protocol attains provable security. A proof-of-concept implementation shows our protocol is indeed practical.

Hu Xiong,Zhong Chen,Fagen Li

DOI: https://doi.org/10.1016/j.mcm.2011.10.001

2012-01-01

Mathematical and Computer Modelling

Abstract:Authenticated key agreement (AKA) protocols are multi-party protocols in which entities exchange public information allowing them to create a common secret key that is known only to those entities over an open network. Recently, in order to circumvent the key escrow problem inherent to ID-based cryptography and the certificate management burden in traditional public key infrastructure, the notion of certificateless public key cryptography (CL-PKC) was introduced. In this paper, we first present a security model for certificateless AKA protocols for three parties, and then propose an efficient construction based on bilinear pairings. The security of the proposed scheme can be proved to be equivalent to the computational Diffie–Hellman problem in the random oracle model.

Jiaqing Mo,Hang Chen,Wei Shen

DOI: https://doi.org/10.1007/978-3-030-16946-6_36

2020-01-01

Abstract:Cryptanalyzing the security weaknesses of authentication protocols is extremely important to propose countermeasures and develop a truly secure protocol. Over last few years, many three factor-based authentication schemes with key agreement have been proposed for multi-server environment. In 2017, Ali and Pal developed a three-factor authentication scheme in multi-server environment using elliptic curve cryptography (ECC) to remedy the security flaws in Li et al.'s scheme and claimed their improved version can withstand the passive and active attacks. In this paper, we prove that Ali-Pal's scheme is subject to offline password guessing attack, replay attack, and known session-specific temporary information (KSSTI) attack. In the same year, Feng et al. examined Kumari et al.'s biometrics-based authentication scheme for multi-server environment and found that their scheme was vulnerable to several attacks. To fix these weaknesses, Feng et al. proposed an enhanced three-factor authentication scheme with key distribution for mobile multi-server environment and claimed that their scheme can satisfy the security and functional requirements. However, we show that Feng et al.'s scheme fails to resist offline password guessing attack, and suffers from replay attack. In addition to point out the security defects, we put forward countermeasures to eliminate the security risks and secure the three factor-based authentication schemes for multi-server environment.