Debiao He,Yitao Chen,Jianhua Chen

DOI: https://doi.org/10.1007/s13369-013-0575-4

IF: 2.807

2013-01-01

Arabian Journal for Science and Engineering

Abstract:To ensure secure communications in public network environments, various three-party authenticated key exchange (3PAKE) protocols were proposed to provide the transaction confidentiality and efficiency. In 2009, Yang et al. proposed an efficient 3PAKE protocol based upon elliptic curve cryptography (ECC) for mobile-commerce environments. The adoption of elliptic curve cryptography in their 3PAKE protocol results in low computation costs and light communication loads. However, Tan demonstrated that Yang et al.'s protocol suffers from the impersonation attack. Tan also proposed an enhanced protocol to improve the security and the performance. However, Nose pointed that Tan's protocol suffers from the impersonation attack and the man-in-the-middle attack. To improve the security, we propose an ID-based 3PAKE using ECC. The analysis shows our protocol is more suitable and practical for mobile-commerce environments.

Jianqing Fu,Jian Chen,Rong Fan,XiaoPing Chen,Lingdi Ping

DOI: https://doi.org/10.1109/wcse.2009.731

2009-01-01

Abstract:With the widespread use of mobile devices, authentication and privacy of identification become important issues. We analyzed the security flaws and shortcomings of a delegation-based authentication protocol which was proposed by Caimu Tang, et al., and provided an improved protocol. We use elliptic-curve cryptography and hash chain to ensure the safety of system in our scheme. The research results reveal that the improved protocol can not only corrects the security flaws but also improve the efficiency of key management and reduce the computational load.

Huibo Yang,Jianhua Chen,Yuanyuan Zhang

DOI: https://doi.org/10.1007/s11277-015-2847-7

IF: 2.017

2015-01-01

Wireless Personal Communications

Abstract:Mobile environment has been used in large area range of network. In order to secure communication, a number of schemes have been proposed. The typical schemes are two-party authentication key exchange (2PAKE) protocols. It is based on elliptic curve cryptosystem. The main weakness of the protocol is that attackers have the ability to impersonate a legal user at any time. In addition, it is vulnerable to the public key problem and unknown key share attack. In this paper, we propose a 2PAKE protocol. Our protocol is indeed safer and meets the needs. Hence, the proposed protocol has a great contribution to the area of mobile environment.

Hu Xiong,Zhong Chen,Fagen Li

DOI: https://doi.org/10.1016/j.jnca.2012.10.001

IF: 7.574

2013-01-01

Journal of Network and Computer Applications

Abstract:Key agreement allows multi-parties exchanging public information to create a common secret key that is known only to those entities over an insecure network. In the recent years, several identity-based (ID-based) authenticated key agreement protocols have been proposed and most of them broken. In this paper, we formalize the security model of ID-based authenticated tripartite key agreement protocol and propose a provably secure ID-based authenticated key agreement protocol for three parties with formal security proof under the computational Diffie-Hellman assumption. Experimental results by using the AVISPA tool show that the proposed protocol is secure against various malicious attacks.

Huihui Yang,J.H. Chen,Yongjuan Zhang

DOI: https://doi.org/10.2991/itms-15.2015.224

2015-01-01

Abstract:Key exchange protocol plays an important role in cryptosystem, by which two sides who communicate with each other over an open network can obtain a common session key to keep the communication secret.Both two communication entities make full use of the received messages to compute a secret session key.In 1976, Diffie and Hellman [1] put forward a first key exchange protocol, which cannot make authentication of two communication entities possible.On account of lacking mutual authentication, two parties are subject to the man-in the-middle attack.Since then, some two-party authentication key exchange (2PAKE) protocols are proposed [2][3][4][7][8][9][10].Two authentication key exchange protocols furnish mutual authentication of two entities and are suitable for application in public channel.On the basis of new cryptographic techniques, 2PAKE protocols can be divided into three classes.(1) A public-key-based key exchange protocol authenticates each other and builds a common session key by means of public-key technology of cryptography.However, it takes much time to verify the process for certificates in a public-key cryptosystem.(2) A two-party password-based authentication key exchange (2PAKE) protocol allows two sides to have a share in a common password so as to obtain a secret session key.But it is unfit for large area wide range of communication environment to share a secret password for building the common session key.(3) An ID-based key exchange protocol utilizes some user's information (identity, e-mail or social security number) as its public key.Miller [5] and Koblitz [6] propose the concept of ECC.Yang et al. [11] proposed 2PAKE on basis of ECC [12] to increasing the level of security.In 2009, Yoon et al. [13] pointed out that Yang et al.'s protocol cannot furnish forward secrecy and be subject to impersonation attacks.Compared with Yoon et al.'s scheme, He et al.'s scheme [14] is more fit and efficient in mobile environment.This is because Yoon et al.'s protocol cannot furnish prefect forward secrecy.However, He et al.'s protocol doesn't surmount weakness.A legal party cannot confirm whether or not private key of the user is correct.Based on the above protocols, Chou et al. propose an ID-based authenticated scheme [15].However, their protocol cannot resist impersonation attacks.In this paper, we proposed new protocol can resist impersonation attack, public key problem, unknown key share attack, mutual authentication, forward secrecy and deniable authentication attack.Meanwhile, we show that our protocol is efficient.The remainder of this paper is organized as follows.Section 2 describes some preliminaries.We propose our protocol in Section 3. The security analysis of the proposed protocol is presented in Section 4. Comparisons are given in Section 5.

Mingping Qi,Jianhua Chen

DOI: https://doi.org/10.1002/dac.3341

2017-01-01

International Journal of Communication Systems

Abstract:SummaryThe primary goal of this research is to ensure secure communications by client‐server architectures in mobile environment. Although various two‐party authentication key exchange protocols are proposed and claimed to be resistant to a variety of attacks, studies have shown that various loopholes exist in these protocols. What's more, many two‐party authentication key exchange protocols use timestamp to prevent the replay attack and transmit the user's identity in plaintext form. Obviously, these methods will lead to the clock synchronization problem and user's anonymity problem. Fortunately, the three‐way challenged‐response handshake technique and masking user's original identity with a secret hash value used in our study address these problems well. Of course, the proposed protocol based on elliptic curve cryptography supports flawless mutual authentication of participants, agreement of session key, impersonation attack resistance, replay attack resistance, and prefect forward secrecy, as well. The analyses in the aspects of efficiency and security show that the proposed protocol is a better choice for mobile users.

S. K. Hafizul Islam,Ruhul Amin,G. P. Biswas,Mohammad Sabzinejad Farash,Xiong Li,Saru Kumari

DOI: https://doi.org/10.1016/j.jksuci.2015.08.002

IF: 9.006

2015-01-01

Journal of King Saud University - Computer and Information Sciences

Abstract:In the literature, many three-party authenticated key exchange (3PAKE) protocols are put forwarded to established a secure session key between two users with the help of trusted server. The computed session key will ensure secure message exchange between the users over any insecure communication networks. In this paper, we identified some deficiencies in Tan’s 3PAKE protocol and then devised an improved 3PAKE protocol without symmetric key en/decryption technique for mobile-commerce environments. The proposed protocol is based on the elliptic curve cryptography and one-way cryptographic hash function. In order to prove security validation of the proposed 3PAKE protocol we have used widely accepted AVISPA software whose results confirm that the proposed protocol is secure against active and passive attacks including replay and man-in-the-middle attacks. The proposed protocol is not only secure in the AVISPA software, but it also secure against relevant numerous security attacks such as man-in-the-middle attack, impersonation attack, parallel attack, key-compromise impersonation attack, etc. In addition, our protocol is designed with lower computation cost than other relevant protocols. Therefore, the proposed protocol is more efficient and suitable for practical use than other protocols in mobile-commerce environments.

XU Chun-xiang,HE Xiao-hu

DOI: https://doi.org/10.3969/j.issn.1001-0548.2012.04.023

2012-01-01

Abstract:Three-party password-based authenticated key exchange protocols allow two clients to authenticate each other and establish a shared session key through a trusted server who preserves clients’ passwords or verifiers about passwords.However,because of the low entropy of passwords,password-based authenticated key exchange protocols are vulnerable to dictionary attacks.Based on available protocols,a new efficient three-party password-based authenticated key exchange protocol is proposed by combining the symmetric encryption algorithm with the method of two-party key exchange protocol of Diffie-Hellman.Results indicate that and the proposed protocol can resist against various attacks and provide the perfect forward security.

Yulei Chen,Jianhua Chen

DOI: https://doi.org/10.1002/ett.4542

IF: 3.6

2022-01-01

Transactions on Emerging Telecommunications Technologies

Abstract:With the gradual penetration of computers and communication networks into people's lives, more and more people begin to pay attention to the information security. Key agreement protocol provides identity authentication for participants in communication system and generates a temporary session key for participants to encrypt messages. Recently, Wang et al designed an authentication and key agreement (AKA) protocol based elliptic curve cryptosystem and proved that their scheme can resist various known attacks. In this article, we analyze the security of their scheme and demonstrate that it is vulnerable to the temporary factor leakage attacks and insider attacks. Then, based on the elliptic curve public key cryptographic algorithm, we design a secure anonymous two-factor user AKA protocol. And we use the well-known random oracle model (ROM) and traditional heuristic discussion to prove the security of the proposed protocol. By comparing with several existing protocols based on public key cryptography algorithm, it is found that this protocol is more secure and efficient. The security analysis shows that the protocol designed in this article can meet all kinds of security requirements and consumes the less computing resources on users and servers, and is especially suitable for the scenarios with high security and efficiency requirements.

ZHU Chang-sheng,LIU Peng-hui,WANG Qing-rong,CAO Lai-cheng

DOI: https://doi.org/10.3724/sp.j.1087.2011.01862

2011-01-01

Journal of Computer Applications

Abstract:How to keep mutual anonymity between two entities is one of the critical issues for Trusted Computation(TC).According to the characteristics of TC,an efficient password-based authenticated key exchange scheme was proposed.Adopting threshold cryptography and fuzzy ID set,the scheme achieved mutual anonymity between user and server sharing ID set.On the premise of secure hashing,the analysis and the proving procedure based on the Random Oracle Model(ROM) show this scheme is secure against dictionary attack and resource-depletion DoS(Denial-of-Service) attack under the computational Diffie-Hellman intractability assumption.This scheme effectively preserves the user's privacy and server's privacy,and compared with other schemes such as VIET et al.'s scheme,it is more efficient.

Hu Xiong,Yanan Chen,Zhong Chen,Fagen Li

DOI: https://doi.org/10.2316/Journal.202.2013.1.202-3540

2015-01-01

International Journal of Computers and Applications

Abstract:Three-party password-based authenticated key exchange (3PAKE) protocols allow two users (clients) to establish a session key with the help of an authenticated server over an insecure channel. Owning to the significance in building a secure communication channel, a number of approaches have been suggested over the years. However, the lack of formal security proof is a major issue in the related literature. In this paper, we propose a simple 3PAKE protocol based upon elliptic curve cryptography along with formal security proof under the decisional Diffie-Hellman assumption. Experimental results by using the automated validation of Internet security protocols and applications tool also show that the proposed protocol is secure against various malicious attacks. Compared with previous work, the proposed protocol has lower computation costs and lighter communication loads.

Jun-Han Yang,Tian-Jie Cao

DOI: https://doi.org/10.1016/j.jss.2011.08.024

IF: 3.5

2012-01-01

Journal of Systems and Software

Abstract:Three-party password authenticated key exchange protocol is a very practical mechanism to establish secure session key through authenticating each other with the help of a trusted server. Most three-party password authenticated key exchange protocols only guarantee security in the random oracle model. However, a random oracle based cryptographic construction may be insecure when the oracle is replaced by real function. Moreover, some previous unknown attacks appear with the advance of the adversary capability. Therefore, a suitable standard model which can imitate a wider variety of attack scenarios for 3PAKE protocol is needed. Aim at resisting dictionary attack, unknown key-share attack and password-compromise impersonation attack, an expanded standard model for 3PAKE protocol is given. Meanwhile, through applying ElGamal encryption scheme and pseudorandom function, a specific three-party password authenticated key exchange protocol is proposed. The security of the proposed protocol is proven in the new standard model. The result shows that the present protocol has stronger security by comparing with other existing protocols, which covers the following security properties: (1) semantic security, (2) key privacy, (3) client-to-server authentication, (4) mutual authentication, (5) resistance to various known attacks, and (6) forward security.

Junhan Yang,Tianjie Cao

2011-01-01

Journal of Computational Information Systems

Abstract:With advances in elliptic curve cryptography, Li et al. and Yoon et al. proposed two password-authenticated key exchange protocols without server's public key. They claimed to be secure against several possible attacks, securely update user passwords without a complicated process, and also provide explicit key authentication in the case of a session key agreement. Unfortunately, Li et al.'s protocol is vulnerable to off-line dictionary attack and man-in-the-middle attack. Meanwhile Yoon et al.'s protocol is subject to off-line dictionary attack and fails to provide backward secrecy. In this paper, we conduct a detailed analysis on the flaws and also propose a verifier-based password-authenticated key exchange protocol via elliptic curves which is secure against various known attacks. Copyright © 2011 Binary Information Press.

Chun-Li Lin,Hung-Min Sun,Tzonelih Hwang

DOI: https://doi.org/10.1145/506106.506108

2000-01-01

ACM SIGOPS Operating Systems Review

Abstract:Password-based mechanism is the widely used method for authentication since it allows people to choose their own passwords without any assistant device to generate or store. However, people are used to choose easy-to-remember passwords such that guessing attacks could succeed. In 1992, Bellovin and Merritt proposed Encrypted Key Exchange (EKE) protocols for preventing guessing attacks, in which two communication parties A and B securely share a possibly weak password in advance. In large communication environments, it is inconvenient in key management that every two communication parties mutually share a secret. Three-party EKE protocols, in which all parties (clients) share their secrets with a trusted server only, are more suitable for large communication environments. In 1995, Steiner, Tsudik and Waidner proposed a realization of three-party EKE protocol which is later demonstrated that it is vulnerable to undetectable on-line guessing attacks. In this paper, We will show a new off-line guessing attack on Steiner, Tsudik and Waidners' protocol. Besides, we will also propose a new three-party EKE protocol which not only is secure against both the off-line guessing attack and undetectable on-line guessing attacks but also satisfies the security properties of perfect forward secrecy and known-key security.

HM Sun,BC Chen,T Hwang

DOI: https://doi.org/10.1016/j.jss.2003.11.017

IF: 3.5

2004-01-01

Journal of Systems and Software

Abstract:Key exchange protocol is important for sending secret messages using the session key between two parties. In order to reach the objective, the premise is to generate a session key securely. Encryption key exchange was first proposed to generate a session key with a weak authenticated password against guessing attacks. Next, another authenticated key exchange protocols for three-party, two clients who request the session key and one server who authenticates the user's identity and assist in generating a session key, were proposed. In this paper, we focus on the three-party authenticated key exchange protocol. In addition to analyzing and improving a password-based authenticated key exchange protocol, a new verified-based protocol is also proposed.

CAO Tian-jie,LEI Hong

DOI: https://doi.org/10.3321/j.issn:0372-2112.2008.02.035

2008-01-01

Abstract:Authenticated key agreement protocol is designed to provide pair of parties communicating over an insecure network with a secure session key.However,most of the existing authenticated key agreement protocols are not designed for protecting privacy.We emphasize user's privacy properties in network services,in particular we stress anonymity and deniability.We specify the desired security properties of privacy-enhancing authentication key agreement protocols,i.e.mutual authentication,key control,key confirmation,session-key confidentiality,known-key security,forward secrecy,anonymity of user,forward anonymity of user,unlinkability,deniability.Based on elliptic curve cryptosystem we also propose a protocol which satisfies all the desired security properties.

Debiao He,Jianhua Chen,Jin Hu

2010-01-01

Abstract:Recently, Yoon et al. and Wu proposed two improved remote mutual authentication and key agreement scheme for mobile devices on elliptic curve cryptosystem. In this paper, we show that Yoon et al.'s protocol fails to provide explicit key perfect forward secrecy and fails to achieve explicit key confirmation. We also point out Wu's scheme decreases efficiency by using the double secret keys and is vulnerable to the password guessing attack and the forgery attack. In order to overcome the drawback, we proposed and improved scheme. Through the comparison with other protocol, we believe that our improved scheme is more suitable for real-life applications.

Wenping Yu,Rui Zhang,Maode Ma,Cong Wang

DOI: https://doi.org/10.3390/electronics13020449

IF: 2.9

2024-01-23

Electronics

Abstract:In the process of vehicles transitioning from conventional means of transportation to mobile computing platforms, ensuring secure communication and data exchange is of paramount importance. Consequently, identity authentication has emerged as a crucial security measure. Specifically, effective authentication is required prior to the communication between the On-Board Unit (OBU) and Roadside Unit (RSU). To address vehicle identity authentication challenges in the Internet of Vehicles (VANETs), this paper proposes a three-party identity authentication and key agreement protocol based on elliptic curve public key cryptography. Considering issues such as vehicle impersonation attacks, RSU impersonation attacks, and vehicle privacy breaches in existing schemes within wireless mobile environments, this protocol introduces a trusted registry center that successfully enables mutual authentication between OBU and RSU. The proposed protocol not only enhances the VANETs system's ability to withstand security threats but also improves the credibility and efficiency of the authentication process.

engineering, electrical & electronic,computer science, information systems,physics, applied

Debiao He,Jianhua Chen,Jin Hu

DOI: https://doi.org/10.31449/inf.v34i3.308

2010-01-01

Informatica

Abstract:Key exchange protocols allow two or more parties communicating over a public network to establish a common secret key called a session key. Due to their significance in building a secure communication channel, a number of key exchange protocols have been suggested over the years for a variety of settings. Among these is the so-called S-3PAKE protocol proposed by Lu and Cao for passwordauthenticated key exchange in the three-party setting. In the current work, we are concerned with the password security of the S-3PAKE protocol. We first show that S-3PAKE is vulnerable to an off-line dictionary attack in which an attacker exhaustively enumerates all possible passwords in an off-line manner to determine the correct one. We then figure out how to eliminate the security vulnerability of S3PAKE.

Qiong Pu,Jian Wang,Shuhua Wu,Ji Fu

DOI: https://doi.org/10.1007/s12083-012-0125-y

IF: 3.488

2012-01-01

Peer-to-Peer Networking and Applications

Abstract:In order to secure large-scale peer-to-peer communication system, Chien recently presented a three-party password authenticated key exchange protocol using verifiers to reduce the damages of server corruption. In this paper, we first show his protocol is still vulnerable to a partition attack (offline dictionary attack). Thereafter we propose an enhanced verifier-based protocol that can defeat the attacks described and yet is reasonably efficient. Furthermore, we can provide the rigorous proof of the security for it.