Jianjie Zhao,Dawu Gu

DOI: https://doi.org/10.1016/j.ins.2011.07.015

IF: 8.1

2011-01-01

Information Sciences

Abstract:A three-party password-based authenticated key exchange (3PAKE) protocol is a useful mechanism to establish a secure session key in a network. However, most current 3PAKE protocols only achieve “heuristic” security; the underlying hardness assumptions of these protocols are not perfect. We propose a 3PAKE protocol which is provably secure if the Diffie–Hellman problem is computationally infeasible (the CDH assumption), even in the 3eCK model where the adversary is allowed to make more queries and have more freedom than previous models. In our formal proof, we use the trapdoor test technique introduced by Cash, Kiltz and Shoup to construct an efficient decision oracle. As far as we know, our protocol is the first provably secure 3PAKE protocol based on the CDH assumption and the first 3PAKE protocol using the trapdoor test technique for the security proof.

Jun-Han Yang,Tian-Jie Cao

DOI: https://doi.org/10.1016/j.jss.2011.08.024

IF: 3.5

2012-01-01

Journal of Systems and Software

Abstract:Three-party password authenticated key exchange protocol is a very practical mechanism to establish secure session key through authenticating each other with the help of a trusted server. Most three-party password authenticated key exchange protocols only guarantee security in the random oracle model. However, a random oracle based cryptographic construction may be insecure when the oracle is replaced by real function. Moreover, some previous unknown attacks appear with the advance of the adversary capability. Therefore, a suitable standard model which can imitate a wider variety of attack scenarios for 3PAKE protocol is needed. Aim at resisting dictionary attack, unknown key-share attack and password-compromise impersonation attack, an expanded standard model for 3PAKE protocol is given. Meanwhile, through applying ElGamal encryption scheme and pseudorandom function, a specific three-party password authenticated key exchange protocol is proposed. The security of the proposed protocol is proven in the new standard model. The result shows that the present protocol has stronger security by comparing with other existing protocols, which covers the following security properties: (1) semantic security, (2) key privacy, (3) client-to-server authentication, (4) mutual authentication, (5) resistance to various known attacks, and (6) forward security.

Hu Xiong,Yanan Chen,Zhi Guan,Zhong Chen

DOI: https://doi.org/10.1016/j.ins.2013.02.004

IF: 8.1

2013-01-01

Information Sciences

Abstract:Three-party password-based authenticated key exchange (3PAKE) protocols allow two users (clients) to establish a session key with the support from an authenticated server over an insecure channel. Several 3PAKE protocols, which do not require server public keys, have been proposed recently. In this paper, we use Chang et al.’s protocol as a case study and demonstrate that all of the 3PAKE protocols without server public keys are not secure against Key Compromise Impersonation (KCI) attack. A detailed analysis of flaw in these protocols has been conducted and we hope that by identifying this design flaw, similar structural mistakes can be avoided in future designs. Furthermore, we propose an improved protocol that remedies the weakness of these protocols and prove its security in a widely accepted model.

Debiao He,Jianhua Chen,Jin Hu

DOI: https://doi.org/10.31449/inf.v34i3.308

2010-01-01

Informatica

Abstract:Key exchange protocols allow two or more parties communicating over a public network to establish a common secret key called a session key. Due to their significance in building a secure communication channel, a number of key exchange protocols have been suggested over the years for a variety of settings. Among these is the so-called S-3PAKE protocol proposed by Lu and Cao for passwordauthenticated key exchange in the three-party setting. In the current work, we are concerned with the password security of the S-3PAKE protocol. We first show that S-3PAKE is vulnerable to an off-line dictionary attack in which an attacker exhaustively enumerates all possible passwords in an off-line manner to determine the correct one. We then figure out how to eliminate the security vulnerability of S3PAKE.

Jianjie Zhao,Dawu Gu,Lei Zhang

DOI: https://doi.org/10.1002/sec.316

IF: 1.968

2011-01-01

Security and Communication Networks

Abstract:ABSTRACTRecently, Tzung‐Her Chen, Wei‐Bin Lee, and Hsing‐Bai Chen (CLC) proposed a new three‐party password‐based authenticated key exchange (3PAKE) protocol. This CLC protocol needs not store the security‐sensitive table on the server side, which reduces the danger of the server being compromised; also, it has the advantage in terms of the round efficiency and computational cost. However, we find that the leakage of values VA and VB in the CLC protocol will make a man‐in‐the‐middle attack feasible in practice. On the basis of this finding, we present a modified 3PAKE protocol called I‐CLC protocol, which is essentially an improved CLC protocol. I‐CLC can resist attacks available, including the man‐in‐the‐middle attack that we mentioned on the initial CLC protocol. Meanwhile, the new protocol allows that the participants choose their own passwords by themselves; additionally, the computation cost of I‐CLC is lower than that of CLC protocol. Copyright © 2011 John Wiley & Sons, Ltd.

LIAN Huanhuan,HOU Huiying,ZHAO Yunlei

DOI: https://doi.org/10.11959/j.issn.1000−436x.2022062

2022-01-01

Abstract:In view of the fact that server stored the passwords directly in plaintext, there was a risk of server compromise, and two-party PAKE protocol was not suitable for large-scale communication systems, a three-party verifier-based password authenticated key exchange protocol from lattices was proposed.Hashing scheme and zero-knowledge password policy check were combined to realize the generation of verifier and the password checking.A novel verifier-based 3PAKE protocol was constructed by using CCA-secure public-key encryption from lattices, which realized mutual authentication.Security and performance analysis shows that the proposed protocol has better advantages in communication efficiency and security.

Hu Xiong,Zhong Chen,Fagen Li

DOI: https://doi.org/10.1016/j.jnca.2012.10.001

IF: 7.574

2013-01-01

Journal of Network and Computer Applications

Abstract:Key agreement allows multi-parties exchanging public information to create a common secret key that is known only to those entities over an insecure network. In the recent years, several identity-based (ID-based) authenticated key agreement protocols have been proposed and most of them broken. In this paper, we formalize the security model of ID-based authenticated tripartite key agreement protocol and propose a provably secure ID-based authenticated key agreement protocol for three parties with formal security proof under the computational Diffie-Hellman assumption. Experimental results by using the AVISPA tool show that the proposed protocol is secure against various malicious attacks.

CL Lin,HA Wen,T Hwang,HM Sun

2004-01-01

IEICE Transactions on Fundamentals of Electronics Communications and Computer Sciences

Abstract:We will propose a key-agreement-type three-party password-authenticated key exchange protocol. The proposed protocol is quite efficient and, among the same type of protocols, is the first to be formally proven to be secure. A three-party formal model for security proof is proposed based on [25] and [26]. We construct a simulator in this model to show that our proposed protocol is secure under reasonable and well-defined cryptographic primitives.

S. K. Hafizul Islam,Ruhul Amin,G. P. Biswas,Mohammad Sabzinejad Farash,Xiong Li,Saru Kumari

DOI: https://doi.org/10.1016/j.jksuci.2015.08.002

IF: 9.006

2015-01-01

Journal of King Saud University - Computer and Information Sciences

Abstract:In the literature, many three-party authenticated key exchange (3PAKE) protocols are put forwarded to established a secure session key between two users with the help of trusted server. The computed session key will ensure secure message exchange between the users over any insecure communication networks. In this paper, we identified some deficiencies in Tan’s 3PAKE protocol and then devised an improved 3PAKE protocol without symmetric key en/decryption technique for mobile-commerce environments. The proposed protocol is based on the elliptic curve cryptography and one-way cryptographic hash function. In order to prove security validation of the proposed 3PAKE protocol we have used widely accepted AVISPA software whose results confirm that the proposed protocol is secure against active and passive attacks including replay and man-in-the-middle attacks. The proposed protocol is not only secure in the AVISPA software, but it also secure against relevant numerous security attacks such as man-in-the-middle attack, impersonation attack, parallel attack, key-compromise impersonation attack, etc. In addition, our protocol is designed with lower computation cost than other relevant protocols. Therefore, the proposed protocol is more efficient and suitable for practical use than other protocols in mobile-commerce environments.

XU Chun-xiang,HE Xiao-hu

DOI: https://doi.org/10.3969/j.issn.1001-0548.2012.04.023

2012-01-01

Abstract:Three-party password-based authenticated key exchange protocols allow two clients to authenticate each other and establish a shared session key through a trusted server who preserves clients’ passwords or verifiers about passwords.However,because of the low entropy of passwords,password-based authenticated key exchange protocols are vulnerable to dictionary attacks.Based on available protocols,a new efficient three-party password-based authenticated key exchange protocol is proposed by combining the symmetric encryption algorithm with the method of two-party key exchange protocol of Diffie-Hellman.Results indicate that and the proposed protocol can resist against various attacks and provide the perfect forward security.

Debiao He,Yitao Chen,Jianhua Chen

DOI: https://doi.org/10.1007/s13369-013-0575-4

IF: 2.807

2013-01-01

Arabian Journal for Science and Engineering

Abstract:To ensure secure communications in public network environments, various three-party authenticated key exchange (3PAKE) protocols were proposed to provide the transaction confidentiality and efficiency. In 2009, Yang et al. proposed an efficient 3PAKE protocol based upon elliptic curve cryptography (ECC) for mobile-commerce environments. The adoption of elliptic curve cryptography in their 3PAKE protocol results in low computation costs and light communication loads. However, Tan demonstrated that Yang et al.'s protocol suffers from the impersonation attack. Tan also proposed an enhanced protocol to improve the security and the performance. However, Nose pointed that Tan's protocol suffers from the impersonation attack and the man-in-the-middle attack. To improve the security, we propose an ID-based 3PAKE using ECC. The analysis shows our protocol is more suitable and practical for mobile-commerce environments.

Haomin Yang,Yaoxue Zhang,Yuezhi Zhou,Xiaoming Fu,Hao Liu,Athanasios V. Vasilakos

DOI: https://doi.org/10.1016/j.comnet.2013.08.020

IF: 5.493

2014-01-01

Computer Networks

Abstract:Authenticated key agreement protocol is a useful cryptographic primitive, which can be used to protect the confidentiality, integrity and authenticity for transmitted data over insecure networks. From the point of view of the management of pre-shared secrets, one of the advantages of three-party authenticated key agreement (3PAKA) protocols is that they are more suitable for use in a network with large numbers of users compared with two-party authenticated key agreement protocols. Using smart cards is a practical, secure measure to protect the secret private keys of a user. Recently, some 3PAKA protocols using smart cards have been proposed. However, up to now, it is still a challenging problem to propose a 3PAKA protocol using smart cards with fewer rounds of messages and without using timestamp technique. Another important fact to be mentioned is that existing 3PAKA protocols using smart cards all lack provable-security guarantees. In this paper, we propose a new 3PAKA protocol using smart cards. The proposed protocol gains several advantages over existing related protocols: (1) The protocol is provably secure under the computational Diffie-Hellman assumption in the random oracle model, and hence can resist strong adversaries in network scenarios; (2) The protocol needs fewer rounds of messages, and can enable short communication latency and rapid response; and (3) The protocol is not based on timestamp technique, and does not need the complicated clock synchronization.

Chun-Li Lin,Hung-Min Sun,Tzonelih Hwang

DOI: https://doi.org/10.1145/506106.506108

2000-01-01

ACM SIGOPS Operating Systems Review

Abstract:Password-based mechanism is the widely used method for authentication since it allows people to choose their own passwords without any assistant device to generate or store. However, people are used to choose easy-to-remember passwords such that guessing attacks could succeed. In 1992, Bellovin and Merritt proposed Encrypted Key Exchange (EKE) protocols for preventing guessing attacks, in which two communication parties A and B securely share a possibly weak password in advance. In large communication environments, it is inconvenient in key management that every two communication parties mutually share a secret. Three-party EKE protocols, in which all parties (clients) share their secrets with a trusted server only, are more suitable for large communication environments. In 1995, Steiner, Tsudik and Waidner proposed a realization of three-party EKE protocol which is later demonstrated that it is vulnerable to undetectable on-line guessing attacks. In this paper, We will show a new off-line guessing attack on Steiner, Tsudik and Waidners' protocol. Besides, we will also propose a new three-party EKE protocol which not only is secure against both the off-line guessing attack and undetectable on-line guessing attacks but also satisfies the security properties of perfect forward secrecy and known-key security.

Jianjie Zhao,Dawu Gu

DOI: https://doi.org/10.1007/s11859-010-0312-8

2010-01-01

Wuhan University Journal of Natural Sciences

Abstract:The CLC protocol (proposed by Tzung-Her Chen, Wei-Bin Lee and Hsing-Bai Chen, CLC, for short) is a new three-party password-authenticated key exchange (3PAKE) protocol. This CLC protocol provides a superior round efficiency (only three rounds), and its resources required for computation are relatively few. However, we find that the leakage of values A V and B V in the CLC protocol will make a man-in-the-middle attack feasible in practice, where A V and B V are the authentication information chosen by the server for the participants A and B. In this paper, we describe our attack on the CLC protocol and further present a modified 3PAKE protocol, which is essentially an improved CLC protocol. Our protocol can resist attacks available, including man-in-the-middle attack we mount on the initial CLC protocol. Meanwhile, we allow that the participants choose their own passwords by themselves, thus avoiding the danger that the server is controlled in the initialization phase. Also, the computational cost of our protocol is lower than that of the CLC protocol.

CL Lin,HM Sun,M Steiner,T Hwang

DOI: https://doi.org/10.1016/j.cose.2004.06.007

IF: 5.105

2004-01-01

Computers & Security

Abstract:Three-party key-exchange protocols with password authentication-clients share an easy-to-remember password with a trusted server only-are very suitable for applications requiring secure communications between many light-weight clients (end users); it is simply impractical that every two clients share a common secret. Steiner, Tsudik and Waidner (1995) proposed a realization of such a three-party protocol based on the encrypted key exchange (EKE) protocols. However, their protocol was later demonstrated to be vulnerable to off-line and undetectable on-line guessing attacks. Lin, Sun and Hwang (see ACM Operating Syst. Rev., vol.34, no. 4, p.12-20, 2000) proposed a secure three-party protocol with server public-keys. However, the approach of using server public-keys is not always a satisfactory solution and is impractical for some environments. We propose a secure three-party EKE protocol without server public-keys.

Huibo Yang,Jianhua Chen,Yuanyuan Zhang

DOI: https://doi.org/10.1007/s11277-015-2847-7

IF: 2.017

2015-01-01

Wireless Personal Communications

Abstract:Mobile environment has been used in large area range of network. In order to secure communication, a number of schemes have been proposed. The typical schemes are two-party authentication key exchange (2PAKE) protocols. It is based on elliptic curve cryptosystem. The main weakness of the protocol is that attackers have the ability to impersonate a legal user at any time. In addition, it is vulnerable to the public key problem and unknown key share attack. In this paper, we propose a 2PAKE protocol. Our protocol is indeed safer and meets the needs. Hence, the proposed protocol has a great contribution to the area of mobile environment.

Victor Boyko,Philip MacKenzie,Sarvar Patel

DOI: https://doi.org/10.1007/3-540-45539-6_12

2000-01-01

Abstract:When designing password-authenticated key exchange protocols (as opposed to key exchange protocols authenticated using crypto-graphically secure keys), one must not allow any information to be leaked that would allow verification of the password (a weak shared key), since an attacker who obtains this information may be able to run an off-line dictionary attack to determine the correct password. We present a new protocol called PAK which is the first Diffie-Hellman-based password-authenticated key exchange protocol to provide a formal proof of security (in the random oracle model) against both passive and active adversaries. In addition to the PAK protocol that provides mutual explicit authentication, we also show a more efficient protocol called PPK that is provably secure in the implicit-authentication model. We then extend PAK to a protocol called PAK-X, in which one side (the client) stores a plaintext version of the password, while the other side (the server) only stores a verifier for the password. We formally prove security of PAK-X, even when the server is compromised. Our formal model for password-authenticated key exchange is new, and may be of independent interest.

Chunbo Ma,Jun Ao,Jianhua Li

2007-01-01

Abstract:A password-based tripartite key agreement protocol is presented in this paper. The three entities involved in this protocol can negotiate a common session key via a shared password over insecure networks. Proofs are given to show that the proposed protocol is secure against forging and chosen message attacks in the case of without actually running a dictionary attack.

Huihui Yang,J.H. Chen,Yongjuan Zhang

DOI: https://doi.org/10.2991/itms-15.2015.224

2015-01-01

Abstract:Key exchange protocol plays an important role in cryptosystem, by which two sides who communicate with each other over an open network can obtain a common session key to keep the communication secret.Both two communication entities make full use of the received messages to compute a secret session key.In 1976, Diffie and Hellman [1] put forward a first key exchange protocol, which cannot make authentication of two communication entities possible.On account of lacking mutual authentication, two parties are subject to the man-in the-middle attack.Since then, some two-party authentication key exchange (2PAKE) protocols are proposed [2][3][4][7][8][9][10].Two authentication key exchange protocols furnish mutual authentication of two entities and are suitable for application in public channel.On the basis of new cryptographic techniques, 2PAKE protocols can be divided into three classes.(1) A public-key-based key exchange protocol authenticates each other and builds a common session key by means of public-key technology of cryptography.However, it takes much time to verify the process for certificates in a public-key cryptosystem.(2) A two-party password-based authentication key exchange (2PAKE) protocol allows two sides to have a share in a common password so as to obtain a secret session key.But it is unfit for large area wide range of communication environment to share a secret password for building the common session key.(3) An ID-based key exchange protocol utilizes some user's information (identity, e-mail or social security number) as its public key.Miller [5] and Koblitz [6] propose the concept of ECC.Yang et al. [11] proposed 2PAKE on basis of ECC [12] to increasing the level of security.In 2009, Yoon et al. [13] pointed out that Yang et al.'s protocol cannot furnish forward secrecy and be subject to impersonation attacks.Compared with Yoon et al.'s scheme, He et al.'s scheme [14] is more fit and efficient in mobile environment.This is because Yoon et al.'s protocol cannot furnish prefect forward secrecy.However, He et al.'s protocol doesn't surmount weakness.A legal party cannot confirm whether or not private key of the user is correct.Based on the above protocols, Chou et al. propose an ID-based authenticated scheme [15].However, their protocol cannot resist impersonation attacks.In this paper, we proposed new protocol can resist impersonation attack, public key problem, unknown key share attack, mutual authentication, forward secrecy and deniable authentication attack.Meanwhile, we show that our protocol is efficient.The remainder of this paper is organized as follows.Section 2 describes some preliminaries.We propose our protocol in Section 3. The security analysis of the proposed protocol is presented in Section 4. Comparisons are given in Section 5.

XU Chun-xiang,LUO Shu-dan,Shu D. Luo

DOI: https://doi.org/10.3969/j.issn.1001-0548.2009.04.025

2009-01-01

Abstract:The three-party password-based authenticated key exchange protocol based on the CCDH assumption is analyzed. It is demonstrated that this protocol has security vulnerabilities from on-line guessing attack and lacks a perfect authentication mechanism. This paper presents an attack scheme to the protocol. Our attack scheme shows that an adversary can get other legitimate user's password successfully by on-line guessing cyclically.