YAO Lin,FAN Qingna,KONG Xiangwei

DOI: https://doi.org/10.3778/j.issn.1002-8331.2011.06.023

2011-01-01

Abstract:As a result of the high mobility of the pervasive computing,the principles communicating with each other usually locate at different domains.To secure the service access and communications,the principles should authenticate each other and establish a fresh session key.A novel inter-domain authentication and key establishment protocol is proposed.The proposed protocol reduces the burden of certificates management by adopting the biometric encryption.After inter-domain mutual authentication,the two principles build a new session key using the signcryption technique.The protocol can defend lots of attacks and its correctness is proven by the SVO logic.

Jun Jiang,Chen He,Ling-ge Jiang

DOI: https://doi.org/10.1007/11534310_102

2005-01-01

Abstract:Heavily based on the provable security model of Canetti and Krawczyk (CK-model), an identity-based authentication and key exchange (AKE) protocol which uses pairings is proposed for securing heterogeneous wireless access in this paper. By using the CK-model approach, an ideal and secure key exchange protocol was first proposed. Then a full-fledged authenticator is built to provide authentication of the ideal protocol. This completes a practical AKE protocol for heterogeneous environment while carrying the security proof. Analysis shows that our protocol is secure with partial forward secrecy, and efficient for considering the asymmetric wireless environment.

Muhammad Zubair,Xiangwei Kong,Saeed Mahfooz

DOI: https://doi.org/10.4304/jnw.9.5.1121-1131

2014-01-01

Journal of Networks

Abstract:In this paper we propose a novel authentication mechanism for session mobility in Next Generation Networks named as Hierarchical Authentication Key Management (HAKM). The design objectives of HAKM are twofold: i) to minimize the authentication latency in NGNs; ii) to provide protection against an assortment of attacks such as denial-of-service attacks, man-in-the-middle attacks, guessing attacks, and capturing node attacks. In order to achieve these objectives, we combine Session Initiation Protocol (SIP) with Hierarchical Mobile IPv6 (HMIPv6) to perform local authentication for session mobility. The concept of group keys and pairwise keys with one way hash function is employed to make HAKM vigorous against the aforesaid attacks. The performance analysis and numerical results demonstrate that HAKM outperforms the existing approaches in terms of latency and protection against the abovementioned attacks

Yijun He,Nan Xu,Jie Li

DOI: https://doi.org/10.1109/ARES.2007.23

2007-01-01

Abstract:We propose an efficient and secure mutual authentication and key exchange protocol suitable for applications using low-power mobile communications. It maintains the required level of security and has the property of perfect forward secrecy which is not possessed by other protocols such as ES-MAKEP, L-MAKEP, and I-MAKEP. Moreover, the paper also provides a formal proof to guarantee the security of the proposed protocol. Further, we apply the proposed authentication and key exchange solution to WTLS to obtain a more secure protocol

Jianjie Zhao,Dawu Gu

DOI: https://doi.org/10.1016/j.ins.2011.07.015

IF: 8.1

2011-01-01

Information Sciences

Abstract:A three-party password-based authenticated key exchange (3PAKE) protocol is a useful mechanism to establish a secure session key in a network. However, most current 3PAKE protocols only achieve “heuristic” security; the underlying hardness assumptions of these protocols are not perfect. We propose a 3PAKE protocol which is provably secure if the Diffie–Hellman problem is computationally infeasible (the CDH assumption), even in the 3eCK model where the adversary is allowed to make more queries and have more freedom than previous models. In our formal proof, we use the trapdoor test technique introduced by Cash, Kiltz and Shoup to construct an efficient decision oracle. As far as we know, our protocol is the first provably secure 3PAKE protocol based on the CDH assumption and the first 3PAKE protocol using the trapdoor test technique for the security proof.

Yingjie Xia,Li Kuang,Kuang Mao

DOI: https://doi.org/10.1007/978-3-642-22418-8_9

2011-01-01

Abstract:This paper proposes an efficient and secure inner network access approach which is based on a heterogeneous Diffie-Hellman key exchange protocol in an unsecured network. The inner and outer network structure is commonly applied in various areas, such as different departments of government, enterprises. As the wireless communication network boosts up, the users in outer network try to use PDA, smart phone to access the inner network to acquire necessary information. Due to the limitation of the storage and computational capability of these mobile terminals, traditional secure inner network access approach which uses special cable to do the access is not suitable for this case. Therefore, we design a heterogeneous key exchange protocol for the mobile terminal in outer network and application server in inner network to negotiate the communication shared key. The gateway between inner and outer network can be protected from the third party attack by the trusted computing. The experimental results show that the heterogeneous key exchange protocol is efficient and secure for inner network access.

Hu Xiong,Yanan Chen,Zhong Chen,Fagen Li

DOI: https://doi.org/10.2316/Journal.202.2013.1.202-3540

2015-01-01

International Journal of Computers and Applications

Abstract:Three-party password-based authenticated key exchange (3PAKE) protocols allow two users (clients) to establish a session key with the help of an authenticated server over an insecure channel. Owning to the significance in building a secure communication channel, a number of approaches have been suggested over the years. However, the lack of formal security proof is a major issue in the related literature. In this paper, we propose a simple 3PAKE protocol based upon elliptic curve cryptography along with formal security proof under the decisional Diffie-Hellman assumption. Experimental results by using the automated validation of Internet security protocols and applications tool also show that the proposed protocol is secure against various malicious attacks. Compared with previous work, the proposed protocol has lower computation costs and lighter communication loads.

Huihui Yang,J.H. Chen,Yongjuan Zhang

DOI: https://doi.org/10.2991/itms-15.2015.224

2015-01-01

Abstract:Key exchange protocol plays an important role in cryptosystem, by which two sides who communicate with each other over an open network can obtain a common session key to keep the communication secret.Both two communication entities make full use of the received messages to compute a secret session key.In 1976, Diffie and Hellman [1] put forward a first key exchange protocol, which cannot make authentication of two communication entities possible.On account of lacking mutual authentication, two parties are subject to the man-in the-middle attack.Since then, some two-party authentication key exchange (2PAKE) protocols are proposed [2][3][4][7][8][9][10].Two authentication key exchange protocols furnish mutual authentication of two entities and are suitable for application in public channel.On the basis of new cryptographic techniques, 2PAKE protocols can be divided into three classes.(1) A public-key-based key exchange protocol authenticates each other and builds a common session key by means of public-key technology of cryptography.However, it takes much time to verify the process for certificates in a public-key cryptosystem.(2) A two-party password-based authentication key exchange (2PAKE) protocol allows two sides to have a share in a common password so as to obtain a secret session key.But it is unfit for large area wide range of communication environment to share a secret password for building the common session key.(3) An ID-based key exchange protocol utilizes some user's information (identity, e-mail or social security number) as its public key.Miller [5] and Koblitz [6] propose the concept of ECC.Yang et al. [11] proposed 2PAKE on basis of ECC [12] to increasing the level of security.In 2009, Yoon et al. [13] pointed out that Yang et al.'s protocol cannot furnish forward secrecy and be subject to impersonation attacks.Compared with Yoon et al.'s scheme, He et al.'s scheme [14] is more fit and efficient in mobile environment.This is because Yoon et al.'s protocol cannot furnish prefect forward secrecy.However, He et al.'s protocol doesn't surmount weakness.A legal party cannot confirm whether or not private key of the user is correct.Based on the above protocols, Chou et al. propose an ID-based authenticated scheme [15].However, their protocol cannot resist impersonation attacks.In this paper, we proposed new protocol can resist impersonation attack, public key problem, unknown key share attack, mutual authentication, forward secrecy and deniable authentication attack.Meanwhile, we show that our protocol is efficient.The remainder of this paper is organized as follows.Section 2 describes some preliminaries.We propose our protocol in Section 3. The security analysis of the proposed protocol is presented in Section 4. Comparisons are given in Section 5.

Jun-Han Yang,Tian-Jie Cao

DOI: https://doi.org/10.1016/j.jss.2011.08.024

IF: 3.5

2012-01-01

Journal of Systems and Software

Abstract:Three-party password authenticated key exchange protocol is a very practical mechanism to establish secure session key through authenticating each other with the help of a trusted server. Most three-party password authenticated key exchange protocols only guarantee security in the random oracle model. However, a random oracle based cryptographic construction may be insecure when the oracle is replaced by real function. Moreover, some previous unknown attacks appear with the advance of the adversary capability. Therefore, a suitable standard model which can imitate a wider variety of attack scenarios for 3PAKE protocol is needed. Aim at resisting dictionary attack, unknown key-share attack and password-compromise impersonation attack, an expanded standard model for 3PAKE protocol is given. Meanwhile, through applying ElGamal encryption scheme and pseudorandom function, a specific three-party password authenticated key exchange protocol is proposed. The security of the proposed protocol is proven in the new standard model. The result shows that the present protocol has stronger security by comparing with other existing protocols, which covers the following security properties: (1) semantic security, (2) key privacy, (3) client-to-server authentication, (4) mutual authentication, (5) resistance to various known attacks, and (6) forward security.

Hu Xiong,Zhong Chen,Fagen Li

DOI: https://doi.org/10.1016/j.jnca.2012.10.001

IF: 7.574

2013-01-01

Journal of Network and Computer Applications

Abstract:Key agreement allows multi-parties exchanging public information to create a common secret key that is known only to those entities over an insecure network. In the recent years, several identity-based (ID-based) authenticated key agreement protocols have been proposed and most of them broken. In this paper, we formalize the security model of ID-based authenticated tripartite key agreement protocol and propose a provably secure ID-based authenticated key agreement protocol for three parties with formal security proof under the computational Diffie-Hellman assumption. Experimental results by using the AVISPA tool show that the proposed protocol is secure against various malicious attacks.

Daojing He,Chun Chen,Maode Ma,Sammy Chan,Jiajun Bu

DOI: https://doi.org/10.1002/dac.1355

2011-01-01

International Journal of Communication Systems

Abstract:SUMMARYPassword‐authenticated group key exchange protocols enable communication parties to establish a common secret key (a session key) by only using short secret passwords. Such protocols have been receiving significant attention. This paper shows some security weaknesses in some recently proposed password‐authenticated group key exchange protocols. Furthermore, a secure and efficient password‐authenticated group key exchange protocol in mobile ad hoc networks is proposed. It only requires constant round to generate a group session key under the dynamic scenario. In other words, the overhead of key generation is independent of the size of a total group. Further, the security properties of our protocol are formally validated by a model checking tool called AVISPA. Security and performance analyses show that, compared with other related group key exchange schemes, the proposed protocol is also efficient for real‐world applications in enhancing the security over wireless communications. Copyright © 2011 John Wiley & Sons, Ltd.

CL Lin,HA Wen,T Hwang,HM Sun

2004-01-01

IEICE Transactions on Fundamentals of Electronics Communications and Computer Sciences

Abstract:We will propose a key-agreement-type three-party password-authenticated key exchange protocol. The proposed protocol is quite efficient and, among the same type of protocols, is the first to be formally proven to be secure. A three-party formal model for security proof is proposed based on [25] and [26]. We construct a simulator in this model to show that our proposed protocol is secure under reasonable and well-defined cryptographic primitives.

Yuanyuan Zhang,Dawu Gu

DOI: https://doi.org/10.1109/WiCom.2008.976

2008-01-01

Abstract:The establishment of pair-wise key between two nodes in wireless sensor network is a big challenge. We propose a protocol PWKEP including three contributions: 1) Achieve secure key exchange protocol with mutual authentication. 2) Propose a modular approach for design of secure authenticated key exchange protocols. 3) Adopt elliptic curve Diffie-Hellman key exchange and argue reasonable energy consumption on sensor device MICA2DOT. Moreover, we provide PWKEP provable security under BCK model.

JIANG Jun,HE Chen,JIANG Ling-ge

DOI: https://doi.org/10.3321/j.issn:1006-2467.2007.06.018

2007-01-01

Abstract:One of the main characteristics of heterogeneous wireless network convergence is inter-domain vertical handover(VHO).The authentication and key agreement is the key to successful inter-domain VHO.Focusing on the inter-domain VHO of heterogeneous wireless network,a trusted third-party(TTP) based handover authentication and key agreement protocol was proposed.Two handover scenarios were considered in the protocol,namely upward VHO and downward VHO.Also a three party key distribution protocol was improved and used to distribute the temporary key during inter-domain VHO.The analysis and comparisons show that the protocol is a good trade-off between the security and performance.

WANG Ying-jie,LUO Wei,XU Xiao-fei

DOI: https://doi.org/10.3969/j.issn.1002-0802.2009.11.031

2009-01-01

Abstract:Authenticated key exchange (AKE) protocols are designed to allow mutual authentication and generation of a cryptographically-secure session key. For wireless security, the password-based authentication scheme is usually vulnerable to dictionary attack though might have a low system cost. This paper proposes an ID authentication-based key exchange scheme for wireless security, which has light computational overhead, is resistant to impersonation attack, and also of other security attributes.

Jintai Ding,Saed Alsayigh,Jean Lancrenon,R. Saraswathy,Michael Snook

DOI: https://doi.org/10.1007/978-3-319-52153-4_11

2017-01-01

Abstract:Authenticated Key Exchange (AKE) is a cryptographic scheme with the aim to establish a high-entropy and secret session key over a insecure communications network. Password-Authenticated Key Exchange (PAKE) assumes that the parties in play share a simple password, which is cheap and human-memorable and is used to achieve the authentication. PAKEs are practically relevant as these features are extremely appealing in an age where most people access sensitive personal data remotely from more-and-more pervasive hand-held devices. Theoretically, PAKEs allow the secure computation and authentication of a high-entropy piece of data using a low-entropy string as a starting point. In this paper, we apply the recently proposed technique introduced in [19] to construct two lattice-based PAKE protocols enjoying a very simple and elegant design that is an parallel extension of the class of Random Oracle Model (ROM)-based protocols PAK and PPK [13,41], but in the lattice-based setting. The new protocol resembling PAK is three-pass, and provides mutual explicit authentication, while the protocol following the structure of PPK is two-pass, and provides implicit authentication. Our protocols rely on the Ring-Learning-with-Errors (RLWE) assumption, and exploit the additive structure of the underlying ring. They have a comparable level of efficiency to PAK and PPK, which makes them highly attractive. We present a preliminary implementation of our protocols to demonstrate that they are both efficient and practical. We believe they are suitable quantum safe replacements for PAK and PPK.

Hengchuan Tan,Maode Ma,Houda Labiod,Aymen Boudguiga,Jun Zhang,Peter Han Joo Chong

DOI: https://doi.org/10.1109/TVT.2016.2621354

2017-12-28

Abstract:Public key infrastructure (PKI) is the most widely used security mechanism for securing communications over the network. However, there are known performance issues, making it unsuitable for use in vehicular networks. In this paper, we propose a secure and authenticated key management protocol (SA-KMP) to overcome the shortcomings of the PKI. The SA-KMP scheme distributes repository containing the bindings of the en-tity's identity and its corresponding public key to each vehicle and road side unit. By doing so, certificate exchanges and certificate revocation lists are eliminated. Furthermore, the SA-KMP scheme uses symmetric keys derived based on a 3-D-matrix-based key agreement scheme to reduce the high computational costs of using asymmetric cryptography. We demonstrate the efficiency of the SA-KMP through performance evaluations in terms of transmission and storage overhead, network latency, and key generation time. Analytical results show that the SA-KMP is more scalable and outperforms the certificate-based PKI. Simulation results indicate that the key generation time of the SA-KMP scheme is less than that of the existing Elliptic Curve Diffie--Hellman and Diffie--Hellman protocols. In addition, we use Proverif to prove that the SA-KMP scheme is secure against an active attacker under the Dolev and Yao model and further show that the SA-KMP scheme is secure against denial of service, collusion attacks, and a wide range of other malicious attacks.

Cryptography and Security

Mingping Qi,Jianhua Chen

DOI: https://doi.org/10.1002/dac.3341

2017-01-01

International Journal of Communication Systems

Abstract:SummaryThe primary goal of this research is to ensure secure communications by client‐server architectures in mobile environment. Although various two‐party authentication key exchange protocols are proposed and claimed to be resistant to a variety of attacks, studies have shown that various loopholes exist in these protocols. What's more, many two‐party authentication key exchange protocols use timestamp to prevent the replay attack and transmit the user's identity in plaintext form. Obviously, these methods will lead to the clock synchronization problem and user's anonymity problem. Fortunately, the three‐way challenged‐response handshake technique and masking user's original identity with a secret hash value used in our study address these problems well. Of course, the proposed protocol based on elliptic curve cryptography supports flawless mutual authentication of participants, agreement of session key, impersonation attack resistance, replay attack resistance, and prefect forward secrecy, as well. The analyses in the aspects of efficiency and security show that the proposed protocol is a better choice for mobile users.

Amit Kumar Roy,Keshab Nath,Gautam Srivastava,Thippa Reddy Gadekallu,Jerry Chun-Wei Lin

DOI: https://doi.org/10.3390/s22051958

IF: 3.9

2022-03-02

Sensors

Abstract:Presently, lightweight devices such as mobile phones, notepads, and laptops are widely used to access the Internet throughout the world; however, a problem of privacy preservation and authentication delay occurs during handover operation when these devices change their position from a home mesh access point (HMAP) to a foreign mesh access point (FMAP). Authentication during handover is mostly performed through ticket-based techniques, which permit the user to authenticate itself to the foreign mesh access point; therefore, a secure communication method should be formed between the mesh entities to exchange the tickets. In two existing protocols, this ticket was not secured at all and exchanged in a plaintext format. We propose a protocol for handover authentication with privacy preservation of the transfer ticket via the Diffie–Hellman method. Through experimental results, our proposed protocol achieves privacy preservation with minimum authentication delay during handover operation.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Yuan Wang,Duncan S. Wong,Liusheng Huang

DOI: https://doi.org/10.1109/icc.2011.5962523

2014-01-01

Abstract:A Key Establishment Protocol for Anonymous Wireless Roaming (KEP-AWR) allows a wireless user such as a Wi-Fi/WiMAX enabled laptop or smartphone to establish a session key with a foreign server and also roam from one foreign network to another in an anonymous way such that besides the involving foreign server and the user's home server, no one can find out who the user is. Most existing KEP-AWR protocols involve all the three parties, namely, the roaming user, the foreign server and the home server. Some recent protocols require the user and the foreign server only, and hence improving the efficiency as they incur fewer message flows. Recently, a one-pass KEP-AWR was proposed by Wang, Wong and Huang (WWH in short) which achieves key establishment and anonymity by just sending one message from the user to the foreign server, and it is the first KEP-AWR achieving the one-pass communication efficiency. However, the WWH protocol neither prevents the home server from knowing the session key nor supports Perfect Forward Secrecy (PFS). In this paper, we propose a new one-pass KEP-AWR which solves these two problems with an even lower computational complexity. The new protocol also achieves perfect Key-Compromise Impersonation (KCI) security.