Huihui Yang,J.H. Chen,Yongjuan Zhang

DOI: https://doi.org/10.2991/itms-15.2015.224

2015-01-01

Abstract:Key exchange protocol plays an important role in cryptosystem, by which two sides who communicate with each other over an open network can obtain a common session key to keep the communication secret.Both two communication entities make full use of the received messages to compute a secret session key.In 1976, Diffie and Hellman [1] put forward a first key exchange protocol, which cannot make authentication of two communication entities possible.On account of lacking mutual authentication, two parties are subject to the man-in the-middle attack.Since then, some two-party authentication key exchange (2PAKE) protocols are proposed [2][3][4][7][8][9][10].Two authentication key exchange protocols furnish mutual authentication of two entities and are suitable for application in public channel.On the basis of new cryptographic techniques, 2PAKE protocols can be divided into three classes.(1) A public-key-based key exchange protocol authenticates each other and builds a common session key by means of public-key technology of cryptography.However, it takes much time to verify the process for certificates in a public-key cryptosystem.(2) A two-party password-based authentication key exchange (2PAKE) protocol allows two sides to have a share in a common password so as to obtain a secret session key.But it is unfit for large area wide range of communication environment to share a secret password for building the common session key.(3) An ID-based key exchange protocol utilizes some user's information (identity, e-mail or social security number) as its public key.Miller [5] and Koblitz [6] propose the concept of ECC.Yang et al. [11] proposed 2PAKE on basis of ECC [12] to increasing the level of security.In 2009, Yoon et al. [13] pointed out that Yang et al.'s protocol cannot furnish forward secrecy and be subject to impersonation attacks.Compared with Yoon et al.'s scheme, He et al.'s scheme [14] is more fit and efficient in mobile environment.This is because Yoon et al.'s protocol cannot furnish prefect forward secrecy.However, He et al.'s protocol doesn't surmount weakness.A legal party cannot confirm whether or not private key of the user is correct.Based on the above protocols, Chou et al. propose an ID-based authenticated scheme [15].However, their protocol cannot resist impersonation attacks.In this paper, we proposed new protocol can resist impersonation attack, public key problem, unknown key share attack, mutual authentication, forward secrecy and deniable authentication attack.Meanwhile, we show that our protocol is efficient.The remainder of this paper is organized as follows.Section 2 describes some preliminaries.We propose our protocol in Section 3. The security analysis of the proposed protocol is presented in Section 4. Comparisons are given in Section 5.

Mingping Qi,Jianhua Chen

DOI: https://doi.org/10.1002/dac.3341

2017-01-01

International Journal of Communication Systems

Abstract:SummaryThe primary goal of this research is to ensure secure communications by client‐server architectures in mobile environment. Although various two‐party authentication key exchange protocols are proposed and claimed to be resistant to a variety of attacks, studies have shown that various loopholes exist in these protocols. What's more, many two‐party authentication key exchange protocols use timestamp to prevent the replay attack and transmit the user's identity in plaintext form. Obviously, these methods will lead to the clock synchronization problem and user's anonymity problem. Fortunately, the three‐way challenged‐response handshake technique and masking user's original identity with a secret hash value used in our study address these problems well. Of course, the proposed protocol based on elliptic curve cryptography supports flawless mutual authentication of participants, agreement of session key, impersonation attack resistance, replay attack resistance, and prefect forward secrecy, as well. The analyses in the aspects of efficiency and security show that the proposed protocol is a better choice for mobile users.

S. K. Hafizul Islam,Ruhul Amin,G. P. Biswas,Mohammad Sabzinejad Farash,Xiong Li,Saru Kumari

DOI: https://doi.org/10.1016/j.jksuci.2015.08.002

IF: 9.006

2015-01-01

Journal of King Saud University - Computer and Information Sciences

Abstract:In the literature, many three-party authenticated key exchange (3PAKE) protocols are put forwarded to established a secure session key between two users with the help of trusted server. The computed session key will ensure secure message exchange between the users over any insecure communication networks. In this paper, we identified some deficiencies in Tan’s 3PAKE protocol and then devised an improved 3PAKE protocol without symmetric key en/decryption technique for mobile-commerce environments. The proposed protocol is based on the elliptic curve cryptography and one-way cryptographic hash function. In order to prove security validation of the proposed 3PAKE protocol we have used widely accepted AVISPA software whose results confirm that the proposed protocol is secure against active and passive attacks including replay and man-in-the-middle attacks. The proposed protocol is not only secure in the AVISPA software, but it also secure against relevant numerous security attacks such as man-in-the-middle attack, impersonation attack, parallel attack, key-compromise impersonation attack, etc. In addition, our protocol is designed with lower computation cost than other relevant protocols. Therefore, the proposed protocol is more efficient and suitable for practical use than other protocols in mobile-commerce environments.

Jianqing Fu,Jian Chen,Rong Fan,XiaoPing Chen,Lingdi Ping

DOI: https://doi.org/10.1109/wcse.2009.731

2009-01-01

Abstract:With the widespread use of mobile devices, authentication and privacy of identification become important issues. We analyzed the security flaws and shortcomings of a delegation-based authentication protocol which was proposed by Caimu Tang, et al., and provided an improved protocol. We use elliptic-curve cryptography and hash chain to ensure the safety of system in our scheme. The research results reveal that the improved protocol can not only corrects the security flaws but also improve the efficiency of key management and reduce the computational load.

Debiao He,Jianhua Chen,Jin Hu

2010-01-01

Abstract:Recently, Yoon et al. and Wu proposed two improved remote mutual authentication and key agreement scheme for mobile devices on elliptic curve cryptosystem. In this paper, we show that Yoon et al.'s protocol fails to provide explicit key perfect forward secrecy and fails to achieve explicit key confirmation. We also point out Wu's scheme decreases efficiency by using the double secret keys and is vulnerable to the password guessing attack and the forgery attack. In order to overcome the drawback, we proposed and improved scheme. Through the comparison with other protocol, we believe that our improved scheme is more suitable for real-life applications.

Debiao He,Yitao Chen,Jianhua Chen

DOI: https://doi.org/10.1007/s13369-013-0575-4

IF: 2.807

2013-01-01

Arabian Journal for Science and Engineering

Abstract:To ensure secure communications in public network environments, various three-party authenticated key exchange (3PAKE) protocols were proposed to provide the transaction confidentiality and efficiency. In 2009, Yang et al. proposed an efficient 3PAKE protocol based upon elliptic curve cryptography (ECC) for mobile-commerce environments. The adoption of elliptic curve cryptography in their 3PAKE protocol results in low computation costs and light communication loads. However, Tan demonstrated that Yang et al.'s protocol suffers from the impersonation attack. Tan also proposed an enhanced protocol to improve the security and the performance. However, Nose pointed that Tan's protocol suffers from the impersonation attack and the man-in-the-middle attack. To improve the security, we propose an ID-based 3PAKE using ECC. The analysis shows our protocol is more suitable and practical for mobile-commerce environments.

Hu Xiong,Yanan Chen,Zhong Chen,Fagen Li

DOI: https://doi.org/10.2316/Journal.202.2013.1.202-3540

2015-01-01

International Journal of Computers and Applications

Abstract:Three-party password-based authenticated key exchange (3PAKE) protocols allow two users (clients) to establish a session key with the help of an authenticated server over an insecure channel. Owning to the significance in building a secure communication channel, a number of approaches have been suggested over the years. However, the lack of formal security proof is a major issue in the related literature. In this paper, we propose a simple 3PAKE protocol based upon elliptic curve cryptography along with formal security proof under the decisional Diffie-Hellman assumption. Experimental results by using the automated validation of Internet security protocols and applications tool also show that the proposed protocol is secure against various malicious attacks. Compared with previous work, the proposed protocol has lower computation costs and lighter communication loads.

XIANG Yong-qian,CHEN Jian-hua

DOI: https://doi.org/10.3969/j.issn.1671-1122.2012.11.009

2012-01-01

Abstract:In order to ensure the security of communications in the public network environment,a tripartite authenticated key exchange protocol has been widespread concern.In 2009,Yang et al proposed a tripartite authenticated key exchange protocol based on elliptic curve cryptography in mobile e-commerce environment.However,Tan pointed out that the protocol of Yang et al.was suffered a counterfeit attack.In order to improve security,Tan proposed an improved agreement.However,Nose pointed out that Tan's protocol can not resist counterfeit attacks and man-in-the-middle attack.In order to improve security,Author propose a new tripartite authenticated key exchange protocol.

Yijun He,Nan Xu,Jie Li

DOI: https://doi.org/10.1109/ARES.2007.23

2007-01-01

Abstract:We propose an efficient and secure mutual authentication and key exchange protocol suitable for applications using low-power mobile communications. It maintains the required level of security and has the property of perfect forward secrecy which is not possessed by other protocols such as ES-MAKEP, L-MAKEP, and I-MAKEP. Moreover, the paper also provides a formal proof to guarantee the security of the proposed protocol. Further, we apply the proposed authentication and key exchange solution to WTLS to obtain a more secure protocol

Yulei Chen,Jianhua Chen

DOI: https://doi.org/10.1002/ett.4542

IF: 3.6

2022-01-01

Transactions on Emerging Telecommunications Technologies

Abstract:With the gradual penetration of computers and communication networks into people's lives, more and more people begin to pay attention to the information security. Key agreement protocol provides identity authentication for participants in communication system and generates a temporary session key for participants to encrypt messages. Recently, Wang et al designed an authentication and key agreement (AKA) protocol based elliptic curve cryptosystem and proved that their scheme can resist various known attacks. In this article, we analyze the security of their scheme and demonstrate that it is vulnerable to the temporary factor leakage attacks and insider attacks. Then, based on the elliptic curve public key cryptographic algorithm, we design a secure anonymous two-factor user AKA protocol. And we use the well-known random oracle model (ROM) and traditional heuristic discussion to prove the security of the proposed protocol. By comparing with several existing protocols based on public key cryptography algorithm, it is found that this protocol is more secure and efficient. The security analysis shows that the protocol designed in this article can meet all kinds of security requirements and consumes the less computing resources on users and servers, and is especially suitable for the scenarios with high security and efficiency requirements.

Rongxing Lu,Zhenfu Cao,Haojin Zhu

DOI: https://doi.org/10.1016/j.csi.2007.04.002

IF: 3.721

2007-01-01

Computer Standards & Interfaces

Abstract:With the rapid progress of wireless mobile communication, the authenticated key agreement protocol has attracted an increasing amount of attention. However, due to the limitations of bandwidth and storage of the mobile devices, most of the existing authenticated key agreement protocols are not suitable for wireless mobile communication. Quite recently, Sui et al. have presented an efficient authenticated key agreement protocol based on elliptic curves cryptography and included their protocol in 3GPP2 specifications to improve the security of A-Key distribution. However, in this paper, we show that Sui et al.'s protocol can't resist the off-line password guessing attack, and therefore present an enhanced authenticated key agreement protocol. At the same time, we also consider including our enhanced protocol in 3GPP2 specifications.

Bo LIU,Yu-Yang ZHOU,Fei HU,Fa-Gen LI

DOI: https://doi.org/10.13868/j.cnki.jcr.000224

2018-01-01

Abstract:With the rapid development of E-commerce, network service providers usually provide users with a wide range of services running on different servers. Thus, multi-server model has been widely used. Meanwhile, more and more people access network services more quickly through the mobile phones or other mobile devices, this is the current mobile client-multi-server model which has been very popular. On one hand, mobile devices bring convenience to our lives. On the other hand, the openness of mobile Internet makes its security issues more serious. It is necessary to design a user authentication and key agreement protocol for the mobile client-multi-server model. However, compared with personal computers, mobile devices have resource-constrained features. So how to design a protocol that combines security and efficiency is not an easy task. In order to solve this problem, this study proposes a user authentication and key agreement protocol under the mobile client-multi-server model. Certificateless public key cryptography can solve the problem of certificate management in traditional public key systems and the inherent key escrow problem in identity-based public key cryptography, it has the advantages of both high efficiency and security. In addition, the mobile devices have the characteristics of resource constraints, so the certificateless public key cryptography is very suitable for designing a security protocol for mobile devices which have limited resources. In this paper, it is proved that the proposed protocol can provide mutual authentication and secure key agreement services in the random oracle model. Compared with other protocols of the same type,the proposed protocol in this paper has a better computational efficiency.

Daojing He,Chun Chen,Maode Ma,Sammy Chan,Jiajun Bu

DOI: https://doi.org/10.1002/dac.1355

2011-01-01

International Journal of Communication Systems

Abstract:SUMMARYPassword‐authenticated group key exchange protocols enable communication parties to establish a common secret key (a session key) by only using short secret passwords. Such protocols have been receiving significant attention. This paper shows some security weaknesses in some recently proposed password‐authenticated group key exchange protocols. Furthermore, a secure and efficient password‐authenticated group key exchange protocol in mobile ad hoc networks is proposed. It only requires constant round to generate a group session key under the dynamic scenario. In other words, the overhead of key generation is independent of the size of a total group. Further, the security properties of our protocol are formally validated by a model checking tool called AVISPA. Security and performance analyses show that, compared with other related group key exchange schemes, the proposed protocol is also efficient for real‐world applications in enhancing the security over wireless communications. Copyright © 2011 John Wiley & Sons, Ltd.

Hung-Min Sun,Bing-Zhe He,Chien-Ming Chen,Tsu-Yang Wu,Chia-Hsien Lin,Huaxiong Wang

DOI: https://doi.org/10.1016/j.ins.2015.01.037

IF: 8.1

2015-01-01

Information Sciences

Abstract:Secure group communication over an untrusted open network is a continuing problem, especially in mobile environments. With the development of 3G networks and mobile computing technology, the number of group-oriented applications is increasing rapidly. Although these applications are convenient, achieving secure group communication to protect user privacy is a major concern. This study presents an authenticated group key agreement protocol for mobile environments. By using certificateless public key cryptography, the protocol reduces the cost of managing the certificates and avoids the key escrow problem. Instead of a fully-trusted server, the protocol uses a semi-trusted server, which helps users communicate but does not learn about the group key. The analytical results indicate that the proposed protocol provides good security in mobile environments.

Yijun He,Moon-Chuen Lee

DOI: https://doi.org/10.4108/wiopt.2008.3402

2008-01-01

Abstract:We analyze several mutual authentication and key exchange protocols (MAKEPs), and present a number of essential properties of the protocols for secure mobile communications. To address the weaknesses of existing protocols, we propose an improved version of MAKEP known as EC-MAKEP. Besides supporting the essential features present in the existing protocols, the proposed protocol also provides the user anonymity and forward secrecy properties that many of the existing protocols do not support. Further, the proposed protocol compares favorably with ES-MAKEP, an improved version of the early MAKEPs, in terms of computation cost and communication bandwidth. In addition, EC-MAKEP supports an implicit authentication of server and a dual authentication of client.

Hu Xiong,Yanan Chen,Zhi Guan,Zhong Chen

DOI: https://doi.org/10.1016/j.ins.2013.02.004

IF: 8.1

2013-01-01

Information Sciences

Abstract:Three-party password-based authenticated key exchange (3PAKE) protocols allow two users (clients) to establish a session key with the support from an authenticated server over an insecure channel. Several 3PAKE protocols, which do not require server public keys, have been proposed recently. In this paper, we use Chang et al.’s protocol as a case study and demonstrate that all of the 3PAKE protocols without server public keys are not secure against Key Compromise Impersonation (KCI) attack. A detailed analysis of flaw in these protocols has been conducted and we hope that by identifying this design flaw, similar structural mistakes can be avoided in future designs. Furthermore, we propose an improved protocol that remedies the weakness of these protocols and prove its security in a widely accepted model.

Deng Fangmin,Xu Chunxiang,Wang Yongping

DOI: https://doi.org/10.3321/j.issn:1002-8331.2006.13.043

2006-01-01

Abstract:The key technology of mobile value-added services is to design protocols,which can meet the poor computing power as well as being security.This paper proposes an Advanced-RPC protocol by adding hash function with key to the Lowe modified BAN concrete Andrew Secure RPC.The new protocol mends some undesirable properties in the old one,enhances forward security,and improves the running efficiency.Possessing of both secure and efficient properties makes the proposed protocol suitable for the low power wireless communications.

Xiaowen Chu,Yixin Jiang,Chuang Lin,Fujun Feng

DOI: https://doi.org/10.1007/11839569_39

2006-01-01

Abstract:In this paper, based on self-certified mechanism, we propose a novel mutual authentication and key exchange protocol for roaming services in the global mobility network. The main new features included in the proposed protocol are (1) identity anonymity, which protects location privacy of mobile users in the roaming network environment; (2) one-time session key renewal, which frequently updates the session key for mobile users and hence reduces the risk of using a compromised session key to communicate with the visited network. The performance analysis shows that the computational complexity of our protocol is low and suitable to be used on mobile equipments.

XU Chun-xiang,HE Xiao-hu

DOI: https://doi.org/10.3969/j.issn.1001-0548.2012.04.023

2012-01-01

Abstract:Three-party password-based authenticated key exchange protocols allow two clients to authenticate each other and establish a shared session key through a trusted server who preserves clients’ passwords or verifiers about passwords.However,because of the low entropy of passwords,password-based authenticated key exchange protocols are vulnerable to dictionary attacks.Based on available protocols,a new efficient three-party password-based authenticated key exchange protocol is proposed by combining the symmetric encryption algorithm with the method of two-party key exchange protocol of Diffie-Hellman.Results indicate that and the proposed protocol can resist against various attacks and provide the perfect forward security.

Lili Xu,Fan Wu

DOI: https://doi.org/10.1002/sec.977

2015-01-01

Abstract:AbstractRecently, Li proposed an authenticated key exchange AKE scheme based on elliptic curve cryptosystem with smart cards in two versions. We point out that the two versions of Li's scheme are not secure and then we present an improved authentication scheme to overcome general disadvantages. Also, we deem that the notion of forward security is old for modern AKE schemes based on smart cards and enhance it as strong forward security. We prove that our scheme is secure with a formal security model containing the feature of strong forward security. Then, via the concrete security analysis and comparison, our scheme resists common attacks and has general security characters. Compared with other schemes, our scheme has low time, storage, and communication cost. It is suitable for communicating applications in network. Copyright © 2014 John Wiley & Sons, Ltd.