YAO Lin,FAN Qing-na,KONG Xiang-wei

DOI: https://doi.org/10.3778/j.issn.1002-8331.2010.32.030

2010-01-01

Abstract:Pervasive computing raises new challenges to the security and privacy of the Internet communication,and conventional authentication protocols cannot meet the requirements of this new pervasive environment.A novel mutual authentication and key establishment scheme to secure the interactions between mobile users and service providers is proposed.Highly integrating biometric encryption and the Diffie-Hellman key exchange,the proposed protocol achieves mutual authentication without revealing any privacy information of the user.Secure session key establishment is enabled by the proposed algorithm.Differentiated service access control is also achieved with the biometric encryption.It is shown that the protocol can resist most of the attacks,especially the denial of service attack.

Hu Xiong,Yanan Chen,Zhong Chen,Fagen Li

DOI: https://doi.org/10.2316/Journal.202.2013.1.202-3540

2015-01-01

International Journal of Computers and Applications

Abstract:Three-party password-based authenticated key exchange (3PAKE) protocols allow two users (clients) to establish a session key with the help of an authenticated server over an insecure channel. Owning to the significance in building a secure communication channel, a number of approaches have been suggested over the years. However, the lack of formal security proof is a major issue in the related literature. In this paper, we propose a simple 3PAKE protocol based upon elliptic curve cryptography along with formal security proof under the decisional Diffie-Hellman assumption. Experimental results by using the automated validation of Internet security protocols and applications tool also show that the proposed protocol is secure against various malicious attacks. Compared with previous work, the proposed protocol has lower computation costs and lighter communication loads.

Jianqing Fu,Jian Chen,Rong Fan,XiaoPing Chen,Lingdi Ping

DOI: https://doi.org/10.1109/wcse.2009.731

2009-01-01

Abstract:With the widespread use of mobile devices, authentication and privacy of identification become important issues. We analyzed the security flaws and shortcomings of a delegation-based authentication protocol which was proposed by Caimu Tang, et al., and provided an improved protocol. We use elliptic-curve cryptography and hash chain to ensure the safety of system in our scheme. The research results reveal that the improved protocol can not only corrects the security flaws but also improve the efficiency of key management and reduce the computational load.

Wenping Yu,Rui Zhang,Maode Ma,Cong Wang

DOI: https://doi.org/10.3390/electronics13020449

IF: 2.9

2024-01-23

Electronics

Abstract:In the process of vehicles transitioning from conventional means of transportation to mobile computing platforms, ensuring secure communication and data exchange is of paramount importance. Consequently, identity authentication has emerged as a crucial security measure. Specifically, effective authentication is required prior to the communication between the On-Board Unit (OBU) and Roadside Unit (RSU). To address vehicle identity authentication challenges in the Internet of Vehicles (VANETs), this paper proposes a three-party identity authentication and key agreement protocol based on elliptic curve public key cryptography. Considering issues such as vehicle impersonation attacks, RSU impersonation attacks, and vehicle privacy breaches in existing schemes within wireless mobile environments, this protocol introduces a trusted registry center that successfully enables mutual authentication between OBU and RSU. The proposed protocol not only enhances the VANETs system's ability to withstand security threats but also improves the credibility and efficiency of the authentication process.

engineering, electrical & electronic,computer science, information systems,physics, applied

Chun-Li Lin,Hung-Min Sun,Tzonelih Hwang

DOI: https://doi.org/10.1145/506106.506108

2000-01-01

ACM SIGOPS Operating Systems Review

Abstract:Password-based mechanism is the widely used method for authentication since it allows people to choose their own passwords without any assistant device to generate or store. However, people are used to choose easy-to-remember passwords such that guessing attacks could succeed. In 1992, Bellovin and Merritt proposed Encrypted Key Exchange (EKE) protocols for preventing guessing attacks, in which two communication parties A and B securely share a possibly weak password in advance. In large communication environments, it is inconvenient in key management that every two communication parties mutually share a secret. Three-party EKE protocols, in which all parties (clients) share their secrets with a trusted server only, are more suitable for large communication environments. In 1995, Steiner, Tsudik and Waidner proposed a realization of three-party EKE protocol which is later demonstrated that it is vulnerable to undetectable on-line guessing attacks. In this paper, We will show a new off-line guessing attack on Steiner, Tsudik and Waidners' protocol. Besides, we will also propose a new three-party EKE protocol which not only is secure against both the off-line guessing attack and undetectable on-line guessing attacks but also satisfies the security properties of perfect forward secrecy and known-key security.

Kyongsok Pak,Songho Pak,Cholman Ho,Myongsuk Pak,Choljin Hwang

DOI: https://doi.org/10.1371/journal.pone.0213976

IF: 3.7

2019-03-20

PLoS ONE

Abstract:Three-party authentication key exchange (3PAKE) is a protocol that allows two users to set up a common session key with the help of a trusted remote server, which is effective for secret communication between clients in a large-scale network environment. Since chaotic maps have superior characteristics, researchers have recently presented some of the studies that apply it to authentication key exchange and cryptography. Providing user anonymity in the authentication key exchange is one of the important security requirements to protect users' personal secrets. We analyse Lu et al.'s scheme which attempts to provide user anonymity and we prove that his scheme has errors in the key exchange phase and password change phase. We propose a round-effective three-party authentication key exchange (3PAKE) protocol that provides user anonymity and we analyse its security properties based on BAN logic and AVISPA tool.

CL Lin,HM Sun,M Steiner,T Hwang

DOI: https://doi.org/10.1016/j.cose.2004.06.007

IF: 5.105

2004-01-01

Computers & Security

Abstract:Three-party key-exchange protocols with password authentication-clients share an easy-to-remember password with a trusted server only-are very suitable for applications requiring secure communications between many light-weight clients (end users); it is simply impractical that every two clients share a common secret. Steiner, Tsudik and Waidner (1995) proposed a realization of such a three-party protocol based on the encrypted key exchange (EKE) protocols. However, their protocol was later demonstrated to be vulnerable to off-line and undetectable on-line guessing attacks. Lin, Sun and Hwang (see ACM Operating Syst. Rev., vol.34, no. 4, p.12-20, 2000) proposed a secure three-party protocol with server public-keys. However, the approach of using server public-keys is not always a satisfactory solution and is impractical for some environments. We propose a secure three-party EKE protocol without server public-keys.

Her-tyan Yeh,Hung-min Sun,Tzonelih Hwang

DOI: https://doi.org/10.6688/jise.2003.19.6.6

2003-01-01

Journal of information science and engineering

Abstract:Three-party EKE was proposed to establish a session key between two clients through a server. However, three-party EKE is insecure against undetectable on-line and off-line password guessing attacks. In this paper, we first propose an enhanced three-party EKE to withstand the security risk in three-party EKE. We also propose a verifier-based three-party EKE that is more secure than a plaintext-equivalent mechanism in which a compromise of the server's database will not result in success in directly impersonating clients.

Hu Xiong,Yanan Chen,Zhi Guan,Zhong Chen

DOI: https://doi.org/10.1016/j.ins.2013.02.004

IF: 8.1

2013-01-01

Information Sciences

Abstract:Three-party password-based authenticated key exchange (3PAKE) protocols allow two users (clients) to establish a session key with the support from an authenticated server over an insecure channel. Several 3PAKE protocols, which do not require server public keys, have been proposed recently. In this paper, we use Chang et al.’s protocol as a case study and demonstrate that all of the 3PAKE protocols without server public keys are not secure against Key Compromise Impersonation (KCI) attack. A detailed analysis of flaw in these protocols has been conducted and we hope that by identifying this design flaw, similar structural mistakes can be avoided in future designs. Furthermore, we propose an improved protocol that remedies the weakness of these protocols and prove its security in a widely accepted model.

Jiachen Yang,Longsheng Xu,Qinggang Meng,Shudong He

DOI: https://doi.org/10.1155/2014/103136

IF: 1.43

2014-01-01

Mathematical Problems in Engineering

Abstract:In terms of the security and efficiency of mobile e-commerce, the authors summarized the advantages and disadvantages of several related schemes, especially the self-verified mobile payment scheme based on the elliptic curve cryptosystem (ECC) and then proposed a new type of dynamic symmetric key mobile commerce scheme based on self-verified mechanism. The authors analyzed the basic algorithm based on self-verified mechanisms and detailed the complete transaction process of the proposed scheme. The authors analyzed the payment scheme based on the security and high efficiency index. The analysis shows that the proposed scheme not only meets the high efficiency of mobile electronic payment premise, but also takes the security into account. The user confirmation mechanism at the end of the proposed scheme further strengthens the security of the proposed scheme. In brief, the proposed scheme is more efficient and practical than most of the existing schemes.

LIAN Huanhuan,HOU Huiying,ZHAO Yunlei

DOI: https://doi.org/10.11959/j.issn.1000−436x.2022062

2022-01-01

Abstract:In view of the fact that server stored the passwords directly in plaintext, there was a risk of server compromise, and two-party PAKE protocol was not suitable for large-scale communication systems, a three-party verifier-based password authenticated key exchange protocol from lattices was proposed.Hashing scheme and zero-knowledge password policy check were combined to realize the generation of verifier and the password checking.A novel verifier-based 3PAKE protocol was constructed by using CCA-secure public-key encryption from lattices, which realized mutual authentication.Security and performance analysis shows that the proposed protocol has better advantages in communication efficiency and security.

Hu Xiong,Zhong Chen,Fagen Li

DOI: https://doi.org/10.1016/j.jnca.2012.10.001

IF: 7.574

2013-01-01

Journal of Network and Computer Applications

Abstract:Key agreement allows multi-parties exchanging public information to create a common secret key that is known only to those entities over an insecure network. In the recent years, several identity-based (ID-based) authenticated key agreement protocols have been proposed and most of them broken. In this paper, we formalize the security model of ID-based authenticated tripartite key agreement protocol and propose a provably secure ID-based authenticated key agreement protocol for three parties with formal security proof under the computational Diffie-Hellman assumption. Experimental results by using the AVISPA tool show that the proposed protocol is secure against various malicious attacks.

Huanhuan Lian,Yafang Yang,Yunlei Zhao

DOI: https://doi.org/10.1109/jiot.2022.3219524

IF: 10.6

2023-01-01

IEEE Internet of Things Journal

Abstract:Password authenticated key exchange (PAKE) allows two parties with a shared password to establish a session key. In order to provide secure and private communication between devices in an Internet of Things (IoT) environment, the PAKE protocol is considered one of the most common and promising security methods. However, many existing PAKE proposals still face challenges in security and efficiency. First, both the terminals of participants may suffer from the compromise attack and precomputation attack, which will lead to the leakage of password. Second, the majority of the existing schemes cannot guarantee participants’ identity privacy. Third, most PAKE protocols are not suitable for IoT devices with limited computing capability because of a large number of exponential and pairing operations. To address these issues, we propose a strong symmetric PAKE protocol for IoT devices, which only requires 3 exponentiations per party. The proposed scheme can protect both parties from compromise and precomputation attacks, in which the password file relies on the identity and random salt. What’s more, our protocol guarantees the identity privacy, that is, the transmitted record and password file will not reveal the identity information. We further present a new security model for our protocol, and prove that the proposed scheme is secure under this model. Finally, we show the practicality of our PAKE via experiments and efficiency analysis.

Peiyan Zhou,Zhaojun Xu,Yingbo Liu,Feng Wang,Li Zhang

DOI: https://doi.org/10.1504/IJMC.2015.070967

2015-01-01

International Journal of Mobile Communications

Abstract:This paper aims to provide a secure and reliable solution to the electronic identity authentication in mobile commerce system. The solution is to get high-strength elliptic curve cryptography ECC key by generating hash values from dynamic vector collection of fingerprints, which are converted from fingerprint images by randomising angular movement or rotation angle. With the introduction of ECC asymmetric encryption algorithms and SSL-VPN network integration, the proposed security identity authentication of mobile commerce and the processes of access management may well solve the problems of identity control and verification of authorisation management. The hybrid authentication and secure mode not only realises the dynamic binding of login users and the control of role management in mobile commerce but also dramatically reduces the risk of internal identity being tampered and brute forced in mobile commerce system, providing a more reliable security for current business transactions and gross settlement.

Haomin Yang,Yaoxue Zhang,Yuezhi Zhou,Xiaoming Fu,Hao Liu,Athanasios V. Vasilakos

DOI: https://doi.org/10.1016/j.comnet.2013.08.020

IF: 5.493

2014-01-01

Computer Networks

Abstract:Authenticated key agreement protocol is a useful cryptographic primitive, which can be used to protect the confidentiality, integrity and authenticity for transmitted data over insecure networks. From the point of view of the management of pre-shared secrets, one of the advantages of three-party authenticated key agreement (3PAKA) protocols is that they are more suitable for use in a network with large numbers of users compared with two-party authenticated key agreement protocols. Using smart cards is a practical, secure measure to protect the secret private keys of a user. Recently, some 3PAKA protocols using smart cards have been proposed. However, up to now, it is still a challenging problem to propose a 3PAKA protocol using smart cards with fewer rounds of messages and without using timestamp technique. Another important fact to be mentioned is that existing 3PAKA protocols using smart cards all lack provable-security guarantees. In this paper, we propose a new 3PAKA protocol using smart cards. The proposed protocol gains several advantages over existing related protocols: (1) The protocol is provably secure under the computational Diffie-Hellman assumption in the random oracle model, and hence can resist strong adversaries in network scenarios; (2) The protocol needs fewer rounds of messages, and can enable short communication latency and rapid response; and (3) The protocol is not based on timestamp technique, and does not need the complicated clock synchronization.

Fauziyah,Zhaoshun Wang

DOI: https://doi.org/10.1007/s11042-024-19028-8

IF: 2.577

2024-04-05

Multimedia Tools and Applications

Abstract:Cryptanalytic innovations are considered the most economical and useful method for guaranteeing information security across shared networks. Despite the tinier key magnitude of Elliptic Curve Cryptography (ECC) compared to common cryptanalysis schemes, the majority of scholars have employed cryptanalysis methods to deliver data reliability and verification. Besides, the computation attempt needed by Diffie Hellman-Elliptic Curve (DH-EC) for equal key dimensions is similar and delivers extra security advantages. The research offers a novel key arrangement procedure using DH-EC in the secure automatic transactions (SAT) setting (DHEC-SAT) to enhance data safety. The DHEC-SAT procedure effectively applied the keys in the SAT setting for online payment and was employed to decode and encode the validation data. The DHEC-SAT procedure is implemented for an entry of e-commerce payments to deliver great-degree security examination, fast verification, and the safety of the suggested Cryptanalytic scheme. The suggested DHEC-SAT generates highly secure systems regarding data size (168 bytes), computational period (4.34 ms), and communication costs (1271 bits), as contrasted to extant ECC procedures and PIN-enabled key arrangements.

computer science, information systems, theory & methods,engineering, electrical & electronic, software engineering

Baoyuan Kang,Dongyang Shao,Jiaqiang Wang

DOI: https://doi.org/10.1177/1748301817727123

2017-09-19

Abstract:With rapid development of information and communication technologies purchasing digital content through the Internet has been greatly increased. Therefore, secure and fair electronic payment systems are important issue. To reduce system computational, communication and storage costs in many existing electronic schemes, Yang et al. recently proposed a novel electronic payment system based on authenticated encryption technology. But, Chaudhry et al. showed that Yang et al.'s electronic payment system is vulnerable to impersonation attack. Furthermore, Chaudhry et al. proposed improved electronic payment system. But, in this paper we point that Chaudhry et al.'s improved electronic payment system does not satisfy anonymity and fairness properties and the dispute resolution means in Chaudhry et al.'s electronic payment system are not effective. Furthermore, combining authenticated encryption and verifiably encrypted signatures technologies, we propose an improvement on Chaudhry et al.'s electronic payment system. Compared with Chaudhry et al.'s electronic payment system, the major changes of the proposed electronic payment system are in exchange phase. In this phase the private key and public key of the user are not needed, and the user generates verifiably encrypted signatures on his payment voucher. These changes guarantee the user anonymity, eliminate the advantages of the merchant, ensure the fairness of the payment system and the effectiveness of the dispute resolution phase. We also give the comparisons of proposed electronic payment system with some existing electronic payment systems.

Xiangyang Wang,Chunxiang Gu,Siqi Lu,Xi Chen

DOI: https://doi.org/10.1117/12.2628502

2022-04-22

Abstract:This paper studies the password-based strong authentication key exchange protocol in the cross-domain scenario, and gives an end-to-end highly secure C2C-PAKE protocol, in which the server shares a password with the client and also has a pair of private/public keys. In contrast, the client has the shared password and the server's public-key. Specifically, we combine the ECQV implicit certificate scheme with the ECDH key exchange protocol to give a highly secure cross-domain protocol. Considering the application of the ECQV implicit certificate scheme in the Internet of Things (IoT), we give an analysis the possibility of the proposed protocol applied in the cross-domain scenario of the IoT. Finally, based on some common attacks, we show a security analysis of our protocol, which achieves perfect forward security and resists dictionary attacks, KCI attacks, replay attacks, Insider-Assisted attacks, and so on.

Huanhuan Lian,Tianyu Pan,Huige Wang,Yunlei Zhao

DOI: https://doi.org/10.1007/978-3-030-88428-4_32

2021-01-01

Abstract:Identity-based authenticated key exchange (ID-AKE) allows two parties (whose identities are just their public keys) to agree on a shared session key over open channels. At ESORICS 2019, Tomida et al. proposed a highly efficient ID-AKE protocol, referred to as the TFNS19-protocol, under the motivation of providing authentication and secure communication for huge number of low-power IoT devices. The TFNS19-protocol currently stands for the most efficient ID-AKE based on bilinear pairings, where each user remarkably performs only a single pairing operation. But it does not consider users' identity privacy, and the security is based on relatively non-standard assumptions. In this work, we formulate and design identity-based identity-concealed AKE (IB-CAKE) protocols. Here, identity concealment means that the session transcript does not leak users' identity information. We present a simple and highly practical IB-CAKE protocol, which is computationally more efficient than the remarkable TFNS19-protocol in total. We present a new security model for IB-CAKE, and show it is stronger than the ID-eCK model used for the TFNS19-protocol. The security of our IB-CAKE protocol is proved under relatively standard assumptions in the random oracle model, assuming the security of the underlying authenticated encryption and the gap bilinear Diffie-Hellman (Gap-BDH) problem. Finally, we provide the implementation results for the proposed IB-CAKE scheme, and present performance benchmark.

CL Lin,HA Wen,T Hwang,HM Sun

2004-01-01

IEICE Transactions on Fundamentals of Electronics Communications and Computer Sciences

Abstract:We will propose a key-agreement-type three-party password-authenticated key exchange protocol. The proposed protocol is quite efficient and, among the same type of protocols, is the first to be formally proven to be secure. A three-party formal model for security proof is proposed based on [25] and [26]. We construct a simulator in this model to show that our proposed protocol is secure under reasonable and well-defined cryptographic primitives.