Your search keyword '"Oakley protocol"' showing total 497 results

1. Enhancing the Oakley key agreement protocol with secure time information.

Author

Szalachowski, Pawel and Kotulski, Zbigniew

Abstract

Message freshness and time synchronization are nowadays essential services in secure communication. Many network protocols can work correctly only when freshness of messages sent between participants is assured and when internal clocks protocol's parties are adjusted. In this paper we present a novel, secure and fast procedure which can be used to ensure data freshness and clock synchronization between two communicating parties. Next, we show how this solution can be used in cryptographic protocols. As an example we apply our approach to the Oakley key determination protocol providing it with time synchronization without any additional communication overhead. [ABSTRACT FROM PUBLISHER]

Published

2012

2. A general compiler for password-authenticated group key exchange protocol in the standard model

Author

Fushan Wei, Neeraj Kumar, Sang-Soo Yeo, and Debiao He

Subjects

Password, Computer science, business.industry, Applied Mathematics, Distributed computing, Hash function, 020206 networking & telecommunications, 0102 computer and information sciences, 02 engineering and technology, Oakley protocol, computer.software_genre, 01 natural sciences, Authenticated Key Exchange, 010201 computation theory & mathematics, Universal composability, 0202 electrical engineering, electronic engineering, information engineering, Discrete Mathematics and Combinatorics, Compiler, business, computer, Protocol (object-oriented programming), Computer network, Standard model (cryptography)

Abstract

Password-authenticated group key exchange (PGKE) protocols are critical for ensuring secure group communications for mobile devices. Until now, only few PGKE protocols have been proposed. However, literature about group key exchange (GKE) protocols consists of many research proposals in last few years. In this paper, we present a protocol compiler based on smooth projective hash functions. The proposed compiler can transform any GKE protocol into a secure PGKE protocol by adding 2 rounds of communication. We conduct the security of our compiler in the standard model without using various other assumptions. Our compiler is round-efficient in the sense that a constant-round PGKE can be derived from the proposal if the underlying protocol is a constant-round GKE protocol.

Published

2018

3. A Secure and Efficient Chaotic Maps Based Authenticated Key-Exchange Protocol for Smart Grid

Author

Mohammad Reza Aref, Mohammad Beheshti Atashgah, and Majid Bayat

Subjects

Password, Authentication, Otway–Rees protocol, Dictionary attack, Computer science, 020206 networking & telecommunications, 02 engineering and technology, Mutual authentication, Oakley protocol, Adversary, Computer security, computer.software_genre, 01 natural sciences, Computer Science Applications, Authenticated Key Exchange, Elliptic curve, Smart grid, Authentication protocol, 0103 physical sciences, Universal composability, 0202 electrical engineering, electronic engineering, information engineering, Electrical and Electronic Engineering, 010301 acoustics, computer, Key exchange

Abstract

Nicanfar and Leung proposed a multilayer consensus elliptic curve based password authenticated key-exchange (MCEPAK) protocol for smart grid. They claimed that their protocol is secure against possible attacks. In this paper, we show that the MCEPAK protocol is vulnerable to the dictionary attack and an adversary can obtain the passwords of the appliances by eavesdropping the communicated messages in the protocol. Moreover, we state that the passwords can be discovered by curious operators of the building area networks and the neighbor area networks. Theses weaknesses motivated us to introduce a chaotic maps based authenticated key exchange protocol for smart grid. To the best of our knowledge, the chaotic maps based key exchange protocol has not yet been devised for smart grid and the same objective has been fulfilled in this paper. In addition, we prove the security of the proposed protocol by a formal analysis.

Published

2017

4. Anonymous Password Authenticated Key Exchange Protocol in the Standard Model

Author

Jiang Zhang, Zhenfeng Zhang, Fengmei Liu, and Xuexian Hu

Subjects

Challenge-Handshake Authentication Protocol, Zero-knowledge password proof, computer.internet_protocol, Computer science, 0211 other engineering and technologies, 02 engineering and technology, Oakley protocol, Computer security, computer.software_genre, One-time password, S/KEY, Password strength, Random oracle, Universal composability, 0202 electrical engineering, electronic engineering, information engineering, Session key, Password authentication protocol, Electrical and Electronic Engineering, Password, 021110 strategic, defence & security studies, Authentication, Password policy, 020206 networking & telecommunications, Mutual authentication, Computer Science Applications, Authenticated Key Exchange, Authentication protocol, Challenge–response authentication, computer

Abstract

Anonymous password authenticated key exchange (APAKE) allows a client holding a low-entropy password to establish a session key with a server in an authenticated and anonymous way. As a very convenient solution for personal privacy protection, it has attracted much attention in recent years. However, almost all existing APAKE protocols are designed in the random oracle model. In this paper, we propose the first password-only APAKE protocol (called APAKE-S) with proven security in the standard model, i.e., without random oracle heuristic. The resulting protocol guarantees AKE security, client anonymity and mutual authentication. Moreover, since the building blocks in our construction can be instantiated based on numerous hard assumptions (e.g., decisional Diffie–Hellman, Quadratic Residuosity, and N-residuosity assumptions), our APAKE-S protocol is actually a generic construction which implies a series of efficient APAKE protocols in the standard model.

Published

2017

5. A novel three-party password-based authenticated key exchange protocol with user anonymity based on chaotic maps

Author

Chien-Ming Chen, Cheng-Chi Lee, Chi-Yao Weng, Chin-Ling Chen, and Chun-Ta Li

Subjects

Zero-knowledge password proof, Computer science, 02 engineering and technology, Oakley protocol, Computer security, computer.software_genre, 01 natural sciences, One-time password, Theoretical Computer Science, Password strength, S/KEY, Random oracle, 0103 physical sciences, Universal composability, 0202 electrical engineering, electronic engineering, information engineering, Session key, 010301 acoustics, Password, Password policy, Authentication, Password cracking, Authenticated Key Exchange, 020201 artificial intelligence & image processing, Geometry and Topology, computer, Software

Abstract

Three-party authenticated key exchange (3PAKE) protocol allows two communication users to authenticate each other and to establish a secure common session key with the help of a trusted remote server. Recently, Farash and Attari propose an efficient and secure 3PAKE protocol based on Chebyshev chaotic maps and their protocol is supported by the formal proof in the random oracle model. However, in this paper, we analyze the security of Farash–Attari’s protocol and show that it fails to resist password disclosure attack if the secret information stored in the server side is compromised. In addition, their protocol is insecure against user impersonation attack and the server is not aware of having caused problem. Moreover, the password change phase is insecure to identify the validity of request where insecurity in password change phase can cause offline password guessing attacks and is not easily reparable. To remove these security weaknesses, based on Chebyshev chaotic maps and quadratic residues, we further design an improved protocol for 3PAKE with user anonymity. In comparison with the existing chaotic map-based 3PAKE protocols, our proposed 3PAKE protocol is more secure with acceptable computation complexity and communication overhead.

Published

2017

6. An ID-based authenticated three-party key exchange protocol

Author

Sujata Mohanty, Susmita Mandal, and Banshidhar Majhi

Subjects

business.industry, Computer science, Three party, General Medicine, Oakley protocol, business, Protocol (object-oriented programming), Key exchange, Computer network

Published

2017

7. Efficient ID-Based Authentication and Key Exchange Protocol

Author

Jong Hwan Park, Dong-Hoon Lee, Minhye Seo, and Jieun Eom

Subjects

Challenge-Handshake Authentication Protocol, 021110 strategic, defence & security studies, Otway–Rees protocol, computer.internet_protocol, business.industry, Computer science, Generic Security Service Algorithm for Secret Key Transaction, 0211 other engineering and technologies, 0102 computer and information sciences, 02 engineering and technology, Oakley protocol, 01 natural sciences, Off-the-Record Messaging, 010201 computation theory & mathematics, IPsec, Authentication protocol, Lightweight Extensible Authentication Protocol, business, computer, Computer network

Published

2016

8. Password-Authenticated Group Key Exchange

Author

Yuexin Zhang, Xinyi Huang, and Yang Xiang

Subjects

Password, Key establishment, Computer Networks and Communications, Computer science, computer.internet_protocol, business.industry, 020206 networking & telecommunications, 02 engineering and technology, Cryptographic protocol, Oakley protocol, Computer security, computer.software_genre, Internet protocol suite, Universal composability, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, business, Key management, computer, Key exchange, Computer network, Group key

Abstract

Two-party password-authenticated key exchange (2PAKE) protocols provide a natural mechanism for secret key establishment in distributed applications, and they have been extensively studied in past decades. However, only a few efforts have been made so far to design password-authenticated group key exchange (GPAKE) protocols. In a 2PAKE or GPAKE protocol, it is assumed that short passwords are preshared among users. This assumption, however, would be impractical in certain applications. Motivated by this observation, this article presents a GPAKE protocol without the password sharing assumption. To obtain the passwords, wireless devices, such as smart phones, tablets, and laptops, are used to extract short secrets at the physical layer. Using the extracted secrets, users in our protocol can establish a group key at higher layers with light computation consumptions. Thus, our GPAKE protocol is a cross-layer design. Additionally, our protocol is a compiler, that is, our protocol can transform any provably secure 2PAKE protocol into a GPAKE protocol with only one more round of communications. Besides, the proposed protocol is proved secure in the standard model.

Published

2016

9. Comment on a certificateless one-pass and two-party authenticated key agreement protocol

Author

Yang Lu, Quanling Zhang, Jiguo Li, and Jian Shen

Subjects

Key-agreement protocol, Information Systems and Management, Computer science, 05 social sciences, 050301 education, 020206 networking & telecommunications, 02 engineering and technology, Oakley protocol, Shared secret, Computer security, computer.software_genre, Authenticated key agreement protocol, Computer Science Applications, Theoretical Computer Science, Artificial Intelligence, Control and Systems Engineering, 0202 electrical engineering, electronic engineering, information engineering, Key (cryptography), One pass, 0503 education, computer, Protocol (object-oriented programming), Software

Abstract

Authenticated key agreement protocol is a useful primitive which allows two or more entities to securely establish a shared secret key for their communications over an insecure public network. Recently, Zhang proposed an efficient certificateless one-pass and two-party authenticated key agreement protocol. The proposed protocol meets all the security requirements that a one-pass and two-party authenticated key agreement protocol should satisfy. To achieve the standard key-compromise impersonation security, Zhang provided a general idea to convert the proposed protocol to the one with key-compromise impersonation property. However, Zhang may omit some detailed inputs in the description of the extended certificateless one-pass and two-party authenticated key agreement protocol. We show that the extended protocol achieves the standard key-compromise impersonation security if and only if some public inputs are well included.

Published

2016

10. An Identity‐Based Group Key Agreement Protocol for Low‐Power Mobile Devices

Author

Jikai Teng and Chuankun Wu

Subjects

TheoryofComputation_MISCELLANEOUS, Key-agreement protocol, Computer science, Applied Mathematics, Distributed computing, Wireless Routing Protocol, 020206 networking & telecommunications, 02 engineering and technology, Shared secret, Oakley protocol, Cryptographic protocol, 0202 electrical engineering, electronic engineering, information engineering, Key (cryptography), 020201 artificial intelligence & image processing, Electrical and Electronic Engineering, Group Domain of Interpretation, Group key

Abstract

In wireless mobile networks, group members join and leave the group frequently, a dynamic group key agreement protocol is required to provide a group of users with a shared secret key to achieve cryptographic goal. Most of previous group key agreement protocols for wireless mobile networks are static and employ traditional PKI. This paper presents an ID-based dynamic authenticated group key agreement protocol for wireless mobile networks. In Setup and Join algorithms, the protocol requires two rounds and each low-power node transmits constant size of messages. Furthermore, in Leave algorithm, only one round is required and none of low-power nodes is required to transmit any message, which improves the efficiency of the entire protocol. The protocol's AKE-security with forward secrecy is proved under Decisional bilinear inverse Diffie-Hellman (DBIDH) assumption. It is additionally proved to be contributory.

Published

2016

11. Design of an anonymity-preserving three-factor authenticated key exchange protocol for wireless sensor networks

Author

Muhammad Khurram Khan, Ruhul Amin, G. P. Biswas, SK Hafizul Islam, Neeraj Kumar, and Lu Leng

Subjects

Challenge-Handshake Authentication Protocol, Otway–Rees protocol, Internet Protocol Control Protocol, Port Control Protocol, Computer Networks and Communications, computer.internet_protocol, Computer science, Internet layer, 02 engineering and technology, Oakley protocol, Computer security, computer.software_genre, Neighbor Discovery Protocol, law.invention, Internet protocol suite, law, NAT Port Mapping Protocol, Default gateway, Internet Protocol, Universal composability, 0202 electrical engineering, electronic engineering, information engineering, User Datagram Protocol, Session key, Stateless protocol, Revocation, business.industry, Resource Reservation Protocol, Link Control Protocol, ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, 020206 networking & telecommunications, Cryptographic protocol, Authenticated Key Exchange, IPsec, Authentication protocol, 020201 artificial intelligence & image processing, Smart card, Wide Mouth Frog protocol, Reflection attack, business, computer, Wireless sensor network, Computer network

Abstract

We observed that Farash et?al.'s authentication protocol for WSN is susceptible to many security attacks.The protocol is also unable to preserve user anonymity.We designed an anonymity preserving authentication scheme for WSN.We analyze the security of the proposed protocol using AVISPA S/W.The proposed protocol is secure against active and passive attacks and more efficient than other protocols. Recently, Farash et?al. pointed out some security weaknesses of Turkanovic et?al.'s protocol, which they extended to enhance its security. However, we found some problems with Farash et?al.'s protocol, such as a known session-specific temporary information attack, an off-line password-guessing attack using a stolen-smartcard, a new-smartcard-issue attack, and a user-impersonation attack. Additionally, their protocol cannot preserve user-anonymity, and the secret key of the gateway node is insecure. The main intention of this paper is to design an efficient and robust smartcard-based user authentication and session key agreement protocol for wireless sensor networks that use the Internet of Things. We analyze its security, proving that our protocol not only overcomes the weaknesses of Farash et?al.'s protocol, but also preserves additional security attributes, such as the identity change and smartcard revocation phases. Moreover, the results of a simulation using AVISPA show that our protocol is secure against active and passive attacks. The security and performance of our work are also compared with a number of related protocols.

Published

2016

12. Timestamp based Key Exchange Protocol for Satellite Access Network

Author

In-A Song and Young-Seok Lee

Subjects

Access network, biology, business.industry, Computer science, Oakley protocol, Man-in-the-middle attack, Computer security, computer.software_genre, biology.organism_classification, Diffie–Hellman key exchange, Satellite (biology), Timestamp, business, Protocol (object-oriented programming), computer, Key exchange, Computer network

Published

2016

13. An Efficient 3D Elliptic Curve Diffie–Hellman (ECDH) Based Two-Server Password-Only Authenticated Key Exchange Protocol with Provable Security

Author

G. Sudha Sadasivam, L. Rohini, and K. Anitha Kumari

Subjects

Key-agreement protocol, Computer science, Elliptic curve Diffie–Hellman, 020206 networking & telecommunications, 020207 software engineering, 02 engineering and technology, Oakley protocol, Cryptographic protocol, Computer security, computer.software_genre, Computer Science Applications, Theoretical Computer Science, Authenticated Key Exchange, Diffie–Hellman key exchange, ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS, Authentication protocol, 0202 electrical engineering, electronic engineering, information engineering, Electrical and Electronic Engineering, computer, Key exchange

Abstract

In large-scale distributed systems, where adversarial attacks have extensive impact, authentication provides fortification against threats involving impersonation of entities and tampering of data. Towards this, we introduce the first tetrahedron (three-dimensional (3D)) based two-server Password Authenticated and Key Exchange (PAKE) protocol to represent text passwords. A 3D PAKE protocol is a hybrid cryptographic algorithm that requires two servers for authentication; one server engages with users and the other is hidden from the clients. A remarkable aspect of the proposed 3D PAKE protocol is that reclaiming password from the stored credentials is not possible when either one/both the servers gets compromised. In this paper, we discuss the properties of tetrahedron that mesh well with Diffie–Hellman key exchange protocol and elliptic curve cryptography encryption scheme and proved that the protocol is resistant against cryptographic attacks without the involvement of public key infrastructure. ...

Published

2016

14. An authenticated group key transfer protocol using elliptic curve cryptography

Author

Priyanka Jaiswal and Sachin Tripathi

Subjects

Key-agreement protocol, Interlock protocol, Computer Networks and Communications, Elliptic curve Diffie–Hellman, Computer science, Key distribution, 020206 networking & telecommunications, 02 engineering and technology, Oakley protocol, Computer security, computer.software_genre, 020202 computer hardware & architecture, Authentication protocol, 0202 electrical engineering, electronic engineering, information engineering, Pre-shared key, computer, Software, Group key

Abstract

Several groupware applications like e-conferences, pay-per view, online games, etc. require a common session key to establish a secure communication among the group participants. For secure communication, such applications often need an efficient group key establishment protocol to construct a common session key for group communications. Conventional group key transfer protocols depends on mutually trusted key generation center (KGC) to generate and distribute the group key to each participant in each session. However, those approaches require extra communication overheads in the server setup. This paper presents an efficient and secure group key transfer protocol using elliptic curve cryptography (ECC). The proposed protocol demonstrates a novel group key transfer protocol, in which one of the group member plays the role of KGC (the protocol without an online KGC, which is based on elliptic curve discrete logarithm problem (ECDLP) and Shamir’s secret sharing scheme. The confidentiality of the proposed protocol is ensured by Shamir’s secret sharing, i.e., information theoretically secure and provides authentication using ECDLP. Furthermore, the proposed protocol resists against potential attacks (insider and outsider) and also significantly reduces the overheads of the system. The security analysis section of the present work also justifies the security attributes of the proposed protocol under various security assumptions.

Published

2016

15. TTP Based High-Efficient Multi-Key Exchange Protocol

Author

Kun-Lin Tsai, Fang-Yie Leu, Yi-Li Huang, and Ilsun You

Subjects

Otway–Rees protocol, current time encryption key, General Computer Science, Computer science, two-dimensional operation, Key distribution, 02 engineering and technology, Oakley protocol, Encryption, Computer security, computer.software_genre, Diffie–Hellman key exchange, Public-key cryptography, 0202 electrical engineering, electronic engineering, information engineering, Session key, General Materials Science, Elliptic curve cryptography, Security level, Key exchange, elliptic curve cryptosystem, Key-agreement protocol, Authentication, business.industry, Key space, General Engineering, 020206 networking & telecommunications, Multiple key exchange, Mutual authentication, trusted third party, Three-pass protocol, Authentication protocol, Key (cryptography), 020201 artificial intelligence & image processing, lcsh:Electrical engineering. Electronics. Nuclear engineering, business, computer, lcsh:TK1-9971, Computer network

Abstract

With a trusted-third-party (TTP)-based key exchange protocol, when a user would like to transmit a message to another user, the transmitted data are encrypted by a session key exchanged between the two ends of the corresponding connection with the help of the TTP. Up to present, due to the assistance of a TTP, this type of protocols has performed well in protecting messages delivered between two authorized users. Even this, inflexibility, unreliability, and inefficiency problems still exist in these previously proposed protocols. Therefore, in this paper, a multi-key exchange protocol, named the TTP-based high-efficient multi-key exchange protocol (THMEP), is proposed to provide users with a secure and efficient protocol, which employs the elliptic curve cryptography, a 2-D operation, and a current time encryption key, to exchange their session keys. The proposed protocol not only effectively hides important encryption parameters, but also achieves fully mutual authentication between a user and his/her trusted server. It can resist known-key, impersonation, replay, eavesdropping, and forgery attacks. Besides, the THMEP generates 40 session keys in a key exchange process, meaning the proposed protocol can support 40 sessions simultaneously. It also shortens the processing time, which is 3.78 times faster than that of a specific previous study. Its security level and performance are higher than those of the compared state-of-the-art protocols. In other words, the THMEP is very suitable for IoT applications.

Published

2016

16. A Pairing-Free Identity-Based Authenticated Key Agreement Protocol for MANET

Author

Shaheena Khatoon

Subjects

Internet Protocol Control Protocol, Computer Networks and Communications, business.industry, Computer science, Distributed computing, ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, Mobile ad hoc network, Mutual authentication, Oakley protocol, Authentication protocol, Server, Session key, business, Protocol (object-oriented programming), Computer network

Abstract

Providing a suitable authenticated key establishment protocol in MANETs is challenging due to all the characteristics of networks, such as communication capability, computation capability and storage resources. This paper presents an efficient and flexible authenticated key agreement protocol without bilinear pairings for MANET. Our proposed protocol not only provides mutual authentication between users and servers but also supports session key agreement. In addition, in our protocol the user does not need to perform the expansive bilinear operations, so it reduces the computation loads.

Published

2015

17. A Three-Party Password-based Authenticated Key Exchange Protocol for Wireless Communications

Author

Lixiang Li, Haiepeng Peng, Yixian Yang, and Yanrong Lu

Subjects

Key-agreement protocol, Otway–Rees protocol, Internet Protocol Control Protocol, business.industry, Computer science, Cryptographic protocol, Oakley protocol, Computer security, computer.software_genre, Computer Science Applications, Control and Systems Engineering, Authentication protocol, User Datagram Protocol, Wide Mouth Frog protocol, Electrical and Electronic Engineering, business, computer, Computer network

Abstract

A three-party password-based authenticated key exchange (3PAKE) protocol is an important cryptographic primitive which allows two entities to establish a session key with the help of a trusted server through an insecure channel. Recently, Farash and Attari (Information Technology and Control 43(2), 143-150, 2014) presented an improved 3PAKE protocol to erase the security flaws found in Tallapally’s 3PAKE protocol (Information Technology and Control 41(1), 15-22, 2012). They claimed that their improved protocol could withstand many security attacks. However, we identified that Farash and Attari’s protocol was still sensitive to the off-line password guessing attack which directly resulted in defencelessness to the impersonation attack. In order to cope with the loopholes of Farash and Attari’s protocol, we proposed a modified 3PAKE protocol without using smart cards for wireless communications. We demonstrate that the proposed protocol can mitigate all the problems of the protocol of Farash and Attari and possess more security properties. In addition, we make a comparison among the proposed protocol and the other related protocols regarding the performance and security properties.DOI: http://dx.doi.org/10.5755/j01.itc.44.4.9729

Published

2015

18. Forsakes: A forward-secure authenticated key exchange protocol based on symmetric key-evolving schemes

Author

Mohammad Sadeq Dousti and Rasool Jalili

Subjects

TheoryofComputation_MISCELLANEOUS, Provable security, Algebra and Number Theory, Computer Networks and Communications, business.industry, Applied Mathematics, Hash function, Computer security model, Oakley protocol, Authenticated Key Exchange, Symmetric-key algorithm, Forward secrecy, Discrete Mathematics and Combinatorics, business, Protocol (object-oriented programming), Computer network, Mathematics

Abstract

This paper suggests a model and a definition for forward-secure authenticated key exchange (AKE) protocols, which can be satisfied without depending on the Diffie--Hellman assumption. The basic idea is to use key-evolving schemes (KES), where the long-term keys of the system get updated regularly and irreversibly. Protocols conforming to our model can be highly efficient, since they do not require the resource-intensive modular exponentiations of the Diffie--Hellman protocol. We also introduce a protocol, called FORSAKES, and prove rigorously that it is a forward-secure AKE protocol in our model. FORSAKES is a very efficient protocol, and can be implemented by merely using hash functions.

Published

2015

19. A provable authenticated group key agreement protocol for mobile environment

Author

Chia-Hsien Lin, Huaxiong Wang, Hung-Min Sun, Tsu-Yang Wu, Chien-Ming Chen, and Bing-Zhe He

Subjects

Key-agreement protocol, Authentication, Information Systems and Management, business.industry, Computer science, Mobile computing, General Inter-ORB Protocol, Oakley protocol, Computer security, computer.software_genre, Computer Science Applications, Theoretical Computer Science, Public-key cryptography, Artificial Intelligence, Control and Systems Engineering, Universal composability, Group Domain of Interpretation, business, computer, Software, Key escrow, Group key, Computer network

Abstract

Secure group communication over an untrusted open network is a continuing problem, especially in mobile environments. With the development of 3G networks and mobile computing technology, the number of group-oriented applications is increasing rapidly. Although these applications are convenient, achieving secure group communication to protect user privacy is a major concern. This study presents an authenticated group key agreement protocol for mobile environments. By using certificateless public key cryptography, the protocol reduces the cost of managing the certificates and avoids the key escrow problem. Instead of a fully-trusted server, the protocol uses a semi-trusted server, which helps users communicate but does not learn about the group key. The analytical results indicate that the proposed protocol provides good security in mobile environments.

Published

2015

20. Cryptanalysis of a robust key agreement based on public key authentication

Author

Mohsen Toorani

Subjects

Key-agreement protocol, Computer Networks and Communications, business.industry, Computer science, Key distribution, 020206 networking & telecommunications, 02 engineering and technology, Oakley protocol, Cryptographic protocol, Computer security, computer.software_genre, Authenticated Key Exchange, Public-key cryptography, Security association, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, Station-to-Station protocol, business, computer, Information Systems, Computer network

Abstract

This paper considers security analysis of the YAK, a public key-based authenticated key agreement protocol. The YAK protocol is a variant of the two-pass HMQV protocol but uses zero-knowledge proofs for proving knowledge of ephemeral values. In this paper, we show that the YAK protocol lacks joint key control and perfect forward secrecy attributes and is vulnerable to some attacks including unknown key-share and key-replication attacks. This invalidates the semantic security of the protocol in several security models. There are also other considerations regarding the impersonation and small subgroup attacks. Copyright © 2015 John Wiley & Sons, Ltd.

Published

2015

21. A new two-round dynamic authenticated contributory group key agreement protocol using elliptic curve Diffie–Hellman with privacy preserving public key infrastructure

Author

Vankamamidi Srinivasa Naresh and Nistala V. E. S. Murthy

Subjects

TheoryofComputation_MISCELLANEOUS, Key-agreement protocol, Multidisciplinary, business.industry, Computer science, Elliptic curve Diffie–Hellman, MQV, Oakley protocol, Computer security, computer.software_genre, Diffie–Hellman key exchange, Forward secrecy, Station-to-Station protocol, business, computer, Computer network, Group key

Abstract

In this paper a new two-round authenticated contributory group key agreement based on Elliptic Curve Diffie–Hellman protocol with Privacy Preserving Public Key Infrastructure (PP-PKI) is introduced and is extended to a dynamic authenticated contributory group key agreement with join and leave protocols for dynamic groups. The proposed protocol provides such security attributes as forward secrecy, backward secrecy, and defense against man in the middle (MITM) and Unknown key-share security attacks and also authentication along with privacy preserving attributes like anonymity, traceability and unlinkability. In the end, they are compared with other popular Diffie–Hellman and Elliptic Curve Diffie–Hellman based group key agreement protocols and the results are found to be satisfactory.

Published

2015

22. Design of a password-based authenticated key exchange protocol for SIP

Author

Dheerendra Mishra

Subjects

Challenge-Handshake Authentication Protocol, Zero-knowledge password proof, Interlock protocol, Computer Networks and Communications, Computer science, computer.internet_protocol, 02 engineering and technology, Shared secret, Oakley protocol, Computer security, computer.software_genre, Random oracle, Universal composability, 0202 electrical engineering, electronic engineering, information engineering, Media Technology, Strong authentication, Session key, Pre-shared key, Elliptic curve cryptography, Password, Key-agreement protocol, Stateless protocol, Session Initiation Protocol, Authentication, business.industry, ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, 020206 networking & telecommunications, 020207 software engineering, Authenticated Key Exchange, Hardware and Architecture, Authentication protocol, Challenge–response authentication, business, Communications protocol, computer, Software, Computer network

Abstract

The Session Initiation Protocol (SIP) is a signaling communications protocol, which has been chosen for controlling multimedia communication in 3G mobile networks. In recent years, password-based authenticated key exchange protocols are designed to provide strong authentication for SIP. In this paper, we address this problem in two-party setting where the user and server try to authenticate each other, and establish a session key using a shared password. We aim to propose a secure and anonymous authenticated key exchange protocol, which can achieve security and privacy goal without increasing computation and communication overhead. Through the analysis, we show that the proposed protocol is secure, and has computational and computational overheads comparable to related authentication protocols for SIP using elliptic curve cryptography. The proposed protocol is also provably secure in the random oracle model.

Published

2015

23. A Secure Wireless Communication Protocol using Diffie - Hellman Key Exchange

Author

Varun Shukla, Atul Chaturvedi, and Neelam Srivastava

Subjects

TheoryofComputation_MISCELLANEOUS, Key-agreement protocol, Otway–Rees protocol, Interlock protocol, business.industry, Computer science, ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, Man-in-the-middle attack, Oakley protocol, Cryptographic protocol, Computer security, computer.software_genre, Diffie–Hellman key exchange, Authentication protocol, Universal composability, Station-to-Station protocol, business, computer, Key exchange, Computer network

Abstract

Diffie and Hellman in their path breaking paper (5) proposed a two party key agreement protocol based on finite field. Diffie - Hellman Key Exchange Protocol (DH protocol) has unique importance in two party wireless communication scenarios. After this protocol several protocols have been proposed which were based on DH protocol but the Man in the middle attack raises a serious security concern on this protocol. Researchers have been working to overcome this security concern to design a new protocol. This paper proposes an authenticated key agreement protocol which is secure against Man in the middle attack. The authors also prove security issues of this protocol.

Published

2015

24. An improved smart card based authentication scheme for session initiation protocol

Author

Saru Kumari, Xiong Li, Mohammad Sabzinejad Farash, Fan Wu, Shehzad Ashraf Chaudhry, and Muhammad Khurram Khan

Subjects

Challenge-Handshake Authentication Protocol, Session Initiation Protocol, Otway–Rees protocol, Computer Networks and Communications, business.industry, Computer science, computer.internet_protocol, ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, Cryptographic protocol, Oakley protocol, Computer security, computer.software_genre, Authentication protocol, Wide Mouth Frog protocol, Reflection attack, business, computer, Software, Computer network

Abstract

Sessioninitiation protocol (SIP) reformed the controlling routine of voice over Internet Protocol based communication over public channels. SIP is inherently insecure because of underlying open text architecture. A number of solutions are proposed to boost SIP security. Very recently Farash (Peer to Peer Netw. Appl. 1–10, 2014) proposed an enhanced protocol to improve the security of Tu et al.’s protocol (Peer to Peer Netw. Appl. 1–8, 2014). Further, Farash claimed his protocol to be secure against all known attacks. However, in this paper we show that Farash’s protocol is insecure against impersonation attack, password guessing attack, lacks user anonymity and is vulnerable to session-specific temporary information attack. Further, we have proposed an upgraded protocol to enhance the security. The security and performance analysis shows that the proposed protocol reduced one point multiplication as compared with Farash’s protocol, while resisting all known attacks. We have proved the security of proposed protocol using automated tool ProVerif.

Published

2015

25. Design and analysis of a three party password-based authenticated key exchange protocol using extended chaotic maps

Author

SK Hafizul Islam

Subjects

Information Systems and Management, Otway–Rees protocol, Computer science, computer.internet_protocol, Distributed computing, Hash function, Cryptography, Oakley protocol, Internet security, Neighbor Discovery Protocol, Theoretical Computer Science, Random oracle, Artificial Intelligence, Universal composability, Session key, Password, Key-agreement protocol, business.industry, Cryptographic protocol, Computer Science Applications, Authenticated Key Exchange, Control and Systems Engineering, Authentication protocol, Wide Mouth Frog protocol, Smart card, business, computer, Software

Abstract

An efficient and secure ECM-3PAKE protocol with key confirmation is proposed.The proposed protocol is designed using extended chaotic maps and smartcard.The proposed protocol is provably secure in the random oracle model.The results of AVISPA show that our protocol resists active and passive attacks.The protocol is secure and computation efficient than the existing protocols. Recently, the theory and application of Chebyshev polynomials have been studied extremely by the cryptographic research community; many symmetric and asymmetric cryptographic protocols have been designed based on extended chaotic maps. In this paper, a computation cost efficient and robust three party password-based authenticated key exchange (ECM-3PAKE) protocol with key confirmation has been designed using extended chaotic maps and smartcard. In this protocol, two users can establish a common session key with the help of a trusted server. The proposed protocol is shown to be provably secure in the random oracle model and formally validated through the simulation of Automated Validation of Internet Security Protocols and Applications (AVISPA) software. The simulation results from different model checkers of AVISPA proved that the protocol can withstand the active and passive attacks. Besides, the informal security analysis gives the evidence of security and functional efficiencies of the protocol. In addition, the comparative analysis illustrates that the protocol performs better than the existing protocols.

Published

2015

26. Provably secure one-round certificateless authenticated group key agreement protocol for secure communications

Author

Abhishek Kumar Singh and Sk Hafizul Islam

Subjects

Provable security, computer.internet_protocol, Computer science, Key distribution, Cryptography, Oakley protocol, Computer security, computer.software_genre, Random oracle, Public-key cryptography, Diffie–Hellman key exchange, Security association, Universal composability, Certificate authority, Session key, Electrical and Electronic Engineering, Key exchange, Group key, Standard model (cryptography), Key-agreement protocol, Authentication, business.industry, Computer security model, Certificate Management Protocol, Computer Science Applications, Authenticated Key Exchange, Group Domain of Interpretation, business, computer, Computer network

Abstract

A novel one-round authenticated group key agreement (CL-AGKA) protocol is devised in this paper on certificateless public key cryptography. Our CL-AGKA protocol abolished the certificate management burden existing in certificate authority-based public key cryptography and the private-key escrow problem occurring in identity-based cryptography. Our CL-AGKA protocol is designed to establish an authenticated group session key between a group participants by ensuring that the session key is not revealed to any outsiders. The proposed CL-AGKA protocol designed a security model in the computational model, called the random oracle model. It is formally examined that our CL-AGKA protocol achieved the strong authenticated key exchange security and thus provably secured in the random oracle model. The security of the designed protocol is achieved against the intractability assumptions of the computational Diffie---Hellman problem and bilinear Diffie---Hellman problem. In addition, the proposed CL-AGKA protocol offered low message exchange cost and computational cost against the related group key agreement protocols.

Published

2015

27. An Improved Two-Party Authentication Key Exchange Protocol for Mobile Environment

Author

Jianhua Chen, Huibo Yang, and Yuanyuan Zhang

Subjects

Key-agreement protocol, Challenge-Handshake Authentication Protocol, Authentication, Otway–Rees protocol, business.industry, Computer science, Mutual authentication, Oakley protocol, Computer security, computer.software_genre, Computer Science Applications, Public-key cryptography, Secure communication, Elliptic curve cryptosystem, SAFER, Authentication protocol, Universal composability, Key (cryptography), Electrical and Electronic Engineering, business, computer, Key exchange, Computer network

Abstract

Mobile environment has been used in large area range of network. In order to secure communication, a number of schemes have been proposed. The typical schemes are two-party authentication key exchange (2PAKE) protocols. It is based on elliptic curve cryptosystem. The main weakness of the protocol is that attackers have the ability to impersonate a legal user at any time. In addition, it is vulnerable to the public key problem and unknown key share attack. In this paper, we propose a 2PAKE protocol. Our protocol is indeed safer and meets the needs. Hence, the proposed protocol has a great contribution to the area of mobile environment.

Published

2015

28. PF-ID-2PAKA: Pairing Free Identity-Based Two-Party Authenticated Key Agreement Protocol for Wireless Sensor Networks

Author

Gaurav Sharma, Anil Kumar Verma, and Suman Bala

Subjects

Key-agreement protocol, Computer science, business.industry, ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, 020206 networking & telecommunications, Cryptography, 02 engineering and technology, Computer security model, Oakley protocol, Cryptographic protocol, Computer Science Applications, Secure communication, Pairing, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, Electrical and Electronic Engineering, business, Wireless sensor network, Protocol (object-oriented programming), AKA, Computer network

Abstract

To ensure secure communication between any two entities, authenticated key agreement protocol is the primary step and current research has a lot of contribution in this direction. In this paper, we propose a Pairing Free Identity-based Two-Party Authenticated Key Agreement protocol and gather the implementation results for Wireless Sensor Networks on MICAz mote by using Relic-toolkit cryptographic library. The proposed protocol is efficient as it does not use any pairing operation and only uses three scalar point multiplications. The security of the protocol has been proved secure using strongest security model for identity-based key agreement protocol presented by Liang et al.

Published

2015

29. Provably secure extended chaotic map-based three-party key agreement protocols using password authentication

Author

Tian Fu Lee, Ching Ying Lin, Chun-Li Lin, and Tzonelih Hwang

Subjects

Challenge-Handshake Authentication Protocol, Key-agreement protocol, Zero-knowledge password proof, Otway–Rees protocol, Computer science, business.industry, Applied Mathematics, Mechanical Engineering, Aerospace Engineering, Ocean Engineering, Oakley protocol, Control and Systems Engineering, Authentication protocol, Wide Mouth Frog protocol, Electrical and Electronic Engineering, Challenge–response authentication, business, Computer network

Abstract

This paper presents a novel three-party key agreement protocol using password authentication, which enables each client sharing a long-lived secret only with a trusted server to exchange confidential and authenticated information with another client over an insecure network via the server. The proposed protocol is based on extended chaotic maps and adopts the technique that the clients can publicly exchange the factors for generating the session key without the help of the server such that the numbers of transmissions are reduced. A round-efficient version of the proposed key agreement protocol is also described. Compared to related chaotic map-based approaches, the proposed protocol not only possesses higher security and lower computational cost, but also has fewer transmissions. Additionally, the proposed protocol is proven secure in the random oracle model and realizes optimal in communications.

Published

2015

30. A strongly secure identity-based authenticated group key exchange protocol

Author

ChunMing Tang, Youliang Tian, JiKai Teng, and ChuanKun Wu

Subjects

Key-agreement protocol, General Computer Science, Computer science, business.industry, Key distribution, Oakley protocol, Shared secret, Computer security, computer.software_genre, Forward secrecy, Key (cryptography), Pre-shared key, Group Domain of Interpretation, business, computer, Computer network

Abstract

In group key exchange (GKE) protocols, a shared secret key is established among a group of members for cryptographic use over a public network. An identity-based protocol is preferred to that under the employment of traditional public key infrastructure (PKI), since identity-based cryptosystem can simplify public key management procedure. In ASIACCS 2011, a security model for GKE protocol called EGBG model was proposed. The EGBG model takes ephemeral secret key leakage attack into consideration. Until now, there is no ID-based GKE protocol secure in the EGBG model. In this paper, we propose an identity-based GKE protocol. Its AKE-security with KCIR and full forward secrecy, MA-security with KCIR and its contributiveness are proven in the EGBG model. The proposed protocol does not involve NAXOS trick, which does not resist side channel attack and thus it provides stronger security guarantee. It achieves mutual authentication without applying signature, which makes the protocol more practical.

Published

2015

31. RYY ++ : A Novel Provably Secure Identity‐Based Authenticated Key Agreement Protocol

Author

Xiuli Wang, Jianming Zhu, Yang Li, Yaoqi Zhang, and Ning Zhang

Subjects

Key-agreement protocol, business.industry, Computer science, Applied Mathematics, Telecommunication security, Oakley protocol, Cryptographic protocol, Challenge response, Computer security, computer.software_genre, Authenticated key agreement protocol, Public-key cryptography, Digital signature, Electrical and Electronic Engineering, business, computer

Abstract

Based on revisiting the RYY+ Identitybased (ID-Based) key agreement protocol, we find it’s vulnerable to Intermediate results leakage (IRL) and Keycompromise impersonation (KCI) attack. A novel protocol called RYY++ is proposed to make up for its deficiencies. Our protocol follows the Full dual exponential challenge response (FDCR-1) scheme to ensure the signature change every time, so the master public key of Private key generator (PKG) joined in signature generation can guarantee two parties trust each other. The RYY++ protocol is also proven to be secure in the Strengthened extended Canetti– Krawczyk (SeCK) model which provides better support for adversary’s query and has an advantage over most existing protocols on security and efficiency.

Published

2015

32. A provably secure and efficient two-party password-based explicit authenticated key exchange protocol resistance to password guessing attacks

Author

Mohammad S. Obaidat, Mohammad Sabzinejad Farash, and SK Hafizul Islam

Subjects

Zero-knowledge password proof, Encrypted key exchange, Computer Networks and Communications, Computer science, Salt (cryptography), Shared secret, Oakley protocol, Computer security, computer.software_genre, One-time password, Theoretical Computer Science, Random oracle, S/KEY, Password strength, Forward secrecy, Key stretching, Session key, Key derivation function, Password, Authentication, Password cracking, Computer Science Applications, Authenticated Key Exchange, ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS, Elliptic curve, Computational Theory and Mathematics, Rainbow table, Challenge–response authentication, computer, Software

Abstract

Password-based two-party authenticated key exchange 2PAKE protocol enables two or more entities, who only share a low-entropy password between them, to authenticate each other and establish a high-entropy secret session key. Recently, Zheng et al. proposed a password-based 2PAKE protocol based on bilinear pairings and claimed that their protocol is secure against the known security attacks. However, in this paper, we indicate that the protocol of Zheng et al. is insecure against the off-line password guessing attack, which is a serious threat to such protocols. Consequently, we show that an attacker who obtained the users' password by applying the off-line password guessing attack can easily obtain the secret session key. In addition, the protocol of Zheng et al. does not provide the forward secrecy of the session key. As a remedy, we also improve the protocol of Zheng et al. and prove the security of our enhanced protocol in the random oracle model. The simulation result shows that the execution time of our 2PAKE protocol is less compared with other existing protocols. Copyright © 2015 John Wiley & Sons, Ltd.

Published

2015

33. Design of Two-Party Authenticated Key Agreement Protocol Based on ECC and Self-Certified Public Keys

Author

Sk Hafizul Islam and G. P. Biswas

Subjects

Public key certificate, Computer science, Key distribution, Oakley protocol, Computer security, computer.software_genre, Internet security, Key authentication, Random oracle, Public-key cryptography, Security association, Cryptosystem, Electrical and Electronic Engineering, Elliptic curve cryptography, Key management, Key-agreement protocol, Authentication, Key generation, business.industry, Public key infrastructure, YAK, Trusted third party, Computer Science Applications, Elliptic curve, business, Implicit certificate, computer

Abstract

A two-party authenticated key agreement (2PAKA) protocol based on Elliptic curve cryptography (ECC) and the self-certified public key (SC-PKC) of the user is proposed in this paper. Although several ECC-based 2PAKA protocols using either public key infrastructure (PKI) or Identity-based cryptosystem (IBC) have been proposed recently, they suffer from certain limitations. For instance, the former requires heavy computation and management of public key certificate (PKC) and the latter induces a private key escrow problem as the private key is generated by a trusted third party, called private key generator (PKG). Also the man-in-the-middle attack may occur from a malicious PKG and the resilience against such an attack for an authenticated key agreement protocol is needed. In this paper, we proposed the design of a 2PAKA protocol using ECC and SC-PKC that removes all the limitations as mentioned above. In SC-PKC, a trusted third party, called system authority (SA) generates the public key of a user based on user identity signed by SA and user generated signature based on the private key of the user. The proposed scheme is provably secure in the random oracle model under the Computational Diffie---Hellman assumption. Also the formal security validation of our scheme using Automated Validation of Internet Security Protocols and Applications software is done and simulation results prove that it is safe against both the active and passive adversaries. In addition, our protocol is computationally efficient and may be considered as an alternative of the PKI- or IBC-based 2PAKA protocol.

Published

2015

34. Certificateless one-pass and two-party authenticated key agreement protocol and its extensions

Author

Lei Zhang

Subjects

TheoryofComputation_MISCELLANEOUS, Information Systems and Management, Computer science, MQV, Certificateless cryptography, Key distribution, Oakley protocol, Encryption, Computer security, computer.software_genre, Theoretical Computer Science, Random oracle, Diffie–Hellman key exchange, Public-key cryptography, Artificial Intelligence, Key-agreement protocol, Authentication, business.industry, Elliptic curve Diffie–Hellman, Computer security model, Computer Science Applications, Control and Systems Engineering, Station-to-Station protocol, business, computer, Software, Computer network

Abstract

An authenticated key agreement protocol is used to share a secret key for encrypting data being transferred between two or more parties over a public network. In this paper, we study one-pass and two-party authenticated key agreement protocols in certificateless public key cryptography. We first define a security model for certificateless one-pass and two-party authenticated key agreement protocols and then propose a concrete certificateless one-pass and two-party authenticated key agreement protocol which has low transmission overhead. Our protocol captures several common security requirements that a one-pass and two-party authenticated key agreement protocol should satisfy. We prove the security of our protocol under the computational Diffie–Hellman, square computational Diffie–Hellman and gap bilinear Diffie–Hellman assumptions in the random oracle model. Two extensions with better security attributes are also proposed.

Published

2015

35. Authenticated Key Agreement Protocol for Wireless Sensor Networks

Author

Zhang Li, Jin Y. Quan, Xie Bin, and He Z. Qiang

Subjects

Key-agreement protocol, business.industry, Computer science, General Mathematics, MQV, Oakley protocol, Encryption, Public-key cryptography, Control and Systems Engineering, Forward secrecy, Session key, business, Wireless sensor network, Computer network

Abstract

In order to solve the excessive computation and storage requirement arising due to the frequent sensor nodes movement in WSN, a new public key has been proposed based on ECC key agreement protocol. The mutual authentica- tion and agreement on a session key can be realized between users, or between user and a network server in WSN. This protocol adopts ECC techniques to consult session keys and AES Symmetrical encryption technology to achieve confi- dentiality. Compared with traditional protocol, this protocol could provide greater security with relatively fewer bits and reduce the requirement of computation and storage. A protocol has been proved to be a secure authenticated key agree- ment in ID-BIM models. Results show that it provides a perfect forward/back secrecy and PKG forward secrecy.

Published

2015

36. An Improved NSSK Authentication Protocol and Its Formal Analysis

Author

Zhao Zhigang and Yu Jin-Gang

Subjects

Key-agreement protocol, Challenge-Handshake Authentication Protocol, Otway–Rees protocol, Internet Protocol Control Protocol, Interlock protocol, Computer science, business.industry, 0211 other engineering and technologies, 02 engineering and technology, Oakley protocol, 021001 nanoscience & nanotechnology, Computer security, computer.software_genre, Authentication protocol, 021105 building & construction, Wide Mouth Frog protocol, 0210 nano-technology, business, computer, Computer network

Abstract

In order to ensure that the message is fresh, both the identity of the communication and the shared key in the session are reliable, while avoiding the defects of the old message retransmission attack and identity posing in the native NS protocol, the optimized protocol adopts the means by which the receiver communicates with the key distribution center, and add the sender's identity and the temporary values sent by the parties to the messages returned by the key distribution center. By using the modal logic BAN logic, this paper models the improved protocol, and defines the initial hypothesis set and the security target set. Based on this, the reasoning rule is used to prove that the improved protocol can ensure the authentication protocol is safe.

Published

2017

37. A Secure Pairing-Free Certificate-Less Authenticated Key Agreement Protocol

Author

Hu Kangwen, Hu Changzhen, Ma Rui, Xue Jingfeng, and Shan Chun

Subjects

business.industry, Computer science, Pairing, Key (cryptography), Oakley protocol, business, Certificate, Authenticated key agreement protocol, Protocol (object-oriented programming), GeneralLiterature_MISCELLANEOUS, Key escrow, Computer network

Abstract

Pairing-free certificate-less two-party authenticated key agreement (CT-AKA) protocol is computation-efficient, easily manageable, and less key escrow dependent compared to traditional pairing-based identity-based protocol. In this paper, we propose four types of attacks on CT-AKA, present a pairing-free CT-AKA protocol and analyze its security in Lippold model. Compared with relevant CT-AKA protocols, our protocol is more efficient, secure and practical to apply.

Published

2017

38. An authenticated key agreement protocol for cross-domain based on heterogeneous signcryption scheme

Author

Caifen Wang, Li Chen, Shufen Niu, Xu Wang, and Chao Liu

Subjects

Key-agreement protocol, 020203 distributed computing, Authentication, 021103 operations research, Computer science, business.industry, 0211 other engineering and technologies, Public key infrastructure, 02 engineering and technology, Oakley protocol, Ciphertext, 0202 electrical engineering, electronic engineering, information engineering, Key (cryptography), Cryptosystem, business, Computer network, Signcryption

Abstract

In this paper, we present a new efficient authenticated key agreement protocol. Compared with other cross-domain protocols which are all in the same cryptosystem, our protocol is innovatively designed to shift between the Public Key Infrastructure (PKI) and the Identity-based Cryptosystem (IBC). This protocol combined with heterogeneous signcryption method is proved to satisfy confidentiality and unforgeability on the basis of the assumptions of Computational Diffie-Hellman problem (CDHP) and Bilinear Diffie-Hellman problem (BDHP) in the authentication phases, and it simultaneously guarantees the ciphertext anonymity. In addition, it can efficiently resist kinds of active attacks such as known-session key attack, key forge attack, and known-temporary secret key attack. Compared with other two-party authenticated key agreement protocols, the newly proposed key agreement protocol has better security, practicability and efficiency.

Published

2017

39. Diffie-Hellman Key Exchange Protocol with Entities Authentication

Author

Bashir Alam

Subjects

TheoryofComputation_MISCELLANEOUS, Challenge-Handshake Authentication Protocol, 021110 strategic, defence & security studies, Computer science, Generic Security Service Algorithm for Secret Key Transaction, 0211 other engineering and technologies, 020206 networking & telecommunications, 02 engineering and technology, Oakley protocol, Computer security, computer.software_genre, Diffie–Hellman key exchange, Authentication protocol, Lightweight Extensible Authentication Protocol, 0202 electrical engineering, electronic engineering, information engineering, Key (cryptography), computer, Key exchange

Abstract

The Diffie-Hellman key exchange protocol provides the opportunity to arrive at a common secret key by exchanging texts over insecure medium without meeting in advance. Diffie-Hellman key exchange protocol is limited to the exchange of key only. Due to lack of authentication of entities, this protocol is vulnerable towards man-in-middle attack and impersonation attack. To eliminate the man-in-middle attack, Nanli[9] presented a research paper on Diffie-Hellma key exchange protocol. It is observed that Nanli‟s protocol, still suffers with impersonation attack. To deal with this vulnerability, an improved key exchange approach based on third party authentication scheme is proposed in this paper.

Published

2017

40. Improvement of a chaotic maps-based three-party password-authenticated key exchange protocol without using server’s public key and smart card

Author

Ting Wu, Bin Hu, and Qi Xie

Subjects

Key-agreement protocol, Otway–Rees protocol, Interlock protocol, business.industry, Computer science, Applied Mathematics, Mechanical Engineering, Aerospace Engineering, Ocean Engineering, Cryptographic protocol, Oakley protocol, Computer security, computer.software_genre, Authenticated Key Exchange, Control and Systems Engineering, Authentication protocol, Electrical and Electronic Engineering, Reflection attack, business, computer, Computer network

Abstract

Three-party password-authenticated key exchange (3PAKE) protocol allows two users to establish a secure session key over an insecure communication channel with the help of a trusted server. Recently, Farash and Attari proposed a chaotic maps-based 3PAKE protocol without using server’s public key, smart card and symmetric cryptosystems and claimed its security by providing well-organized security proof. Unfortunately, in this paper, we demonstrate that their protocol cannot resist impersonation attack and off-line password guessing attack. To overcome their security weaknesses, we propose an improved chaotic maps-based 3PAKE protocol with the same advantages. Further, we apply the pi calculus-based formal verification tool ProVerif to show that our 3PAKE protocol achieves authentication and security and show that our protocol is more efficient than Farash and Attari’s protocol in terms of computation and communication costs.

Published

2014

41. Cryptanalysis and improvement of an efficient authenticated key exchange protocol with tight security reduction

Author

Siqi Lu, Qingfeng Cheng, and Jinhua Zhao

Subjects

Security analysis, Otway–Rees protocol, Interlock protocol, Computer Networks and Communications, Computer science, ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, 020206 networking & telecommunications, 02 engineering and technology, Cryptographic protocol, Oakley protocol, Computer security, computer.software_genre, Authenticated Key Exchange, Universal composability, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, Wide Mouth Frog protocol, Electrical and Electronic Engineering, computer

Abstract

The SMEN protocol, proposed by Wu and Ustaoglu in 2009, has been considered to be secure as the authors claimed, and numerous theories are proposed based on this protocol. This paper analyzes the SMEN protocol and finds that this protocol is not resistant to the session corruption attack and the key compromise impersonation attack. Then, we propose an improved protocol with tight security reduction. Our improved protocol not only avoids the above attacks but also embraces the same efficiency as the SMEN protocol in terms of exponentiation. Besides, formal analysis of the improved protocol is presented by using the formal automatic security analysis tool Scyther. Copyright © 2014 John Wiley & Sons, Ltd.

Published

2014

42. Scalable protocol for cross-domain group password-based authenticated key exchange

Author

Zhen Yang, Cong Guo, Liehuang Zhu, Yu-an Tan, and Zijian Zhang

Subjects

Password, Zero-knowledge password proof, Authentication, Encrypted key exchange, General Computer Science, Computer science, Oakley protocol, Computer security, computer.software_genre, Theoretical Computer Science, Authenticated Key Exchange, Certificate authority, Key (cryptography), computer

Abstract

Cross-domain password-based authenticated key exchange (PAKE) protocols have been studied for many years. However, these protocols are mainly focusing on multi-participant within a single domain in an open network environment. This paper proposes a novel approach for designing a cross-domain group PAKE protocol, that primarily handles with the setting of multi-participant in the multi-domain. Moreover, our protocol is proved secure against active adversary in the Real-or-Random (ROR) model. In our protocol, no interaction occurs between any two domain authentication servers. They are regarded as ephemeral certificate authorities (CAs) to certify key materials that participants might subsequently use to exchange and agree on group session key. We further justify the computational complexity and measure the average computation time of our protocol. To the best of our knowledge, this is the first work to analyze and discuss a provably secure multi-participant cross-domain group PAKE protocol.

Published

2014

43. Cryptanalysis of the Dragonfly key exchange protocol

Author

Feng Hao and Dylan Clarke

Subjects

Password, Zero-knowledge password proof, Computer Networks and Communications, Computer science, Oakley protocol, Computer security, computer.software_genre, One-time password, Password strength, S/KEY, Authenticated Key Exchange, Challenge–response authentication, computer, Software, Information Systems

Abstract

Dragonfly is a password authenticated key exchange protocol that has been submitted to the Internet engineering task force as a candidate standard for general internet use. The authors analysed the security of this protocol and devised an attack that is capable of extracting both the session key and password from an honest party. This attack was then implemented and experiments were performed to determine the time-scale required to successfully complete the attack.

Published

2014

44. Securing Bluetooth Communication with Hybrid Pairing Protocol

Author

Yung-Cheol Byun, Bobby D. Gerardo, and J. T. Lalis

Subjects

Key-agreement protocol, Otway–Rees protocol, General Computer Science, business.industry, Computer science, Shared secret, Oakley protocol, Encryption, law.invention, Bluetooth, law, Key (cryptography), business, Key exchange, Computer network

Abstract

To improve the level of security of Bluetooth communication, a hybrid pairing protocol based on Diffie-Hellman Key Exchange protocol, MD5 and Hummingbird-2 is proposed. The developed hybrid pairing protocol adopted the DH Key agreement protocol to securely compute both parties’ shared secret key. MD5 hash function is used to solve the problem(s) caused by having a short PIN. This mechanism is integrated with the Hummingbird-2, a lightweight encryption algorithm, to further strengthen the pairing mechanism and at the same time, making it suitable for devices that has limited processing power and memory. This hybrid pairing protocol is expected to increase the security of the Bluetooth devices against known attacks, such as man-in-the-middle attack and eavesdropping, by combining these strong yet lightweight algorithms.

Published

2014

45. Buchmann-Williams Authenticated Key Agreement Protocol With Pre-shared Password

Author

Mohammed Ziane, Abdelmalek Azizi, and Soufiane Mezroui

Subjects

Key-agreement protocol, Encrypted key exchange, Zero-knowledge password proof, General Computer Science, Computer science, business.industry, General Engineering, Oakley protocol, Computer security, computer.software_genre, One-time password, S/KEY, Password strength, Diffie–Hellman key exchange, business, computer, Computer network

Abstract

Based on Buchmann-Williams key exchange protocol, a Buchmann-Williams Authenticated Key Agreement (BWAKA) protocol with pre-shared password is proposed. Its security relies on the Discrete Logarithm Problem over class groups of number fields. It provides identity authentication, perfect forward secrecy and key validation.

Published

2014

46. A chaotic map-based anonymous multi-server authenticated key agreement protocol using smart card

Author

Nai-Wei Lo and Jia-Lun Tsai

Subjects

Key-agreement protocol, Otway–Rees protocol, Computer Networks and Communications, computer.internet_protocol, business.industry, Computer science, Oakley protocol, Computer security, computer.software_genre, Neighbor Discovery Protocol, law.invention, Internet protocol suite, law, Authentication protocol, Internet Protocol, Real Time Streaming Protocol, Electrical and Electronic Engineering, business, computer, Computer network

Abstract

Authenticated key agreement protocols play an important role for network-connected servers to authenticate remote users in Internet environment. In recent years, several authenticated key agreement protocols for single-server environment have been developed based on chaotic maps. In modern societies, people usually have to access multiple websites or enterprise servers to accomplish their daily personal matters or duties on work; therefore, how to increase user's convenience by offering multi-server authentication protocol becomes a practical research topic. In this study, a novel chaotic map-based anonymous multi-server authenticated key agreement protocol using smart card is proposed. In this protocol, a legal user can access multiple servers using only a single secret key obtained from a trusted third party, known as the registration center. Security analysis shows this protocol is secure against well-known attacks. In addition, protocol efficiency analysis is conducted by comparing the proposed protocol with two recently proposed schemes in terms of computational cost during one authentication session. We have shown that the proposed protocol is twice faster than the one proposed by Khan and He while preserving the same security properties as their protocol has. Copyright © 2014 John Wiley & Sons, Ltd.

Published

2014

47. An efficient password-based three-party authenticated multiple key exchange protocol for wireless mobile networks

Author

Changhoon Lee, Hang Tu, Debiao He, Jongsung Kim, and Neeraj Kumar

Subjects

Zero-knowledge password proof, Otway–Rees protocol, Computer science, Oakley protocol, Computer security, computer.software_genre, One-time password, Theoretical Computer Science, S/KEY, Password strength, Universal composability, Elliptic curve cryptography, Key exchange, Key-agreement protocol, Password, Authentication, business.industry, ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, Password cracking, Authenticated Key Exchange, Wireless Transport Layer Security, Hardware and Architecture, business, computer, Software, Information Systems, Computer network

Abstract

With the rapid development of wireless mobile communication, the password-based three-party authenticated key exchange protocol has attracted an increasing amount of attention. To generate more session keys at one time for different applications, Li et al. proposed a password-based three-party authenticated multiple key exchange (3PAMKE) protocol for wireless mobile networks. They claimed that their protocol could withstand various attacks. In this paper, we will show Li et al.'s protocol is not secure off-line password guessing. Furthermore, we proposed an improved 3PAMKE protocol to overcome weakness in Li et al.'s protocol. Security analysis and performance analysis shows our protocol not only overcomes security weakness, but also has better performance. Therefore, our protocol is more suitable for wireless mobile networks.

Published

2014

48. A secure and efficient identity-based authenticated key exchange protocol for mobile client–server networks

Author

Mahmoud Ahmadian Attari and Mohammad Sabzinejad Farash

Subjects

Key-agreement protocol, Authentication, Interlock protocol, business.industry, Computer science, Key distribution, Mutual authentication, Oakley protocol, Computer security, computer.software_genre, Theoretical Computer Science, Key authentication, Authenticated Key Exchange, Diffie–Hellman key exchange, Elliptic curve, Hardware and Architecture, Authentication protocol, Session key, Elliptic curve cryptography, business, computer, Software, Key exchange, Information Systems, Computer network

Abstract

Recently, Chou et al. (J Supercomput 66(2): 973---988, 2013) proposed two identity-based key exchange protocols using elliptic curves for mobile environments. The first one is an two-party authentication key exchange protocol to establish a session key between a client and a remote server. The second one is an extended version for three-party setting to establish a session key between two clients with the help of a trusted server. However, this paper finds the first one vulnerable to impersonation attack and key-compromise impersonation attack, and the second one insecure against impersonation attack. To overcome the weaknesses, we propose an improved identity-based two-party authentication key exchange protocol using elliptic curves. The rigorous analysis shows that our scheme achieves more security than related protocols.

Published

2014

49. An efficient and provably secure three-party password-based authenticated key exchange protocol based on Chebyshev chaotic maps

Author

Mohammad Sabzinejad Farash and Mahmoud Ahmadian Attari

Subjects

Key-agreement protocol, Password, Zero-knowledge password proof, business.industry, Computer science, Applied Mathematics, Mechanical Engineering, Aerospace Engineering, Ocean Engineering, Oakley protocol, Computer security, computer.software_genre, Public-key cryptography, Authenticated Key Exchange, Diffie–Hellman key exchange, Control and Systems Engineering, Session key, Electrical and Electronic Engineering, business, computer

Abstract

Three-party password-based authenticated key exchange (3PAKE) protocols allow two clients to establish a secure session key through a server over an insecure channel. Recently, the 3PAKE protocols have been developed based on Chebyshev chaotic maps, in which the clients utilize smart cards to login into the server and employ server’s public key to ensure the identity of the server or symmetric cryptosystems to encrypt the messages. However, this paper describes an efficient chaos-based 3PAKE protocol without smart cards, which requires neither server’s public key nor symmetric cryptosystems. The security of the proposed 3PAKE protocol is proved in the random oracle model using the chaos-based decisional Diffie–Hellman assumption. In comparison with the existing chaos-based 3PAKE protocols, our protocol individually provides better performance in terms of communication, computation, and security aspects, and is supported by the formal proof in the random oracle model.

Published

2014

50. Cryptanalysis of smart-card-based password authenticated key agreement protocol for session initiation protocol of Zhang et al

Author

Qi Jiang, Jianfeng Ma, and Youliang Tian

Subjects

Challenge-Handshake Authentication Protocol, Session Initiation Protocol, Otway–Rees protocol, Computer Networks and Communications, computer.internet_protocol, Computer science, ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, Oakley protocol, Computer security, computer.software_genre, Authentication protocol, Wide Mouth Frog protocol, Electrical and Electronic Engineering, Reflection attack, Challenge–response authentication, computer

Abstract

As the core signaling protocol for multimedia services, such as voice over internet protocol, the session initiation protocol SIP is receiving much attention and its security is becoming increasingly important. It is critical to develop a roust user authentication protocol for SIP. The original authentication protocol is not strong enough to provide acceptable security level, and a number of authentication protocols have been proposed to strengthen the security. Recently, Zhang et al. proposed an efficient and flexible smart-card-based password authenticated key agreement protocol for SIP. They claimed that the protocol enjoys many unique properties and can withstand various attacks. However, we demonstrate that the scheme by Zhang et al. is insecure against the malicious insider impersonation attack. Specifically, a malicious user can impersonate other users registered with the same server. We also proposed an effective fix to remedy the flaw, which remedies the security flaw without sacrificing the efficiency. The lesson learned is that the authenticators must be closely coupled with the identity, and we should prevent the identity from being separated from the authenticators in the future design of two-factor authentication protocols. Copyright © 2014 John Wiley & Sons, Ltd.

Published

2014