×

Simple password-based three-party authenticated key exchange without server public keys. (English) Zbl 1192.68076

Summary: Password-based three-party authenticated key exchange protocols are extremely important to secure communications and are now extensively adopted in network communications. These protocols allow users to communicate securely over public networks simply by using easy-to-remember passwords. In considering authentication between a server and user, this study categorizes password-based three-party authenticated key exchange protocols into explicit server authentication and implicit server authentication. The former must achieve mutual authentication between a server and users while executing the protocol, while the latter only achieves authentication among users. This study presents two novel, simple and efficient three-party authenticated key exchange protocols. One protocol provides explicit server authentication, and the other provides implicit server authentication. The proposed protocols do not require server public keys. Additionally, both protocols have proven secure in the random oracle model. Compared with existing protocols, the proposed protocols are more efficient and provide greater security.

MSC:

68M12 Network protocols
68P25 Data encryption (aspects in computer science)
94A62 Authentication, digital signatures and secret sharing
PDFBibTeX XMLCite
Full Text: DOI

References:

[3] Abdalla, M.; Fouque, P.-A.; Pointcheval, D., Password-based authenticated key exchange in the three-party setting, IEE Proceedings - Information Security, 153, 1, 27-39 (2006)
[5] Bellare, M.; Kilian, J.; Rogaway, P., The security of the cipher block chaining message authentication code, Journal of Computer and System Sciences, 61, 3, 362-399 (2000) · Zbl 0970.68054
[6] Bellare, M.; Pointcheval, D.; Rogaway, P., Authenticated key exchange secure against dictionary attacks, Advances in Cryptology - Eurocrypt, 2000, 139-155 (2000) · Zbl 1082.94533
[11] Chung, H.-R.; Ku, W.-C., Three weaknesses in a simple three-party key exchange protocol, Information Sciences, 178, 220-229 (2008) · Zbl 1126.68319
[12] Diffie, W.; Hellman, M., New directions in cryptography, IEEE Transactions on Information Theory, 22, 6, 644-654 (1976) · Zbl 0435.94018
[13] Ding, Y.; Horster, P., Undetectable on-line password guessing attacks, ACM Operating Systems Review, 29, 4, 77-86 (1995)
[14] Gong, L., Efficient network authentication protocols: lower bounds and implementations, Distributed Computing, 9, 3, 131-145 (1995) · Zbl 1448.68052
[16] Guo, H.; Li, Z.; Mu, Y.; Zhang, X., Cryptanalysis of simple three-party key exchange protocol, Computers and Security, 27, 16-21 (2008)
[17] Kim, H.-S.; Choi, J.-Y., Enhanced password-based simple three-party key exchange protocol, Computers and Electrical Engineering, 35, 1, 107-114 (2009) · Zbl 1162.68368
[18] Kwon, T.; Kang, M.; Jung, S.; Song, J., An improvement of the password-based authentication protocol (K1P) on security against replay attacks, IEICE Transactions on Communications, E82-B, 7, 991-997 (1999)
[19] Kwon, T.; Song, J., Efficient key exchange and authentication protocols protecting weak secrets, IEICE Trans. Fundamentals, E81-A, 1, 156-163 (1998)
[20] Lee, T.-F.; Hwang, T.; Lin, C.-L., Enhanced three-party encrypted key exchange without server public keys, Computers and Security, 23, 7, 571-577 (2004)
[21] Lin, C.-L.; Sun, H.-M.; Hwang, T., Three-party encrypted key exchange: attacks and a solution, ACM Operating Systems Review, 34, 4, 12-20 (2000)
[22] Lin, C.-L.; Sun, H.-M.; Steiner, M.; Hwang, T., Three-party encrypted key exchange without server public-keys, IEEE Communications Letters, 5, 12, 497-499 (2001)
[23] Lu, R.; u Cao, Z., Simple three-party key exchange protocol, Computers and Security, 26, 1, 94-97 (2007)
[24] Phan, R. C.-W.; Yau, W.-C.; Goi, B.-M., Cryptanalysis of simple three-party key exchange protocol (S-3PAKE), Information Sciences, 178, 13, 2849-2856 (2008) · Zbl 1256.94073
This reference list is based on information provided by the publisher or from digital mathematics libraries. Its items are heuristically matched to zbMATH identifiers and may contain data conversion errors. In some cases that data have been complemented/enhanced by data from zbMATH Open. This attempts to reflect the references listed in the original paper as accurately as possible without claiming completeness or a perfect matching.