Finding and fixing vulnerabilities in several three-party password authenticated key exchange protocols without server public keys

Xiong, Hu; Chen, Yanan; Guan, Zhi; Chen, Zhong

doi:10.1016/j.ins.2013.02.004

Cited by 19 publications

(19 citation statements)

References 21 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In this section, we describe our biometric‐based privacy preserving 3PAKA scheme, which involves three parties in the communication: two users A and B , and the server S (shown in Table IV, Section 3.4) as in . Our 3PAKA scheme consists of six phases, namely, initialization phase, registration phase, login phase, authentication and key agreement phase, revocation and re‐registration phase, and password and biometric update phase.…”

Section: Our Proposed Schemementioning

confidence: 99%

“…In this section, we compare the communication and computation overheads, and functionality features of our scheme with the related existing schemes: the schemes of Xiong et al , , Yang et al , , Pu et al , , and Lin et al , .…”

Section: Performance Comparison With Related Existing Schemesmentioning

confidence: 99%

“…The security level of 160‐bit ECC is almost the same as the security level of 1024‐bit RSA‐based cryptosystem . We assume that the computational Diffie–Hellman problem is defined over the finite field Z q , where the bit length of prime q is 1024 bits for the schemes in , and . In Table , we have compared the communication overhead among our scheme and other schemes for the login and authentication and key agreement phases.…”

Section: Performance Comparison With Related Existing Schemesmentioning

confidence: 99%

“…Xiong et al . pointed out that the three‐party authenticated key agreement schemes without the server's public key are vulnerable to KCI attack.…”

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

An efficient biometric‐based privacy‐preserving three‐party authentication with key agreement protocol using smart cards

Odelu

Das

Goswami

2015

Security Comm Networks

View full text Add to dashboard Cite

In communication systems, authentication protocols play an important role in protecting sensitive information against a malicious adversary by means of providing a variety of services such as mutual authentication, user credentials' privacy, and user revocation facility when the smart card of the user is lost/stolen or user's authentication parameters are revealed. Recently, several three-party authentication with key agreement (3PAKA) schemes are proposed in the literature, but most of them do not provide the basic security requirements such as user anonymity as well as user revocation and reregistration with the same identity. Thus, we feel that there is a great need to design a secure 3PAKA scheme with these security properties. In this paper, we propose a new secure biometric-based privacy-preserving 3PAKA scheme using the elliptic curve cryptography with efficient mechanism for the user revocation and re-registration with the same identity. The formal security analysis using the widely accepted Burrows-Abadi-Needham logic shows that our scheme provides secure authentication. In addition, we simulate our scheme for the formal security verification using the widely accepted Automated Validation of Internet Security Protocols and Applications tool. The simulation results show that our scheme is secure against passive and active attacks. Furthermore, our scheme is efficient as compared with other related schemes. Our scheme provides high security along with low computation and communication costs, and extra features as compared with other related existing schemes in the literature, and as a result, our scheme is suitable for battery-limited mobile devices. An efficient biometric-based three-party authentication protocol Security Comm. Networks 2015; 8:4136-4156 An efficient biometric-based three-party authentication protocol ECDLP assumption: There exists no (t, )-ECDLP distinguisher for E p (a, b). Thus, for every D, Adv ECDLP D,E p (a,b) (t) Ä , for any sufficiently small > 0. Security Comm. Networks 2015; 8:4136-4156An efficient biometric-based three-party authentication protocol Figure 4. Role specification in HLPSL for the session, goal and environment.

show abstract

Section: Our Proposed Schemementioning

confidence: 99%

Section: Performance Comparison With Related Existing Schemesmentioning

confidence: 99%

Section: Performance Comparison With Related Existing Schemesmentioning

confidence: 99%

“…Xiong et al . pointed out that the three‐party authenticated key agreement schemes without the server's public key are vulnerable to KCI attack.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

An efficient biometric‐based privacy‐preserving three‐party authentication with key agreement protocol using smart cards

Odelu

Das

Goswami

2015

Security Comm Networks

View full text Add to dashboard Cite

show abstract

“…Many protocols [5][6][7][8][9], as extensions of the EKE protocol, were proposed, and their security was analyzed heuristically. Since then, numerous 3PAKE protocols with rigorous security proof were given out [12][13][14]. Since then, numerous 3PAKE protocols with rigorous security proof were given out [12][13][14].…”

Section: Introductionmentioning

confidence: 99%

Universally composable three‐party password‐authenticated key exchange with contributiveness

Zhang

2014

Int J Communication

View full text Add to dashboard Cite

Three-party password-authenticated key exchange (3PAKE) allows two clients, each sharing a password with a trusted server, to establish a session key with the help of the server. It is a quite practical mechanism for establishing secure channels in a large communication network. However, most current 3PAKE protocols are analyzed in security models that do not adequately address protocol composition problem. In this paper, an ideal functionality for 3PAKE within the universal composability framework is defined, which not only provides security guarantees under arbitrary composition with other protocols but also achieves contributiveness and explicit authentication. Moreover, we propose a generic construction of contributory 3PAKE protocol and prove that it securely realizes the ideal functionality in the static corruption model.

show abstract

Cryptanalysis and improvement of a three‐party password‐based authenticated key exchange protocol with user anonymity using extended chaotic maps

Farash

Attari

Kumari

2014

Int J Communication

View full text Add to dashboard Cite

Three-party password-authenticated key exchange (3PAKE) protocols allow two clients to agree on a secret session key through a server via a public channel. 3PAKE protocols have been designed using different arithmetic aspects including chaotic maps. Recently, Lee et al. proposed a 3PAKE protocol using Chebyshev chaotic maps and claimed that their protocol has low computation and communication cost and can also resist against numerous attacks. However, this paper shows that in spite of the computation and communication efficiency of the Lee et al. protocol, it is not secure against the modification attack. To conquer this security weakness, we propose a simple countermeasure, which maintains the computation and communication efficiency of the Lee et al. protocol.of 10 S AB D h.SKjjAjjB/. If it holds, both server S and user B are authenticated and the common session key SK is agreed upon.

show abstract

Finding and fixing vulnerabilities in several three-party password authenticated key exchange protocols without server public keys

Cited by 19 publications

References 21 publications

An efficient biometric‐based privacy‐preserving three‐party authentication with key agreement protocol using smart cards

An efficient biometric‐based privacy‐preserving three‐party authentication with key agreement protocol using smart cards

Universally composable three‐party password‐authenticated key exchange with contributiveness

Cryptanalysis and improvement of a three‐party password‐based authenticated key exchange protocol with user anonymity using extended chaotic maps

Contact Info

Product

Resources

About