Improvement of a Three-Party Password-Based Key Exchange Protocol with Formal Verification

Xie, Qi; Dong, Na; Tan, Xiao; Wong, Duncan S.; Wang, Guilin

doi:10.5755/j01.itc.42.3.1905

Cited by 14 publications

(12 citation statements)

References 20 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Applied p calculus is one of the dominant method belongs to a class of algebraic methods. ProVerif is an automated tool which make use of applied p calculus to verify cryptographic protocols [36]. ProVerif can verify trace equivalences like reachability, authentication and secrecy to prove a given protocol cannot reach to a bad state [37].…”

Section: Protocol Verification Using Proverifmentioning

confidence: 99%

A secure and efficient authenticated encryption for electronic payment systems using elliptic curve cryptography

Chaudhry

Farash

Naqvi

et al. 2015

Electron Commer Res

View full text Add to dashboard Cite

The use of e-payment system for electronic trade is on its way to make daily life more easy and convenient. Contrarily, there are a number of security issues to be addressed, user anonymity and fair exchange have become important concerns along with authentication, confidentiality, integrity and non-repudiation. In a number of existing e-payment schemes, the customer pays for the product before acquiring it. Furthermore, many such schemes require very high computation and communication costs. To address such issues recently Yang et al. proposed an authenticated encryption scheme and an e-payment scheme based on their authenticated encryption. They excluded the need of digital signatures for authentication. Further they claimed their schemes to resist replay, man-in-middle, impersonation and identity theft attack while providing confidentiality, authenticity, integrity and privacy protection. However our analysis exposed that Yang et al.'s both authenticated encryption scheme and e-payment system are vulnerable to impersonation attack. An adversary just having knowledge of public parameters can easily masquerade as a legal user. Furthermore, we proposed improved authenticated encryption and e-payment schemes to overcome weaknesses of Yang et al.'s schemes. We prove the security of our schemes using automated tool ProVerif. The & Mohammad Sabzinejad Farash improved schemes are more robust and more lightweight than Yang et al.'s schemes which is evident from security and performance analysis.

show abstract

Section: Protocol Verification Using Proverifmentioning

confidence: 99%

A secure and efficient authenticated encryption for electronic payment systems using elliptic curve cryptography

Chaudhry

Farash

Naqvi

et al. 2015

Electron Commer Res

View full text Add to dashboard Cite

show abstract

“…In this regard, different 3-PAKE and ECC-based schemes are reviewed to analyze the effectiveness, usefulness, and security strengths for providing reliable security solutions. Xie et al have proposed an ECC-based efficient 3-PAKE scheme [12] that overcomes the flaws mentioned above but suffers from offline password guessing attacks. Che et al have proposed modular exponentiation on an ECC-based 3-PAKE scheme [13] to make it more complicated for the attacker, but these operations require huge computational cost as compared to existing counterparts.…”

Section: Literature Reviewmentioning

confidence: 99%

Secure Authentication and Prescription Safety Protocol for Telecare Health Services Using Ubiquitous IoT

et al. 2017

View full text Add to dashboard Cite

Internet-of-Things (IoT) include a large number of devices that can communicate across different networks. Cyber-Physical Systems (CPS) also includes a number of devices connected to the internet where wearable devices are also included. Both systems enable researchers to develop healthcare systems with additional intelligence as well as prediction capabilities both for lifestyle and in hospitals. It offers as much persistence as a platform to ubiquitous healthcare by using wearable sensors to transfer the information over servers, smartphones, and other smart devices in the Telecare Medical Information System (TMIS). Security is a challenging issue in TMIS, and resourceful access to health care services requires user verification and confidentiality. Existing schemes lack in ensuring reliable prescription safety along with authentication. This research presents a Secure Authentication and Prescription Safety (SAPS) protocol to ensure secure communication between the patient, doctor/nurse, and the trusted server. The proposed procedure relies upon the efficient elliptic curve cryptosystem which can generate a symmetric secure key to ensure secure data exchange between patients and physicians after successful authentication of participants individually. A trusted server is involved for mutual authentication between parties and then generates a common key after completing the validation process. Moreover, the scheme is verified by doing formal modeling using Rubin Logic and validated using simulations in NS-2.35. We have analyzed the SAPS against security attacks, and then performance analysis is elucidated. Results prove the dominance of SAPS over preliminaries regarding mutual authentication, message integrity, freshness, and session key management and attack prevention.

show abstract

“…Bellovin and Merritt [2] proposed the first twoparty authenticated key exchange (2PAKE) protocol which is employed to establish a session key between two communication parties. After that, numerous 2PAKE protocols were presented for different communication environments [3][4][5][6][7][8][9][10][11][12]. However, 2PAKE protocols cannot be applied in large-scale peer-to-peer architecture since each user must store a different password for each partner it communicates with which may strain the storage capacity of the users.…”

Section: Introductionmentioning

confidence: 99%

A Three-Party Password-based Authenticated Key Exchange Protocol for Wireless Communications

Peng³

et al. 2015

ITC

View full text Add to dashboard Cite

A three-party password-based authenticated key exchange (3PAKE) protocol is an important cryptographic primitive which allows two entities to establish a session key with the help of a trusted server through an insecure channel. Recently, Farash and Attari (Information Technology and Control 43(2), 143-150, 2014) presented an improved 3PAKE protocol to erase the security flaws found in Tallapally's 3PAKE protocol (Information Technology and Control 41(1), 15-22, 2012). They claimed that their improved protocol could withstand many security attacks. However, we identified that Farash and Attari's protocol was still sensitive to the off-line password guessing attack which directly resulted in defencelessness to the impersonation attack. In order to cope with the loopholes of Farash and Attari's protocol, we proposed a modified 3PAKE protocol without using smart cards for wireless communications. We demonstrate that the proposed protocol can mitigate all the problems of the protocol of Farash and Attari and possess more security properties. In addition, we make a comparison among the proposed protocol and the other related protocols regarding the performance and security properties.

show abstract

Improvement of a Three-Party Password-Based Key Exchange Protocol with Formal Verification

Cited by 14 publications

References 20 publications

A secure and efficient authenticated encryption for electronic payment systems using elliptic curve cryptography

A secure and efficient authenticated encryption for electronic payment systems using elliptic curve cryptography

Secure Authentication and Prescription Safety Protocol for Telecare Health Services Using Ubiquitous IoT

A Three-Party Password-based Authenticated Key Exchange Protocol for Wireless Communications

Contact Info

Product

Resources

About