PB-3PAKA: Password-based three-party authenticated key agreement protocol for mobile devices in post-quantum environments

Islam, SK Hafizul; Basu, Swagatam

doi:10.1016/j.jisa.2021.103026

Cited by 10 publications

(21 citation statements)

References 21 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Recently, Islam and Basu [24] developed an authenticated key exchange system for mobile devices in which a server facilitates the establishment of a session key between two parties. Through the help of a reliable party, users who want to communicate first check in to a server using their password, from there the session key is formed between users.…”

Section: Related Workmentioning

confidence: 99%

“…A review of many three-party authenticated key agreement systems has shown that very few of them are resistant to quantum computing. As the first attempt to provide a three-party authenticated key agreement mechanism for this purpose is the protocol by Islam et al [24]. But, the approach proposed by him is vulnerable to several threats, including password guessing, smartcard theft, impersonation, and compromises of user anonymity and traceability also their scheme takes maximum number (6 times) of message exchange in authentication and key agreement phase.…”

Section: Motivationmentioning

confidence: 99%

See 1 more Smart Citation

A Robust Lattice Based Post-Quantum Three-Party Key Exchange Scheme for Mobile Devices

Singh,

Chandra,

Rana

2024

Preprint

View full text Add to dashboard Cite

In this work, we provide a unique post-quantum three-party key exchange protocol that makes use of the ring learning with error assumption. This protocol is inspired by the authenticated key exchange protocol developed by Rewal et. al [1]. We revisit the recently suggested system by Rewal et. al. [1], which is a communication efficient three-party password authenticated key exchange, in which we found that scheme is not fully correct and also demonstrate that scheme is not safe from user's anonymity assaults. We provide a enhanced scheme that is both effective and resistant to the mentioned assault. We also demonstrate its security in a ROM (Random Oracle Model). A comparison analysis that includes performance and security evaluations is also provided, proving the suitability of the suggested design.

show abstract

Section: Related Workmentioning

confidence: 99%

Section: Motivationmentioning

confidence: 99%

A Robust Lattice Based Post-Quantum Three-Party Key Exchange Scheme for Mobile Devices

Singh,

Chandra,

Rana

2024

Preprint

View full text Add to dashboard Cite

show abstract

“…The parameters are chosen based on Ding, Cheng & Qin (2022) and the reconciliation’s upper limit. The calculation model of Islam & Basu (2021) is used to obtain the running time comparison results of Ding, Cheng & Qin (2022) and the BiGISIS.PAKE schemes. In Ding, Cheng & Qin (2022) , Sony Xperia XP with Qualcomm MSM8996 1.5 GHz CPU and 3 GB RAM was used for m´.…”

Section: Comparisonmentioning

confidence: 99%

“…The security analysis of the proposed PAKE, which provides key reusability, anonymity, and PFS, was performed in the RoR model by examining attack resistance such as PDA, SLA, and MBA. In Islam & Basu (2021) , a three-party and four-phase lattice-based PAKE scheme for mobile devices was proposed. Based on the hardness of the RLWE problem, the authentication was obtained using a timestamp and password.…”

Section: Introductionmentioning

confidence: 99%

A new lattice-based password authenticated key exchange scheme with anonymity and reusable key

Seyhan,

Akleylek

2024

PeerJ Computer Science

View full text Add to dashboard Cite

In this article, we propose a novel bilateral generalization inhomogenous short integer solution (BiGISIS)-based password-authenticated key exchange (PAKE) scheme for post-quantum era security. The hardness assumption of the constructed PAKE is based on newly proposed hard lattice problem, BiGISIS. The main aim of this article is to provide a solution for the post-quantum secure PAKE scheme, which is one of the open problems in the literature. The proposed PAKE is the first BiGISIS-based PAKE that satisfies anonymity and reusable key features. The bilateral-pasteurization (BiP) approach is used to obtain the reusable key, and anonymity is achieved thanks to the additional identity components and hash functions. The reusable key structure reduces the time in the key generation, and anonymity prevents illegal user login attempts. The security analysis is done by following the real-or-random (RoR) model assumptions. As a result of security examinations, perfect forward secrecy (PFS) and integrity are satisfied, and the resistance against eavesdropping, manipulation-based attack (MBA), hash function simulation, impersonation, signal leakage attack (SLA), man-in-the-middle (MitM), known-key security (KKS), and offline password dictionary attack (PDA) is captured. According to the comparison analysis, the proposed PAKE is the first SLA-resistant lattice-based PAKE with reusable key and anonymity properties.

show abstract

“…An improved version of Dabra, Bala & Kumari (2020) with a practical randomized KE approach is proposed in Ding, Cheng & Qin (2022) to capture signal leakage attack resistance. In Islam & Basu (2021) , a four-phase RLWE-based PAKE was constructed for two mobile devices-one server communication model. The security-related examinations were done by following ROM definitions.…”

Section: Introductionmentioning

confidence: 99%

Password authenticated key exchange-based on Kyber for mobile devices

Seyhan,

Akleylek,

Dursun

2024

PeerJ Computer Science

View full text Add to dashboard Cite

In this article, a password-authenticated key exchange (PAKE) version of the National Institute of Standards and Technology (NIST) post-quantum cryptography (PQC) public-key encryption and key-establishment standard is constructed. We mainly focused on how the PAKE version of PQC standard Kyber with mobile compatibility can be obtained by using simple structured password components. In the design process, the conventional password-based authenticated key exchange (PAK) approach is updated under the module learning with errors (MLWE) assumptions to add password-based authentication. Thanks to the following PAK model, the proposed Kyber.PAKE provides explicit authentication and perfect forward secrecy (PFS). The resistance analysis against the password dictionary attack of Kyber.PAKE is examined by using random oracle model (ROM) assumptions. In the security analysis, the cumulative distribution function (CDF) Zipf (CDF-Zipf) model is also followed to provide realistic security examinations. According to the implementation results, Kyber.PAKE presents better run-time than lattice-based PAKE schemes with similar features, even if it contains complex key encapsulation mechanism (KEM) components. The comparison results show that the proposed PAKE scheme will come to the fore for the future security of mobile environments and other areas.

show abstract

PB-3PAKA: Password-based three-party authenticated key agreement protocol for mobile devices in post-quantum environments

Cited by 10 publications

References 21 publications

A Robust Lattice Based Post-Quantum Three-Party Key Exchange Scheme for Mobile Devices

A Robust Lattice Based Post-Quantum Three-Party Key Exchange Scheme for Mobile Devices

A new lattice-based password authenticated key exchange scheme with anonymity and reusable key

Password authenticated key exchange-based on Kyber for mobile devices

Contact Info

Product

Resources

About