Universally composable three‐party password‐authenticated key exchange with contributiveness

Hu, Xuexian; Zhang, Zhenfeng; Zhang, Qihui

doi:10.1002/dac.2746

Cited by 5 publications

(4 citation statements)

References 29 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Compared with user authentication schemes [2,25,26,13] that are solely based on password, the two-factor authentication scheme based on password and smart card, as its name suggests, provides stronger security guarantee. Concretely, in the setting of this kind of authentication scheme, each user holds a password with low entropy and a smart card storing some secret values.…”

Section: Introductionmentioning

confidence: 99%

Security Enhanced and Cost-effective User Authentication Scheme for Wireless Sensor Networks

Liu¹,

Zhou²,

Wei³

et al. 2018

ITC

Self Cite

View full text Add to dashboard Cite

Due to its significant advantages, wireless sensor networks (WSNs) are now widely deployed in various areas to collect and transmit the required data. To ensure only authorized users can login to WSNs, many user authentication schemes based on password and smart card have been proposed. Most recently, Farash et al. and Kumari et al. subsequently proposed an efficient user authentication and key agreement scheme for WSNs, respectively. Even though the two above schemes are claimed to be secure under reasonable assumptions, we find that they, in fact, cannot resist offline password guessing attack when the secret values stored in the smart card are revealed, and also fail to provide forward secrecy. To overcome these security weaknesses, we propose Information Technology and Control 2018/2/47 276 a novel user authentication scheme for WSNs by introducing Diffie-Hellman key exchange. The security analysis and performance discussion demonstrate that the proposed scheme is secure against various well known attacks, and also is efficient enough. Thus, it is more desirable for securing communications in WSMs.

show abstract

Section: Introductionmentioning

confidence: 99%

Security Enhanced and Cost-effective User Authentication Scheme for Wireless Sensor Networks

Liu¹,

Zhou²,

Wei³

et al. 2018

ITC

Self Cite

View full text Add to dashboard Cite

show abstract

“…Authenticated key exchange (AKE) and broadcast authentication (BA) protocols are cryptographic protocols that can assure the security of unicast and broadcast communications, respectively. In AKE protocols, 2 communicating parties are mutually authenticated; then a key is shared between them for encrypting the transmitted data to provide data confidentiality . Also, since the broadcasted commands by the utility to the smart meters through broadcast communication are critical, the smart meters must be assured that the received commands are broadcasted from an authorized entity and have not been altered.…”

Section: Introductionmentioning

confidence: 99%

“…In AKE protocols, 2 communicating parties are mutually authenticated; then a key is shared between them for encrypting the transmitted data to provide data confidentiality. [3][4][5][6][7] Also, since the broadcasted commands by the utility to the smart meters through broadcast communication are critical, the smart meters must be assured that the received commands are broadcasted from an authorized entity and have not been altered. Therefore, BA protocols are required to authenticate the broadcaster and the broadcasted messages.…”

Section: Introductionmentioning

confidence: 99%

PUF‐based solutions for secure communications in Advanced Metering Infrastructure (AMI)

Delavar

Mirzakuchaki

Ameri

et al. 2016

Int J Communication

View full text Add to dashboard Cite

Advanced metering infrastructure (AMI) provides 2‐way communications between the utility and the smart meters. Developing authenticated key exchange (AKE) and broadcast authentication (BA) protocols is essential to provide secure communications in AMI. The security of all existing cryptographic protocols is based on the assumption that secret information is stored in the nonvolatile memories. In the AMI, the attackers can obtain some or all of the stored secret information from memories by a great variety of inexpensive and fast side‐channel attacks. Thus, all existing AKE and BA protocols are no longer secure. In this paper, we investigate how to develop secure AKE and BA protocols in the presence of memory attacks. As a solution, we propose to embed a physical unclonable function (PUF) in each party, which generates the secret values as required without the need to store them. By combining PUFs and 2 well‐known and secure protocols, we propose PUF‐based AKE and BA protocols. We show that our proposed protocols are memory leakage resilient. In addition, we prove their security in the standard model. Performance analysis of both protocols shows their efficiency for AMI applications. The proposed protocols can be easily implemented.

show abstract

“…Because each client needs to remember a separate password for each partner, for a large number of clients, it may overweigh the storage capacity of the clients. To avoid this problem, PAKE protocols have been developed for setting between three parties (in short, 3PAKE) . In a 3PAKE protocol, a trusted server mediates between two communication clients, and each client only has to share a memorable password with the server.…”

Section: Introductionmentioning

confidence: 99%

Cryptanalysis and improvement of a three‐party password‐based authenticated key exchange protocol with user anonymity using extended chaotic maps

Farash

Attari

Kumari

2014

Int J Communication

View full text Add to dashboard Cite

Three-party password-authenticated key exchange (3PAKE) protocols allow two clients to agree on a secret session key through a server via a public channel. 3PAKE protocols have been designed using different arithmetic aspects including chaotic maps. Recently, Lee et al. proposed a 3PAKE protocol using Chebyshev chaotic maps and claimed that their protocol has low computation and communication cost and can also resist against numerous attacks. However, this paper shows that in spite of the computation and communication efficiency of the Lee et al. protocol, it is not secure against the modification attack. To conquer this security weakness, we propose a simple countermeasure, which maintains the computation and communication efficiency of the Lee et al. protocol.of 10 S AB D h.SKjjAjjB/. If it holds, both server S and user B are authenticated and the common session key SK is agreed upon.

show abstract

Universally composable three‐party password‐authenticated key exchange with contributiveness

Cited by 5 publications

References 29 publications

Security Enhanced and Cost-effective User Authentication Scheme for Wireless Sensor Networks

Security Enhanced and Cost-effective User Authentication Scheme for Wireless Sensor Networks

PUF‐based solutions for secure communications in Advanced Metering Infrastructure (AMI)

Cryptanalysis and improvement of a three‐party password‐based authenticated key exchange protocol with user anonymity using extended chaotic maps

Contact Info

Product

Resources

About