KSII Transactions on Internet and Information Systems (TIIS)

Korean Society for Internet Information (한국인터넷정보학회)
권호 표지
DOI QR코드

DOI QR Code

A Lightweight Three-Party Privacy-preserving Authentication Key Exchange Protocol Using Smart Card

  • Li, Xiaowei (State Key Laboratory of Integrated Services Networks, Xidian University) ;
  • Zhang, Yuqing (State Key Laboratory of Integrated Services Networks, Xidian University) ;
  • Liu, Xuefeng (State Key Laboratory of Integrated Services Networks, Xidian University) ;
  • Cao, Jin (State Key Laboratory of Integrated Services Networks, Xidian University)
  • Received : 2012.12.03
  • Accepted : 2013.04.13
  • Published : 2013.05.30
Download PDF
⟨ Previous Next ⟩

Abstract

How to make people keep both the confidentiality of the sensitive data and the privacy of their real identity in communication networks has been a hot topic in recent years. Researchers proposed privacy-preserving authenticated key exchange protocols (PPAKE) to answer this question. However, lots of PPAKE protocols need users to remember long secrets which are inconvenient for them. In this paper we propose a lightweight three-party privacy-preserving authentication key exchange (3PPAKE) protocol using smart card to address the problem. The advantages of the new 3PPAKE protocol are: 1. The only secrets that the users need to remember in the authentication are their short passwords; 2. Both of the users can negotiate a common key and keep their identity privacy, i.e., providing anonymity for both users in the communication; 3. It enjoys better performance in terms of computation cost and security. The security of the scheme is given in the random oracle model. To the best of our knowledge, the new protocol is the first provably secure authentication protocol which provides anonymity for both users in the three-party setting.

Keywords

References

  1. D. Harkins and D. Carreal, "The Internet Key-Exchange (IKE)," RFC 2409, 1998. http://www.ietf.org/rfc/rfc2409.txt
  2. L. Law, A. Menezes, M. Qu, J. Solinas and S. Vanstone, "An efficient protocol for authenticated key agreement," Designs, Codes and Cryptography, vol. 28, no. 2, pp.119-134, March, 2003. https://doi.org/10.1023/A:1022595222606
  3. W. Aiello, S. Bellovin, M. Blaze, R. Canetti, J. Ioannidis, A. Keromytis and O. Reingold, "Just fast keying: key agreement in a hostile Internet," ACM Transactions on Information and System Security, vol. 7, no. 2, pp. 1-30, May, 2004. https://doi.org/10.1145/984334.984335
  4. Z. Cheng, L. Chen, R. Comley and Q. Tang, "Identity-based key agreement with unilateral identity privacy using pairings," in Proc. of Information Security Practice and Experience, pp.202-213,April 11-14, 2006.
  5. M. Bellare, P. Rogaway, Entity authentication and key distribution, in Proc. of CRYPTO, pp. 232-249, August 22-26, 1993.
  6. C.C. Lee, M.S. Hwang and I.E. Liao, "Security enhancement on a new authentication scheme with anonymity for wireless environments," IEEE Transactions on Industrial Electronics, vol. 53, no.5, pp.1683-1687, October, 2006.
  7. J. Katz, R. Ostrovsky and M. Yung, "Efficient Password-Authenticated Key Exchange Using Human-Memorable Passwords," in Proc. of EUROCRYPT, pp.475-494, May 6-10, 2001.
  8. E. Bresson, O. Chevassut and D. Pointcheval, "Group Diffie-Hellman Key Exchange Secure against Dictionary Attacks," in Proc. of ASIACRYPT, pp.497-514, December 1-5, 2002.
  9. M. Abdalla and D. Pointcheval, "A Scalable Password-Based Group Key Exchange Protocol in the Standard Model," in Proc. of ASIACRYPT, pp.332-347, December 3-7, 2006.
  10. S.M. Bellovin and M. Merritt, "Encrypted key exchange: Password-based protocols secure against dictionary attacks," in Proc. of 13th IEEE Symposium on Security and Privacy, pp.72-84, May 4-6, 1992.
  11. R. Lu and Z. Cao, "Simple three-party key exchange protocol," Computers and Security, vol.26, no.1, pp. 94-97, February, 2007.
  12. T.Y. Chang, M.S. Hwang and W.P. Yang, "A communication-efficient three-party password authenticated key exchange protocol," Information Sciences, vol.181, no.1, pp.17-226, January , 2011.
  13. M. Abdalla, P.A. Fouque and D. Pointcheval, "Password-based authenticated key exchange in the three-party setting," in Proc. of Public Key Cryptography, pp. 65-84, January, 2005.
  14. W. Wang and L. Hu, "Efficient and provably secure generic construction of three-party password-based authenticated key exchange protocols," in Proc. of INDOCRYPT, pp. 118-132, December 11-13, 2006.
  15. W.S. Juang, S.T. Chen and H.T. Liaw, "Robust and efficient passwordauthenticated key agreement using smart cards," IEEE Trans. Ind. Electron., vol. 55, no. 6, pp. 2551-2556, May 2008. https://doi.org/10.1109/TIE.2008.921677
  16. D.Z. Sun, J.P. Huai, J.Z. Sun, J.X. Li, J.W. Zhang and Z.Y. Feng, "Improvements of Juang et al.'s password-authenticated key agreement scheme using smart cards," IEEE Transaction on Industrial Electronics, vol 56, no.6, pp. 2284-2291, June, 2009. https://doi.org/10.1109/TIE.2009.2016508
  17. X. Li and Y. Zhang, "A simple and robust anonymous two-factor authenticated key exchange protocol," Security and Communication Networks, published online, http://onlinelibrary.wiley.com/doi/10.1002/sec.605/abstract, August, 2012.
  18. W.S. Juang, C.L. Lei, H.T. Liaw and W.K. Nien, "Robust and efficient three-party user authentication and key agreement using bilinear pairings", Int. J. Innovative Computing, Information and Control, vol. 6, no. 2, pp. 763-772, February, 2010. http://www.ijicic.org/08-312-1.pdf
  19. C.C. Lee, C.T. Li and C.W. Hsu, "A Three-party Password-based Authenticated Key Exchange Protocol with User Anonymity using Extended Chaotic Maps," Nonlinear Dynamics,
  20. C.C. Lee, S.D. Chen and C.L. Chen, "A Computation-Efficient Three-Party Encrypted Key Exchange Protocol," Applied Mathematics & Information Sciences, vol. 6, no. 3 pp. 573-579, September, 2012. http://naturalspublishing.com/ArtcIss.asp?ArtcID=710
  21. C.C. Lee, R.X. Chang and H.J. Ko, "Improving Two Novel Three-party Encrypted Key Exchange Protocols with Perfect Forward Secrecy," International Journal of Foundations of Computer Science, vol. 21, no. 6, pp. 979-991, December. 2010. https://doi.org/10.1142/S0129054110007672
  22. C.C. Lee and Y.F. Chang, "On Security of a Practical Three-party Key Exchange Protocol with Round Efficiency," Information Technology and Control, vol. 37, no. 4, pp.333-335, December. 2008. http://itc.ktu.lt/itc374/Lee374.pdf
  23. M. Bellare, D. Pointcheval and P. Rogaway, "Authenticated key exchange secure against dictionary attacks," in Proc. of EUROCRYPT, pp. 139-155, August 14-18 2000.
  24. T.Y. Wu and Y.M. Tseng, "An efficient user authentication and key exchange protocol for mobile client-server environment," Computer Networks, vol. 54, no. 9, pp. 1520-1530, June, 2010. https://doi.org/10.1016/j.comnet.2009.12.008
  25. Shamus Software, http://certivox.com/solutions/miracl-crypto-sdk/

Cited by

  1. A Secure and Efficient Remote User Authentication Scheme for Multi-server Environments Using ECC vol.8, pp.8, 2014, https://doi.org/10.3837/tiis.2014.08.021
  2. Untraceable biometric-based three-party authenticated key exchange for dynamic systems vol.11, pp.3, 2013, https://doi.org/10.1007/s12083-017-0584-2