Evaluating Three Party Authentication and Key Agreement Protocols Using IP Multimedia Server–Client Systems

Since the technologies of Internet and wireless communication have grown tremendously in the past, people have always occupied of some security sensitive wireless devices for the Internet services, such as voice call, instant messaging, online game, electronic banking, electronics trading and so on. Over a few decades, session key sharing has been used as a promising strategy for two/three parties authentication. In addition, several authentication and key agreement (AKA) protocols have been developed, but then very few protocols have been dedicated for the IP multimedia domain. In the literature, the 3-PAKE schemes, such as Xie et al., Xiong et al., Tallapally, Hsieh et al. and Tseng et al. have thoroughly been studied for the identification of its security weaknesses. Following are the security weaknesses of 3-PAKE schemes, namely user anonymity, known-key security, mutual authentication, (perfect) forward secrecy and so on. In addition, the existing schemes can not withstand for the attacks, like modification, key-impersonation, parallel-session, privileged-insider and so on. Thus, this paper presents a novel three party authentication and key agreement protocol based on computational Diffie–Hellman which not only fulfills all the security properties of AKA, but also provides the resiliency to the most of the potential attacks. Since the proposed 3-PAKE scheme has less computational overhead, it is able to curtail all the hop-by-hop security association defined by the standard of third generation partnership project. Above all, a real time multimedia server and client systems have been designed and developed for the purpose of average end-to-end delay analysis. The examination result is shown that the proposed 3-PAKE scheme can offer better service extensibility than the other 3-PAKE schemes, since it has the minimum message rounds to be executed for the establishment of service connection.

[1]  Steven M. Bellovin,et al.  Encrypted key exchange: password-based protocols secure against dictionary attacks , 1992, Proceedings 1992 IEEE Computer Society Symposium on Research in Security and Privacy.

[2]  Tzonelih Hwang,et al.  Provably secure three-party password-based authenticated key exchange protocol using Weil pairing , 2005 .

[3]  Eun-Jun Yoon,et al.  Cryptanalysis of a simple three-party password-based key exchange protocol , 2011, Int. J. Commun. Syst..

[4]  Li Gong,et al.  Optimal authentification protocols resistant to password guessing attacks , 1995, Proceedings The Eighth IEEE Computer Security Foundations Workshop.

[5]  Wei-Chi Ku,et al.  Three weaknesses in a simple three-party key exchange protocol , 2008, Inf. Sci..

[6]  Sk Hafizul Islam,et al.  An improved ID - based client authentication with key agreement scheme on ECC for mobile client - server environments , 2012 .

[7]  Antoine Joux,et al.  A One Round Protocol for Tripartite Diffie–Hellman , 2000, Journal of Cryptology.

[8]  Yuh-Min Tseng,et al.  An Efficient Two-Party Identity-Based Key Exchange Protocol , 2007, Informatica.

[9]  Raphael C.-W. Phan,et al.  Cryptanalysis of simple three-party key exchange protocol (S-3PAKE) , 2008, Inf. Sci..

[10]  Gene Tsudik,et al.  Refinement and extension of encrypted key exchange , 1995, OPSR.

[11]  Hung-Min Sun,et al.  Secure key agreement protocols for three-party against guessing attacks , 2005, J. Syst. Softw..

[12]  Chia-Mei Chen,et al.  Communication-efficient three-party protocols for authentication and key agreement , 2009, Comput. Math. Appl..

[13]  Hyun-Kyu Kang,et al.  An off-line dictionary attack on a simple three-party key exchange protocol , 2009, IEEE Commun. Lett..

[14]  Der-Chyuan Lou,et al.  Efficient three-party password-based key exchange scheme , 2011, Int. J. Commun. Syst..

[15]  Zhang Rui,et al.  A More Secure Authentication Scheme for Telecare Medicine Information Systems , 2012, Journal of medical systems.

[16]  Zhenfu Cao,et al.  Simple three-party key exchange protocol , 2007, Comput. Secur..

[17]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[18]  Tzonelih Hwang,et al.  On 'a simple three-party password-based key exchange protocol' , 2011, Int. J. Commun. Syst..

[19]  Jerome H. Saltzer,et al.  Protecting Poorly Chosen Secrets from Guessing Attacks , 1993, IEEE J. Sel. Areas Commun..

[20]  G. P. Biswas,et al.  Improved remote login scheme based on ECC , 2011, 2011 International Conference on Recent Trends in Information Technology (ICRTIT).

[21]  Raylin Tso Security analysis and improvements of a communication-efficient three-party password authenticated key exchange protocol , 2013, The Journal of Supercomputing.

[22]  Hung-Yu Chien Secure Verifier-Based Three-Party Key Exchange in the Random Oracle Model , 2011, J. Inf. Sci. Eng..

[23]  Shirisha Tallapally,et al.  Security enhancement on Simple Three Party PAKE Protocol , 2012, Inf. Technol. Control..

[24]  G. P. Biswas,et al.  Comments on ID-Based Client Authentication with Key Agreement Protocol on ECC for Mobile Client-Server Environment , 2011, ACC.

[25]  Hung-Min Sun,et al.  Three-party encrypted key exchange: attacks and a solution , 2000, OPSR.

[26]  Hung-Yu Chien,et al.  Provably Secure Password-Based Three-Party Key Exchange With Optimal Message Steps , 2009, Comput. J..

[27]  Zhoujun Li,et al.  Cryptanalysis of simple three-party key exchange protocol , 2008, Comput. Secur..

[28]  Jian Wang,et al.  Secure verifier-based three-party password-authenticated key exchange , 2013, Peer Peer Netw. Appl..

[29]  Taekyoung Kwon,et al.  An Improvement of the Password-Based Authentication Protocol (K1P) on Security against Replay Attacks , 1999 .

[30]  Dongho Won,et al.  Security weakness in a three-party pairing-based protocol for password authenticated key exchange , 2007, Inf. Sci..

[31]  Debiao He,et al.  Cryptanalysis and improvement of an extended chaotic maps-based key agreement protocol , 2012, Nonlinear Dynamics.

[32]  Zhi Guan,et al.  Finding and fixing vulnerabilities in several three-party password authenticated key exchange protocols without server public keys , 2013, Inf. Sci..

[33]  Adi Shamir,et al.  Identity-Based Cryptosystems and Signature Schemes , 1984, CRYPTO.

[34]  Hung-Min Sun,et al.  Password-based user authentication and key distribution protocols for client-server applications , 2004, J. Syst. Softw..

[35]  Xiao Tan,et al.  Improvement of a Three-Party Password-Based Key Exchange Protocol with Formal Verification , 2013, Inf. Technol. Control..

[36]  Patrick Horster,et al.  Undetectable on-line password guessing attacks , 1995, OPSR.

[37]  Debiao He,et al.  Cryptanalysis of a communication-efficient three-party password authenticated key exchange protocol , 2012, Inf. Sci..

[38]  Jin-Young Choi,et al.  Enhanced password-based simple three-party key exchange protocol , 2009, Comput. Electr. Eng..

[39]  Hung-Min Sun,et al.  Provably Secure Three-Party Password-Authenticated Key Exchange , 2004 .

[40]  Wei-Pang Yang,et al.  A communication-efficient three-party password authenticated key exchange protocol , 2011, Inf. Sci..