Efficient three-party key exchange using smart cards

In this paper, we propose a novel three-party key exchange scheme using smart cards. The main merits of our scheme include: (1) there is no need for verification, passwords or shared keys table in the trusted server; (2) users can freely choose and change their own passwords, (3) the communication and computation cost is very low; (4) two users can authenticate each other by the trusted server; (5) it generates a session key agreed between two users; (6) it is a nonce-based scheme which does not have a serious time-synchronization problem.

[1]  William Stallings,et al.  Cryptography and network security , 1998 .

[2]  Steven M. Bellovin,et al.  Encrypted key exchange: password-based protocols secure against dictionary attacks , 1992, Proceedings 1992 IEEE Computer Society Symposium on Research in Security and Privacy.

[3]  Ronald L. Rivest,et al.  The MD5 Message-Digest Algorithm , 1992, RFC.

[4]  Hung-Yu Chien,et al.  An Efficient and Practical Solution to Remote Authentication: Smart Card , 2002, Comput. Secur..

[5]  Patrick Horster,et al.  Undetectable on-line password guessing attacks , 1995, OPSR.

[6]  Hung-Min Sun,et al.  Three-party encrypted key exchange: attacks and a solution , 2000, OPSR.

[7]  Gene Tsudik,et al.  Refinement and extension of encrypted key exchange , 1995, OPSR.

[8]  Wei-Chi Ku,et al.  Weaknesses and improvements of an efficient password based remote user authentication scheme using smart cards , 2004, IEEE Transactions on Consumer Electronics.

[9]  Michael Waidner,et al.  Secure password-based cipher suite for TLS , 2001, NDSS.

[10]  Martín Abadi,et al.  A logic of authentication , 1990, TOCS.

[11]  Tzonelih Hwang,et al.  Reparable key distribution protocols for Internet environments , 1995, IEEE Trans. Commun..

[12]  Ronald Cramer,et al.  A Practical Public Key Cryptosystem Provably Secure Against Adaptive Chosen Ciphertext Attack , 1998, CRYPTO.

[13]  D. Mcelroy,et al.  Using smart cards in electronic commerce , 1998 .

[14]  James H. Burrows,et al.  Secure Hash Standard , 1995 .

[15]  Wen-Shenq Juang,et al.  Efficient multi-server password authenticated key agreement using smart cards , 2004, IEEE Transactions on Consumer Electronics.

[16]  Hung-Min Sun,et al.  Three-party encrypted key exchange without server public-keys , 2001, IEEE Communications Letters.

[17]  Hung-Min Sun,et al.  An efficient remote use authentication scheme using smart cards , 2000, IEEE Trans. Consumer Electron..

[18]  Hung-Min Sun,et al.  An Efficient Remote User Authentication Scheme Using Smart Cards , 2000 .

[19]  Min-Shiang Hwang,et al.  A new remote user authentication scheme using smart cards , 2000, IEEE Trans. Consumer Electron..

[20]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[21]  Ralph C. Merkle,et al.  One Way Hash Functions and DES , 1989, CRYPTO.

[22]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[23]  Wen-Shenq Juang,et al.  Efficient password authenticated key agreement using smart cards , 2004, Comput. Secur..