Analyzing three-party authentication and key agreement protocol for real time IP multimedia server–client systems

Authenticated key agreement (AKA) is useful to preserve the secret (private) key for the data being transmitted over an insecure Thus, this paper proposes the strategies, such as short-term and long-term private keys for the three party authentication and key agreement (3PAKA) protocol. Recently, the IP Multimedia server and client systems have been sprung up for the Telecom Industry, though the systems have not had any proficient authentication mechanism for the fulfillment of security properties and mitigation of signal congestion, bandwidth consumption and end-to-end voice call delay. To address this issue, we present a novel 3PAKA that duplicates the long-term and short-term private keys to alleviate the signal congestion of the multimedia systems. It is then analyzed in the real time multimedia server–client systems to examine the metrics realistically. Besides, we employ the strategy of random Challenge-Response (CR) technique to declare the clock synchronization as invalid.

[1]  Yehuda Lindell,et al.  Introduction to Modern Cryptography , 2004 .

[2]  Chin-Chen Chang,et al.  Security design for three-party encrypted key exchange protocol using smart cards , 2008, ICUIMC '08.

[3]  Nai-Wei Lo,et al.  Cryptanalysis of a Simple Three-party Key Exchange Protocol , 2009 .

[4]  Li Gong,et al.  Optimal authentification protocols resistant to password guessing attacks , 1995, Proceedings The Eighth IEEE Computer Security Foundations Workshop.

[5]  Yehuda Lindell,et al.  Introduction to Modern Cryptography (Chapman & Hall/Crc Cryptography and Network Security Series) , 2007 .

[6]  Hung-Min Sun,et al.  Three-party encrypted key exchange: attacks and a solution , 2000, OPSR.

[7]  Yin Yin,et al.  Secure Cross-Realm C2C-PAKE Protocol , 2006, ACISP.

[8]  Wei-Pang Yang,et al.  A communication-efficient three-party password authenticated key exchange protocol , 2011, Inf. Sci..

[9]  David Pointcheval,et al.  Password-Based Authenticated Key Exchange in the Three-Party Setting , 2005, Public Key Cryptography.

[10]  Tzonelih Hwang,et al.  Simple password-based three-party authenticated key exchange without server public keys , 2010, Inf. Sci..

[11]  Kefei Chen,et al.  Enhancements of a three-party password-based authenticated key exchange protocol , 2013, Int. Arab J. Inf. Technol..

[12]  Jianhua Li,et al.  Anonymity Enhancement on Robust and Efficient Password-Authenticated Key Agreement Using Smart Cards , 2010, IEEE Transactions on Industrial Electronics.

[13]  Kai-Yeung Siu,et al.  Efficient protocols secure against guessing and replay attacks , 1995, Proceedings of Fourth International Conference on Computer Communications and Networks - IC3N'95.

[14]  Gene Tsudik,et al.  Refinement and extension of encrypted key exchange , 1995, OPSR.

[15]  Hung-Min Sun,et al.  An efficient remote use authentication scheme using smart cards , 2000, IEEE Trans. Consumer Electron..

[16]  Wei-Chi Ku,et al.  Weaknesses and improvements of an efficient password based remote user authentication scheme using smart cards , 2004, IEEE Transactions on Consumer Electronics.

[17]  Li Gong,et al.  Lower bounds on messages and rounds for network authentication protocols , 1993, CCS '93.

[18]  Patrick Horster,et al.  Undetectable on-line password guessing attacks , 1995, OPSR.

[19]  Zhenfu Cao,et al.  Simple three-party key exchange protocol , 2007, Comput. Secur..

[20]  Debiao He,et al.  Cryptanalysis of a communication-efficient three-party password authenticated key exchange protocol , 2012, Inf. Sci..

[21]  Hassan M. Elkamchouchi,et al.  An efficient protocol for authenticated key agreement , 2011, 2011 28th National Radio Science Conference (NRSC).

[22]  Rafail Ostrovsky,et al.  Efficient Password-Authenticated Key Exchange Using Human-Memorable Passwords , 2001, EUROCRYPT.

[23]  David Pointcheval,et al.  Simple Password-Based Encrypted Key Exchange Protocols , 2005, CT-RSA.

[24]  Jerome H. Saltzer,et al.  Protecting Poorly Chosen Secrets from Guessing Attacks , 1993, IEEE J. Sel. Areas Commun..

[25]  Noam Nisan,et al.  Rounds in communication complexity revisited , 1991, STOC '91.

[26]  Robert H. Deng,et al.  A practical password-based two-server authentication and key exchange system , 2006, IEEE Transactions on Dependable and Secure Computing.

[27]  Steven M. Bellovin,et al.  Limitations of the Kerberos authentication system , 1990, CCRV.

[28]  Mohammad Sabzinejad Farash,et al.  An efficient and provably secure three-party password-based authenticated key exchange protocol based on Chebyshev chaotic maps , 2014, Nonlinear Dynamics.

[29]  Hung-Yu Chien Secure Verifier-Based Three-Party Key Exchange in the Random Oracle Model , 2011, J. Inf. Sci. Eng..

[30]  Taekyoung Kwon,et al.  Efficient Key Exchange and Authentication Protocols Protecting Weak Secrets , 1998 .

[31]  Alfred Menezes,et al.  Handbook of Applied Cryptography , 2018 .

[32]  Mihir Bellare,et al.  Random oracles are practical: a paradigm for designing efficient protocols , 1993, CCS '93.

[33]  Lei Hu,et al.  Efficient and Provably Secure Generic Construction of Three-Party Password-Based Authenticated Key Exchange Protocols , 2006, INDOCRYPT.

[34]  Hung-Min Sun,et al.  Three-party encrypted key exchange without server public-keys , 2001, IEEE Communications Letters.

[35]  Taekyoung Kwon,et al.  Authenticated key exchange protocols resistant to password guessing attacks , 1998 .

[36]  Der-Chyuan Lou,et al.  Efficient three-party password-based key exchange scheme , 2011, Int. J. Commun. Syst..

[37]  Moti Yung,et al.  Systematic Design of Two-Party Authentication Protocols , 1991, CRYPTO.

[38]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[39]  Raylin Tso Security analysis and improvements of a communication-efficient three-party password authenticated key exchange protocol , 2013, The Journal of Supercomputing.

[40]  Stefan Lucks,et al.  Open Key Exchange: How to Defeat Dictionary Attacks Without Encrypting Public Keys , 1997, Security Protocols Workshop.

[41]  Jian Weng,et al.  A New Approach for Anonymous Password Authentication , 2009, 2009 Annual Computer Security Applications Conference.

[42]  Paul C. van Oorschot,et al.  Authentication and authenticated key exchanges , 1992, Des. Codes Cryptogr..

[43]  Alfred Menezes,et al.  An Efficient Protocol for Authenticated Key Agreement , 2003, Des. Codes Cryptogr..

[44]  Jian Wang,et al.  Secure verifier-based three-party password-authenticated key exchange , 2013, Peer Peer Netw. Appl..

[45]  Taekyoung Kwon,et al.  An Improvement of the Password-Based Authentication Protocol (K1P) on Security against Replay Attacks , 1999 .

[46]  Hung-Min Sun,et al.  An Efficient Remote User Authentication Scheme Using Smart Cards , 2000 .

[47]  Amit K. Awasthi,et al.  A remote user authentication scheme using smart cards with forward secrecy , 2003, IEEE Trans. Consumer Electron..

[48]  David P. Jablon Extended password key exchange protocols immune to dictionary attack , 1997, Proceedings of IEEE 6th Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprises.

[49]  Min-Shiang Hwang,et al.  A new remote user authentication scheme using smart cards , 2000, IEEE Trans. Consumer Electron..

[50]  Wen-Sheng Jaung Efficient three-party key exchange using smart cards , 2004, IEEE Transactions on Consumer Electronics.

[51]  Vytautas Štuikys,et al.  Power Awareness Experiment for Crypto Service-Based Algorithms , 2010 .

[52]  Raphael C.-W. Phan,et al.  Cryptanalysis of Two Provably Secure Cross-Realm C2C-PAKE Protocols , 2006, INDOCRYPT.

[53]  Shirisha Tallapally,et al.  Security enhancement on Simple Three Party PAKE Protocol , 2012, Inf. Technol. Control..

[54]  Eun-Jun Yoon,et al.  Token-Based Authenticated Key Establishment Protocols for Three-Party Communication , 2007, EUC Workshops.

[55]  Dong Hoon Lee,et al.  Efficient and Provably Secure Client-to-Client Password-Based Key Exchange Protocol , 2006, APWeb.

[56]  Einar Snekkenes,et al.  Applying a formal analysis technique to the CCITT X.509 strong two-way authentication protocol , 2004, Journal of Cryptology.