Cryptanalysis of Two PAKE Protocols for Body Area Networks and Smart Environments

Password-authenticated key exchange (PAKE) protocols enable two or more entities to authenticate each other and share a strong cryptographic key based on a pre-shared human memorable password. In this paper, we present several attacks on two recent elliptic curve-based PAKE protocols that have been suggested for use in body area networks and smart environments. A variant of the rst PAKE protocol has been included in the latest standard for body area networks. The second PAKE protocol is a modied variant of the rst protocol, and has been

[1]  Ratna Dutta,et al.  Password-based Encrypted Group Key Agreement , 2006, Int. J. Netw. Secur..

[2]  Mohsen Toorani,et al.  Cryptanalysis of an efficient signcryption scheme with forward secrecy based on elliptic curve , 2008, 2008 International Conference on Computer and Electrical Engineering.

[3]  Debiao He,et al.  Cryptanalysis of a Three-party Password-based Authenticated Key Exchange Protocol , 2014, Int. J. Netw. Secur..

[4]  Mohsen Toorani On Vulnerabilities of the Security Association in the IEEE 802.15.6 Standard , 2015, Financial Cryptography Workshops.

[5]  Kristin E. Lauter,et al.  Stronger Security of Authenticated Key Exchange , 2006, ProvSec.

[6]  Qingfeng Cheng Cryptanalysis of a New Efficient Authenticated Multiple-Key Exchange Protocol from Bilinear Pairings , 2014, Int. J. Netw. Secur..

[7]  Hugo Krawczyk,et al.  HMQV: A High-Performance Secure Diffie-Hellman Protocol , 2005, CRYPTO.

[8]  Mohammed Feham,et al.  Trust Key Management Scheme for Wireless Body Area Networks , 2011, Int. J. Netw. Secur..

[9]  Anandarup Mukherjee,et al.  Design and implementation analysis of a public key infrastructure-enabled security framework for ZigBee sensor networks , 2016, Int. J. Commun. Syst..

[10]  Mohsen Toorani,et al.  LPKI - A lightweight public key Infrastructure for the mobile environments , 2008, 2008 11th IEEE Singapore International Conference on Communication Systems.

[11]  Mohsen Toorani Cryptanalysis of a new protocol of wide use for email with perfect forward secrecy , 2015, Secur. Commun. Networks.

[12]  Jin-Meng Ho,et al.  A versatile suite of strong authenticated key agreement protocols for body area networks , 2012, 2012 8th International Wireless Communications and Mobile Computing Conference (IWCMC).

[13]  Dirk Timmermann,et al.  Bridging the UI gap for authentication in smart environments , 2014, 2014 IEEE Symposium on Computers and Communications (ISCC).

[14]  Mohsen Toorani On Continuous After-the-Fact Leakage-Resilient Key Exchange , 2014, IACR Cryptol. ePrint Arch..

[15]  Aaas News,et al.  Book Reviews , 1893, Buffalo Medical and Surgical Journal.

[16]  Mohsen Toorani,et al.  An Elliptic Curve-based Signcryption Scheme with Forward Secrecy , 2009, ArXiv.

[17]  Mohsen Toorani,et al.  SMEmail - A New Protocol for the Secure E-mail in Mobile Environments , 2008, 2008 Australasian Telecommunication Networks and Applications Conference.

[18]  Steven M. Bellovin,et al.  Encrypted key exchange: password-based protocols secure against dictionary attacks , 1992, Proceedings 1992 IEEE Computer Society Symposium on Research in Security and Privacy.

[19]  Cheng-Chi Lee,et al.  Improving Security of A Communication-efficient Three-party Password Authentication Key Exchange Protocol , 2015, Int. J. Netw. Secur..

[20]  Mohsen Toorani,et al.  Cryptanalysis of an Elliptic Curve-based Signcryption Scheme , 2010, Int. J. Netw. Secur..

[21]  Mohsen Toorani,et al.  SSMS - A secure SMS messaging protocol for the m-payment systems , 2008, 2008 IEEE Symposium on Computers and Communications.

[22]  Mohsen Toorani,et al.  A directly public verifiable signcryption scheme based on elliptic curves , 2009, 2009 IEEE Symposium on Computers and Communications.

[23]  Cheng-Chi Lee,et al.  Guessing Attacks on Strong-Password Authentication Protocol , 2013, Int. J. Netw. Secur..

[24]  Patrick Horster,et al.  Undetectable on-line password guessing attacks , 1995, OPSR.

[25]  Alfred Menezes,et al.  Guide to Elliptic Curve Cryptography , 2004, Springer Professional Computing.

[26]  W. Marsden I and J , 2012 .