Security analysis and enhancements of a three-party authenticated key agreement protocol

Three-party authenticated key agreement (3PAKA) protocol is an important cryptographic mechanism for secure communication, which allows two clients to generate a shared session key with the help of the server. Recently, Tan proposed a communication and computation-efficient 3PAKA protocol. Compared with related protocols, Tan’s protocol requires fewer rounds, lower communication cost and smaller computation cost. Tan claimed that his protocol was secure against various attacks. Unfortunately, we found that his protocol cannot withstand the key compromise impersonation attack. To improve security, we proposed a new 3PAKA protocol. Security analysis and performance analysis show our 3PAKA protocol could overcome weakness in Tan’s protocol at the cost of increasing the computational cost slightly.

[1]  Wei-Bin Lee,et al.  A round- and computation-efficient three-party authenticated key exchange protocol , 2008, J. Syst. Softw..

[2]  Chin-Chen Chang,et al.  Security enhancement for a three-party encrypted key exchange protocol against undetectable on-line password guessing attacks , 2008, Comput. Stand. Interfaces.

[3]  Alfred Menezes,et al.  Handbook of Applied Cryptography , 2018 .

[4]  Xingming Sun,et al.  Achieving Efficient Cloud Search Services: Multi-Keyword Ranked Search over Encrypted Cloud Data Supporting Parallel Computing , 2015, IEICE Trans. Commun..

[5]  Chin-Chen Chang,et al.  A novel three-party encrypted key exchange protocol , 2004, Comput. Stand. Interfaces.

[6]  Zuowen Tan A communication and computation-efficient three-party authenticated key agreement protocol , 2013, Secur. Commun. Networks.

[7]  Nai-Wei Lo,et al.  Cryptanalysis of two three-party encrypted key exchange protocols , 2009, Comput. Stand. Interfaces.

[8]  Jin Wang,et al.  A Variable Threshold-Value Authentication Architecture for Wireless Mesh Networks , 2014 .

[9]  Jian Shen,et al.  A Novel Routing Protocol Providing Good Transmission Reliability in Underwater Sensor Networks , 2015 .

[10]  Zuowen Tan An Enhanced Three-Party Authentication Key Exchange Protocol for Mobile Commerce Environments , 2010, J. Commun..

[11]  Sahadeo Padhye,et al.  A pairing‐free certificateless authenticated key agreement protocol , 2012, Int. J. Commun. Syst..

[12]  Ding Xiao The Three-Party Password-Authenticated Key Exchange Protocol with Stronger Security , 2010 .

[13]  Chin-Chen Chang,et al.  An efficient three-party authenticated key exchange protocol using elliptic curve cryptography for mobile-commerce environments , 2009, J. Syst. Softw..

[14]  Jianhua Chen,et al.  New certificateless short signature scheme , 2013, IET Inf. Secur..

[15]  Jun-Han Yang,et al.  Provably secure three-party password authenticated key exchange protocol in the standard model , 2012, J. Syst. Softw..

[16]  Sherali Zeadally,et al.  Authentication protocol for an ambient assisted living system , 2015, IEEE Communications Magazine.

[17]  Wei-Pang Yang,et al.  A communication-efficient three-party password authenticated key exchange protocol , 2011, Inf. Sci..

[18]  Yuanyuan Zhang,et al.  Cryptanalysis and Improvement of an Anonymous Authentication Protocol for Wireless Access Networks , 2013, Wireless Personal Communications.

[19]  Cheng-Chi Lee,et al.  Robust anonymous authentication protocol for health-care applications using wireless medical sensor networks , 2013, Multimedia Systems.

[20]  Zuowen Tan,et al.  Efficient identity-based authenticated multiple key exchange protocol , 2011, Comput. Electr. Eng..