Communication-efficient three-party protocols for authentication and key agreement

Encrypted key exchange (EKE) authentication approaches are very important for secure communicating over public networks. In order to solve the security weaknesses three-party EKE, Yeh et al. [H.T. Yeh, H.M. Sun, T. Hwang, Efficient three-party authentication and key agreement protocols resistant to password guessing attacks, Information Science and Engineering 19 (6) (2003) 1059-1070.] proposed two secure and efficient three-party EKE protocols. Based on the protocol developed by Yeh et al., two improved EKE protocols for authentication and key agreement are proposed in this study. The computational costs of the proposed protocols are the same as those of the protocols of Yeh et al. However, the numbers of messages in the communication are fewer than those of the protocols of Yeh et al. Furthermore, the round efficient versions of our proposed protocols are also described.

[1]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[2]  Patrick Horster,et al.  Undetectable on-line password guessing attacks , 1995, OPSR.

[3]  Hung-Min Sun,et al.  Efficient Three-Party Authentication and Key Agreement Protocols Resistant to Password Guessing Attacks , 2003, J. Inf. Sci. Eng..

[4]  Steven M. Bellovin,et al.  Encrypted key exchange: password-based protocols secure against dictionary attacks , 1992, Proceedings 1992 IEEE Computer Society Symposium on Research in Security and Privacy.

[5]  Taekyoung Kwon,et al.  Efficient Key Exchange and Authentication Protocols Protecting Weak Secrets , 1998 .

[6]  Hung-Min Sun,et al.  Three-party encrypted key exchange: attacks and a solution , 2000, OPSR.

[7]  Taekyoung Kwon,et al.  An adaptable and reliable authentication protocol for communication networks , 1997, Proceedings of INFOCOM '97.

[8]  Kai-Yeung Siu,et al.  Efficient protocols secure against guessing and replay attacks , 1995, Proceedings of Fourth International Conference on Computer Communications and Networks - IC3N'95.

[9]  Jerome H. Saltzer,et al.  Protecting Poorly Chosen Secrets from Guessing Attacks , 1993, IEEE J. Sel. Areas Commun..

[10]  David P. Jablon Strong password-only authenticated key exchange , 1996, CCRV.

[11]  Stefan Lucks,et al.  Open Key Exchange: How to Defeat Dictionary Attacks Without Encrypting Public Keys , 1997, Security Protocols Workshop.

[12]  Gene Tsudik,et al.  Refinement and extension of encrypted key exchange , 1995, OPSR.

[13]  Taekyoung Kwon,et al.  Authenticated key exchange protocols resistant to password guessing attacks , 1998 .

[14]  David P. Jablon Extended password key exchange protocols immune to dictionary attack , 1997, Proceedings of IEEE 6th Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprises.

[15]  Li Gong,et al.  Optimal authentification protocols resistant to password guessing attacks , 1995, Proceedings The Eighth IEEE Computer Security Foundations Workshop.

[16]  Taekyoung Kwon,et al.  An Improvement of the Password-Based Authentication Protocol (K1P) on Security against Replay Attacks , 1999 .