An Enhanced Three-Party Authentication Key Exchange Protocol for Mobile Commerce Environments

Recently, Yang et al. proposed a three-party encrypted key exchange protocol (3PAKE) which is based on Elliptic curve cryptography. Their 3PAKE protocol is efficient because it requires less computation cost and less communication cost, which is well suitable for mobile commerce environments. However, Yang et al.’s 3PAKE protocol is susceptible to parallel attacks and impersonation attacks. We presented an enhancement to resolve such security problems. Detailed analyses show that our proposed protocol is a secure 3PAKE protocol and more efficient.

[1]  Marko Hölbl,et al.  Two proposed identity-based three-party authenticated key agreement protocols from pairings , 2010, Comput. Secur..

[2]  Nai-Wei Lo,et al.  Cryptanalysis of a Simple Three-party Key Exchange Protocol , 2009 .

[3]  Patrick Horster,et al.  Undetectable on-line password guessing attacks , 1995, OPSR.

[4]  Hung-Min Sun,et al.  Secure key agreement protocols for three-party against guessing attacks , 2005, J. Syst. Softw..

[5]  Mihir Bellare,et al.  Authenticated Key Exchange Secure against Dictionary Attacks , 2000, EUROCRYPT.

[6]  Dongho Won,et al.  Attack on the Sun-Chen-Hwang's Three-Party Key Agreement Protocols Using Passwords , 2006, IEICE Trans. Fundam. Electron. Commun. Comput. Sci..

[7]  Zhongliang Chen Security analysis on Nalla-Reddy's ID-based tripartite authenticated key agreement protocols , 2003, IACR Cryptol. ePrint Arch..

[8]  Chin-Chen Chang,et al.  An efficient three-party authenticated key exchange protocol using elliptic curve cryptography for mobile-commerce environments , 2009, J. Syst. Softw..

[9]  Wei-Chi Ku,et al.  Three weaknesses in a simple three-party key exchange protocol , 2008, Inf. Sci..

[10]  Chin-Chen Chang,et al.  Security enhancement for a three-party encrypted key exchange protocol against undetectable on-line password guessing attacks , 2008, Comput. Stand. Interfaces.

[11]  C. P. Schnorr,et al.  Efficient Identification and Signatures for Smart Cards (Abstract) , 1989, EUROCRYPT.

[12]  Marko Hölbl,et al.  Comparative Study of Tripartite Identity-Based Authenticated Key Agreement Protocols , 2009, Informatica.

[13]  Hung-Min Sun,et al.  Three-party encrypted key exchange: attacks and a solution , 2000, OPSR.

[14]  Hung-Yu Chien,et al.  Provably Secure Password-Based Three-Party Key Exchange With Optimal Message Steps , 2009, Comput. J..

[15]  Mihir Bellare,et al.  Entity Authentication and Key Distribution , 1993, CRYPTO.

[16]  Zhenfu Cao,et al.  Simple three-party key exchange protocol , 2007, Comput. Secur..

[17]  Hung-Min Sun,et al.  Three-party encrypted key exchange without server public-keys , 2001, IEEE Communications Letters.

[18]  Steven M. Bellovin,et al.  Encrypted key exchange: password-based protocols secure against dictionary attacks , 1992, Proceedings 1992 IEEE Computer Society Symposium on Research in Security and Privacy.

[19]  Mihir Bellare,et al.  Provably secure session key distribution: the three party case , 1995, STOC '95.