A secure and efficient identity-based authenticated key exchange protocol for mobile client–server networks

Recently, Chou et al. (J Supercomput 66(2): 973–988, 2013) proposed two identity-based key exchange protocols using elliptic curves for mobile environments. The first one is an two-party authentication key exchange protocol to establish a session key between a client and a remote server. The second one is an extended version for three-party setting to establish a session key between two clients with the help of a trusted server. However, this paper finds the first one vulnerable to impersonation attack and key-compromise impersonation attack, and the second one insecure against impersonation attack. To overcome the weaknesses, we propose an improved identity-based two-party authentication key exchange protocol using elliptic curves. The rigorous analysis shows that our scheme achieves more security than related protocols.

[1]  Wei-Bin Lee,et al.  A round- and computation-efficient three-party authenticated key exchange protocol , 2008, J. Syst. Softw..

[2]  Eun-Jun Yoon,et al.  Improving the novel three-party encrypted key exchange protocol , 2008, Comput. Stand. Interfaces.

[3]  Chin-Chen Chang,et al.  An efficient three-party authenticated key exchange protocol using elliptic curve cryptography for mobile-commerce environments , 2009, J. Syst. Softw..

[4]  Eun-Jun Yoon,et al.  Robust ID-Based Remote Mutual Authentication with Key Agreement Scheme for Mobile Devices on ECC , 2009, 2009 International Conference on Computational Science and Engineering.

[5]  Cheng-Chi Lee,et al.  A new authenticated group key agreement in a mobile environment , 2009, Ann. des Télécommunications.

[6]  Chin-Chen Chang,et al.  An ID-based remote mutual authentication with key agreement scheme for mobile devices on elliptic curve cryptosystem , 2009, Comput. Secur..

[7]  Zuowen Tan An Enhanced Three-Party Authentication Key Exchange Protocol for Mobile Commerce Environments , 2010, J. Commun..

[8]  Mohammad Sabzinejad Farash,et al.  A Novel Secure Bilinear Pairing Based Remote User Authentication Scheme with Smart Card , 2010, 2010 IEEE/IFIP International Conference on Embedded and Ubiquitous Computing.

[9]  Eun-Jun Yoon,et al.  Cryptanalysis of a simple three-party password-based key exchange protocol , 2011, Int. J. Commun. Syst..

[10]  Naixue Xiong,et al.  Using Multi-Modal Semantic Association Rules to fuse keywords and visual features automatically for Web image retrieval , 2011, Inf. Fusion.

[11]  G. P. Biswas,et al.  A more efficient and secure ID-based remote mutual authentication with key agreement scheme for mobile devices on elliptic curve cryptosystem , 2011, J. Syst. Softw..

[12]  Mahmoud Ahmadian-Attari,et al.  Vulnerability of two multiple-key agreement protocols , 2011, Comput. Electr. Eng..

[13]  Jianhua Chen,et al.  An Id-Based Three-Party Authenticated Key Exchange Protocol Using Elliptic Curve Cryptography for Mobile-Commerce Environments , 2011, IACR Cryptol. ePrint Arch..

[14]  Hu Jin,et al.  An ID-based client authentication with key agreement protocol for mobile client-server environment on ECC with provable security , 2012 .

[15]  Debiao He,et al.  Cryptanalysis of a communication-efficient three-party password authenticated key exchange protocol , 2012, Inf. Sci..

[16]  Sk Hafizul Islam,et al.  An improved ID - based client authentication with key agreement scheme on ECC for mobile client - server environments , 2012 .

[17]  Jianhua Chen,et al.  An ID-based client authentication with key agreement protocol for mobile client-server environment on ECC with provable security , 2012, Inf. Fusion.

[18]  Eun-Jun Yoon,et al.  A SECURE AND EFFICIENCY ID-BASED AUTHENTICATED KEY AGREEMENT SCHEME BASED ON ELLIPTIC CURVE CRYPTOSYSTEM FOR MOBILE DEVICES , 2012 .

[19]  Xinsong Liu,et al.  Cryptanalysis of Arshad et al.’s ECC-based mutual authentication scheme for session initiation protocol , 2012, Multimedia Tools and Applications.

[20]  Dawu Gu,et al.  Provably secure three-party password-based authenticated key exchange protocol , 2012, Inf. Sci..

[21]  Shirisha Tallapally,et al.  Security enhancement on Simple Three Party PAKE Protocol , 2012, Inf. Technol. Control..

[22]  Mahmoud Ahmadian-Attari,et al.  A Certificateless Multiple-key Agreement Protocol Based on Bilinear Pairings , 2012, IACR Cryptol. ePrint Arch..

[23]  Mahmoud Ahmadian Attari,et al.  A Certificate less Multiple-key Agreement Protocol without Hash Functions Based on Bilinear Pairings , 2012 .

[24]  Qi Xie A new authenticated key agreement for session initiation protocol , 2012, Int. J. Commun. Syst..

[25]  Yong Zhao,et al.  ECC-Based Password-Authenticated Key Exchange in the Three-Party Setting , 2013 .

[26]  Kefei Chen,et al.  Enhancements of a three-party password-based authenticated key exchange protocol , 2013, Int. Arab J. Inf. Technol..

[27]  Mahmoud Ahmadian-Attari,et al.  A new efficient authenticated multiple-key exchange protocol from bilinear pairings , 2013, Comput. Electr. Eng..

[28]  Kuo-Yu Tsai,et al.  Two ID-based authenticated schemes with key agreement for mobile environments , 2013, The Journal of Supercomputing.

[29]  Mahmoud Ahmadian-Attari,et al.  Provably secure and efficient identity-based key agreement protocol for independent PKGs using ECC , 2013, ISC Int. J. Inf. Secur..

[30]  Mahmoud Ahmadian-Attari,et al.  An Enhanced Authenticated Key Agreement for Session Initiation Protocol , 2013, Inf. Technol. Control..

[31]  Mohammad Sabzinejad Farash,et al.  Cryptanalysis and improvement of a chaotic map-based key agreement protocol using Chebyshev sequence membership testing , 2014, Nonlinear Dynamics.

[32]  Chin-Chen Chang,et al.  A Pairing-free ID-based Key Agreement Protocol with Different PKGs , 2014 .

[33]  Mohammad Sabzinejad Farash,et al.  An efficient and provably secure three-party password-based authenticated key exchange protocol based on Chebyshev chaotic maps , 2014 .