Browse > Article
http://dx.doi.org/10.3837/tiis.2015.12.022

Multi-party Password-Authenticated Key Exchange Scheme with Privacy Preservation for Mobile Environment  

Lu, Chung-Fu (Department of Information Management, Chihlee University of Technology)
Publication Information
KSII Transactions on Internet and Information Systems (TIIS) / v.9, no.12, 2015 , pp. 5135-5149 More about this Journal
Abstract
Communications among multi-party must be fast, cost effective and secure. Today's computing environments such as internet conference, multi-user games and many more applications involve multi-party. All participants together establish a common session key to enable multi-party and secure exchange of messages. Multi-party password-based authenticated key exchange scheme allows users to communicate securely over an insecure network by using easy-to-remember password. Kwon et al. proposed a practical three-party password-based authenticated key exchange (3-PAKE) scheme to allow two users to establish a session key through a server without pre-sharing a password between users. However, Kwon et al.'s scheme cannot meet the security requirements of key authentication, key confirmation and anonymity. In this paper, we present a novel, simple and efficient multi-party password-based authenticated key exchange (M-PAKE) scheme based on the elliptic curve cryptography for mobile environment. Our proposed scheme only requires two round-messages. Furthermore, the proposed scheme not only satisfies security requirements for PAKE scheme but also achieves efficient computation and communication.
Keywords
Authenticated key exchange; password-based; multi-party; cryptography;
Citations & Related Records
Times Cited By KSCI : 1  (Citation Analysis)
연도 인용수 순위
1 IEEE Std 1363-2000 Working Group, "IEEE Standard Specifications for Public Key Cryptography," The Institute of Electrical and Electronics Engineers, Inc., New York, August, 2000. Article (CrossRef Link).
2 A. Menezes, “Elliptic curve public key cryptosystems,” Kluwer Academic Publishers, Norwell, Massachusetts, 1993. Article (CrossRef Link).
3 I. Blake, G. Seroussi and N. Smart, “Elliptic curves in cryptography,” Cambridge University Press, Cambridge, United Kingdom, August, 1999. Article (CrossRef Link).
4 W. Diffie and M. Hellman, “New directions in cryptography,” IEEE Transactions on Information Theory, vol.22, no.6, pp.644-654, November, 1976. Article (CrossRef Link).   DOI
5 S. Contini, A. K. Lenstra and R. Steinfeld, “VSH, an Efficient and Provable Collision-Resistant Hash Function,” in Proc. of 24th Annual International Conference on the Theory and Applications of Cryptographic Techniques: Advances in Cryptology - EUROCRYPT 2006, pp. 165-182, May 28-June 1, 2006. Article (CrossRef Link).
6 N. Koblitz, A. Menezes and S. Vanstone, “The state of elliptic curve cryptography,” Designs, Codes and Cryptography, vol. 19, no. 2, pp. 173-193, March, 2000. Article (CrossRef Link).   DOI
7 T. S. Chen, E. T. Hsu, and Y. L. Yu, “A New Elliptic Curve Undeniable Signature Scheme,” International mathematical forum, vol. 1, no. 31, pp. 1529-1536, 2006. Article (CrossRef Link).
8 D. Hankerson, J. L. Hernandez and A. Menezes, “Software Implementation of Elliptic Curve Cryptography over Binary Fields,” in Proc. of Workshop on Cryptographic Hardware and Embedded Systems - CHES 2000, pp. 1-24, August 17-18, 2000. Article (CrossRef Link).
9 FIPS PUB 180-4, "Secure Hash Standard (SHS)," Information Technology Laboratory, National Institute of Standards and Technology (NIST), Gaithersburg, Maryland, August, 2015. Article (CrossRef Link).
10 Y. Lee, “Cryptanalysis and Improvement of a Password-Based Authenticated Three-Party Key Exchange Protocol,” International Journal of Security and Its Applications, vol. 8, no. 4, pp. 151-160, July, 2014. Article (CrossRef Link).   DOI
11 R. Amin and G. P. Biswas, “Cryptanalysis and Design of a Three-Party Authenticated Key Exchange Protocol Using Smart Card,” Arabian Journal for Science and Engineering, pp. 1-15, June, 2015. Article (CrossRef Link).
12 J. Nam, K. -K. R. Choo, S. Han, J. Paik and D.Won, “Two-round password-only authenticated key exchange in the three-party setting,” Symmetry, vol. 7, no. 1, pp. 105-124, January, 2015. Article (CrossRef Link).   DOI
13 L. C. Huang and M. S. Hwang, “Two-party authenticated multiple-key agreement based on elliptic curve discrete logarithm problem,” International Journal of Smart Home, vol. 7, no. 1, pp. 9-18, January, 2013. Article (CrossRef Link).   DOI
14 F. Wei, J. Ma, A. Ge, G. Li and C. Ma, “A Provably Secure Three-Party Password Authenticated Key Exchange Protocol without Using Server's Public-Keys and Symmetric Cryptosystems,” Information Technology And Control, vol. 44, no. 2, pp. 195-205, June, 2015. Article (CrossRef Link).
15 H. T. T. Nguyen, M. Guizani, J. Minho and E. N. Huh, “An Efficient Signal-Range-Based Probabilistic Key Predistribution Scheme in a Wireless Sensor Network,” IEEE Transactions on Vehicular Technology, vol. 58, no. 5, pp. 2482-2497, October, 2009. Article (CrossRef Link).   DOI
16 M. Abdalla and D. Pointcheval, “Interactive Diffie-Hellman assumptions with applications to password-based authentication,” in Proc. of 9th International Conference on Financial Cryptography - FC 2005, pp. 341-356, February 28-March 3, 2005. Article (CrossRef Link).
17 H. T. T. Nguyen, J. Minho, T. D. Nguyen and E. N. Huh, “A beneficial analysis of deployment knowledge for key distribution in wireless sensor networks,” Security and Communication Networks, vol. 5, no. 5, pp. 485-495, May, 2012. Article (CrossRef Link).   DOI
18 A. J. Menezes, P. C. Oorschot and S. A. Vanstone, “Handbook of Applied Cryptography,” CRC Press Inc., Boca Raton, Florida, 1997. Article (CrossRef Link).
19 M. Abdalla, P. A. Fouque and D. Pointcheval, “Password-based Authenticated Key Exchange in the Three-Party Setting,” Public Key Cryptography - PKC 2005, pp. 65-84, January 23-26, 2005. Article (CrossRef Link).
20 J. O. Kwon, I. R. Jeong and D. H. Lee, “Practical Password-Authenticated Three-Party Key Exchange,” KSII Transactions on Internet and Information Systems, vol. 2, no. 6, pp. 312-332, December, 2008. Article (CrossRef Link).   DOI
21 M. S. Farash and M. A. Attari, “An enhanced and secure three-party password-based authenticated key exchange protocol without using server's public-keys and symmetric cryptosystems,” Information Technology And Control, vol. 43, no. 2, pp. 143-150, June, 2014. Article (CrossRef Link).   DOI
22 C. F. Lu, Y. L. Lin and C. L. Hsu, “Password-based Authenticated Multi-party Key Exchange Scheme with Privacy Preservation,” in Proc. of 2012 International Conference on e-Commerce, e-Administration, e-Society,e-Education, and e-Technology (e-CASE & e-Tech 2012), March 30-April 1, 2012.
23 M. Steiner, G. Tsudik and M. Waidner, “Refinement and extension of encrypted key exchange,” ACM SIGOPS Operating Systems Review, vol. 29, no. 3, pp. 22-30, July, 1995. Article (CrossRef Link).   DOI
24 S. Wu, K. Chen and Y. Zhu, “Enhancements of a three-party password-based authenticated key exchange protocol,” The International Arab Journal of Information Technology, vol. 10, no. 3, pp. 215-221, May, 2013. Article (CrossRef Link).
25 C. L. Hsu and T. W. Lin, “Password authenticated key exchange protocol for multi-server mobile networks based on chebyshev chaotic map,” in Proc. of 2013 IEEE International Conference on Pervasive Computing and Communications Workshops (PERCOM Workshops), pp. 90-95, March 18-22, 2013. Article (CrossRef Link).
26 B.W. Simon and M. Alfred, “Authenticated Diffie-Hellman key agreement protocols,” in Proc. of the 5th Annual Workshop on Selected Areas in Cryptography (SAC'98), pp. 339-361, August 17-18, 1998. Article (CrossRef Link).
27 H. M. Sun, B. C. Chen and T. Hwang, “Secure key agreement protocols for three-party against guessing attacks,” Journal of Systems and Software, vol. 75, no. 1-2, pp. 63-68, February, 2005. Article (CrossRef Link).   DOI
28 E. J. Yoon and K. Y. Yoo, “Improving the novel three-party encrypted key exchange protocol,” Computer Standards & Interfaces, vol. 30, no. 5, pp. 309-314, July, 2008. Article (CrossRef Link).   DOI
29 C. L. Lin, H.M. Sun and T. Hwang, “Three-party encrypted key exchange: attacks and a solution,” ACM SIGOPS Operating Systems Review, vol. 34, no. 4, pp. 12-20, October, 2000. Article (CrossRef Link).   DOI
30 C. C. Chang and Y. F. Chang, “A novel three-party encrypted key exchange protocol,” Computer Standards & Interfaces, vol. 26, no. 5, pp. 471-476, September, 2004. Article (CrossRef Link).   DOI
31 S.M. Bellovin and M.Merritt, “Encrypted key exchange: Password-based protocols secure against dictionary attacks,” in Proc. of 1992 IEEE Computer Society Conference on Research in Security and Privacy, pp. 72-84, May 4-6, 1992. Article (CrossRef Link).
32 T. H. Chen, W. B. Lee and H. B. Chen, “A round- and computation- efficient three-party authenticated key exchange protocol,” Journal of Systems and Software, vol. 81, no. 9, pp. 1581-1590, September, 2008. Article (CrossRef Link).   DOI
33 N. W. Lo and K. H. Yeh, “Cryptanalysis of two three-party encrypted key exchange protocols,” Computer Standards & Interfaces, vol. 31, no. 6, pp. 1167-1174, November, 2009. Article (CrossRef Link).   DOI
34 T. F. Lee, T. Hwang, and C. L. Lin, “Enhanced three-party encrypted key exchange without server public keys,” Computers and Security, vol. 23, no. 7, pp. 571-577, October, 2004. Article (CrossRef Link).   DOI
35 Y. Ding and P. Horster, “Undetectable on-line password guessing attack,” ACM SIGOPS Operating Systems Review, vol. 29, no. 4, pp. 77-86, October, 1995. Article (CrossRef Link).   DOI
36 H. B. Chen, T. H. Chen, W. B. Lee, and C. C. Chang, “Security enhancement for a three-party encrypted key exchange protocol against undetectable online password guessing attacks,” Computer Standards & Interfaces, vol. 30, no. 1-2, pp. 95-99, January, 2008. Article (CrossRef Link).   DOI