Browse > Article
http://dx.doi.org/10.13089/JKIISC.2006.16.6.73

Three-Party Authenticated Key Exchange Protocol using Smartcards  

Jeon, Il-Soo (Kumoh National Institute of Technology)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.16, no.6, 2006 , pp. 73-80 More about this Journal
Abstract
Recently, Sun et el. proposed a three-party authenticated key exchange protocol using the public key of the server and the derived verifier from the Password of a user. This paper proposes a password-based three-party authenticated key exchange protocol using smartcards. Since the proposed protocol has very low computation cost by using XOR and hash function operation instead of the public key operation, and reduces the count of message transmission to 20% compared with the protocol of Sun et el., it can execute an effective authenticated key exchange. Furthermore, the proposed protocol is safe from password guessing attack by not saving passwords in the server, and it is also safe from server compromise attack because the server cannot know the shared session key between the two users.
Keywords
Three-party key exchange protocol; Authentication; Hash function;
Citations & Related Records
연도 인용수 순위
  • Reference
1 S. M. Bellovin and M. Merrit, 'Encrypted key exchange: Passwordbased protocols secure against dictionary attacks,' Proceedings of the IEEE Symposium on Research in Security and Privacy, pp. 72-84, 1992
2 Y. Ding and P. Horster, 'Undetectable on-line password guessing attacks,' ACM Operating Systems Review, Vol. 29, No. 4, pp. 77-86, 1995   DOI
3 H. Sun, B. Chen, and T. Hwang, 'Secure key agreement protocols for three-party against guessing attacks,' The Journal of Systems and Software, Vol. 75, pp.63-68, 2005   DOI   ScienceOn
4 W.C. Ku and S.M. Chen, 'Weaknesses and improvements of an efficient password based remote user authentication scheme using smart cards,' IEEE Trans. on Consumer Electron., Vol. 50, No. 1, pp. 204-207, 2004   DOI   ScienceOn
5 C. Lin, H. Sun, M. Steiner, and T. Hwang, 'Three-party Encrypted Key Exchange Without Server Public-Keys,' IEEE Communication Letters, Vol. 5, No. 12, pp. 497-499, 2001   DOI   ScienceOn
6 W. Diffie and M.E. Hellman, 'New directions in cryptography,' IEEE Trans., Vol. IT-22, No. 6, pp. 644-654, 1976
7 M. Steiner, G. Tsudik, and M. Waidner, 'Refinement and extension of Encrypted Key Exchange,' ACM Operating Systems Review, Vol. 29, No. 3, pp. 22-30, 1995   DOI
8 C. Lin, H. Sun, and T. Hwang, 'Three-party encrypted key exchange: Attacks and a solution,' ACM Operating Systems Review, Vol. 34, No. 4, pp. 12-20, 2000   DOI
9 S.M. Bellovin and M. Merritt, 'Augmented encrypted key exchange : a password-based protocol secure against dictionary attacks and password file compromise,' Technical report, AT&T Bell Laboratories, 1994
10 T. Kwon and J. Song, 'Secure agreement scheme for $g^{xy}$ via password authentication,' Electronics Letters Vol. 35, No. 11, pp.892-893, 1999   DOI   ScienceOn