nach oben

Wireless Personal Communications

Erschienen in:

27.12.2017

Cryptanalysis and Enhancement of an Anonymous Self-Certified Key Exchange Protocol

verfasst von: Susmita Mandal, Sujata Mohanty, Banshidhar Majhi

Erschienen in: Wireless Personal Communications | Ausgabe 2/2018

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Authentication protocols with anonymity have gained much popularity recently which allows users to access any public network without compromising their identity. Several key exchange protocols have been proposed in the literature using either public key infrastructure or identity-based cryptosystem. However, the former suffers from heavy computation cost and latter fails to prevent key escrow problem. Recently, Islam et al. have proposed a self-certified authenticated key agreement protocol based on ECC which removes the above limitations. However, through careful analysis, we found that their scheme lack anonymity and vulnerable to trace the attack, clogging attack, and fails to prevent the replay attack. To overcome these weaknesses, we propose an anonymous self-certified authenticated key exchange protocol by including the required security features. The scheme is formally proved using Automated Validation of Internet Security protocols and Applications software. Also, the formal authentication proofs using Burrows–Abadi–Needham logic ensures successful authentication. Furthermore, the performance analysis demonstrates that the proposed scheme accomplishes less computational cost and is applicable to a client–server architecture.

Vorheriger Artikel Efficient Protocols Design and Performance Analysis for Centralized WLAN

Nächster Artikel Inclusive Elliptical Curve Cryptography (IECC) for Wireless Sensor Network Efficient Operations

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Diffie, W., & Hellman, M. (1976). New directions in cryptography. IEEE Transactions on Information Theory, 22(6), 644–654.MathSciNetCrossRefMATH

Bellare, M., & Rogaway, P. (1993). Entity authentication and key distribution. In Annual international cryptology conference (pp. 232–249). Springer.

Bellovin, S. M., & Merritt, M. (1992). Encrypted key exchange: Password-based protocols secure against dictionary attacks. In Proceedings of 1992 IEEE computer society symposium on research in security and privacy (pp. 72–84). IEEE.

Bellare, M., Pointcheval, D., & Rogaway, P. (2000). Authenticated key exchange secure against dictionary attacks. In International conference on the theory and applications of cryptographic techniques (pp. 139–155). Springer.

Chen, T.-H., Lee, W.-B., & Chen, H.-B. (2008). A round-and computation-efficient three-party authenticated key exchange protocol. Journal of Systems and Software, 81(9), 1581–1590.CrossRef

Blake-Wilson, S., Johnson, D., & Menezes, A. (1997). Key agreement protocols and their security analysis. In IMA international conference on cryptography and coding (pp. 30–45). Springer.

Shamir, A. (1984). Identity-based cryptosystems and signature schemes. In Workshop on the theory and application of cryptographic techniques (pp. 47–53). Springer.

Scott, M. (2002). Authenticated id-based key exchange and remote log-in with simple token and pin number. IACR Cryptology ePrint Archive, 2002, 164.

Smart, N. P. (2002). Identity-based authenticated key agreement protocol based on weil pairing. Electronics Letters, 38(13), 630–632.CrossRefMATH

10.

Boneh, D., & Franklin, M. (2001). Identity-based encryption from the Weil pairing. In Annual international cryptology conference (pp. 213–229). Springer.

11.

Joux, A. (2000). A one round protocol for tripartite Diffie–Hellman. In International algorithmic number theory symposium (pp. 385–393). Springer.

12.

Chen, L., & Kudla, C. (2003). Identity based authenticated key agreement protocols from pairings. In Proceedings of 16th IEEE on computer security foundations workshop (pp. 219–233). IEEE.

13.

Shim, K. (2003). Efficient ID-based authenticated key agreement protocol based on weil pairing. Electronics Letters, 39(8), 653–654.CrossRef

14.

Sun, H.-M., & Hsieh, B.-T. (2003). Security analysis of shim’s authenticated key agreement protocols from pairings. IACR Cryptology ePrint Archive, 2003, 113.

15.

Ryu, E.-K., Yoon, E.-J., & Yoo, K.-Y. (2004). An efficient ID-based authenticated key agreement protocol from pairings. In International conference on research in networking (pp. 1458–1463). Springer.

16.

Boyd, C., & Choo, K.-K. R. (2005). Security of two-party identity-based key agreement. In International conference on cryptology in Malaysia (pp. 229–243). Springer.

17.

Wang, S., Cao, Z., Choo, K. K. R., & Wang, L. (2009). An improved identity-based key agreement protocol and its security proof. Information Sciences, 179(3), 307–318.MathSciNetCrossRefMATH

18.

Cao, X., Kou, W., & Xiaoni, D. (2010). A pairing-free identity-based authenticated key agreement protocol with minimal message exchanges. Information Sciences, 180(15), 2895–2903.MathSciNetCrossRefMATH

19.

Kudla, C., & Paterson, K. G. (2005). Modular security proofs for key agreement protocols. In International conference on the theory and application of cryptology and information security (pp. 549–565). Springer.

20.

Hafizul Islam, S. K., & Biswas, G. P. (2012). An improved pairing-free identity-based authenticated key agreement protocol based on ECC. Procedia Engineering, 30, 499–507.CrossRef

21.

Girault, M. (1991). Self-certified public keys. In Workshop on the theory and application of cryptographic techniques (pp. 490–497). Springer.

22.

Saeednia, S. (1997). Identity-based and self-certified key-exchange protocols. In Australasian conference on information security and privacy (pp. 303–313). Springer.

23.

Tzong-Chen, W., Chang, Y.-S., & Lin, T.-Y. (1998). Improvement of saeednia’s self-certified key exchange protocols. Electronics Letters, 34(11), 1094–1095.CrossRef

24.

Kim, S., Oh, S., Park, S., Wong, D., Kimy, S., Ohy, S. et al. (1998). On saeednia’s key-exchange protocols. Citeseer: In Proceedings of teddington conference on the mechanization of thought processes.

25.

Zu-Hua, S. (2005). Efficient authenticated key agreement protocol using self-certified public keys from pairings. Wuhan University Journal of Natural Sciences, 10(1), 267–270.MathSciNetCrossRef

26.

Tsaur, W.-J. (2005). Several security schemes constructed using ECC-based self-certified public key cryptosystems. Applied Mathematics and Computation, 168(1), 447–464.MathSciNetCrossRefMATH

27.

Hafizul Islam, S. K., & Biswas, G. P. (2015). Design of two-party authenticated key agreement protocol based on ecc and self-certified public keys. Wireless Personal Communications, 82(4), 2727–2750.CrossRef

28.

Khan, M. K., Kim, S.-K., & Alghathbar, K. (2011). Cryptanalysis and security enhancement of a more efficient and secure dynamic id-based remote user authentication scheme. Computer Communications, 34(3), 305–309.CrossRef

29.

Liao, Y.-P., & Wang, S.-S. (2009). A secure dynamic id based remote user authentication scheme for multi-server environment. Computer Standards and Interfaces, 31(1), 24–29.CrossRef

30.

Wang, Y., Liu, J., Xiao, F., & Dan, J. (2009). A more efficient and secure dynamic id-based remote user authentication scheme. Computer Communications, 32(4), 583–585.CrossRef

31.

Chaum, D., & Van Heyst, E. (1991). Group signatures. In Advances in cryptology EUROCRYPT91 (pp. 257–265). Springer.

32.

Ren, J., & Harn, L. (2013). An efficient threshold anonymous authentication scheme for privacy-preserving communications. IEEE Transactions on Wireless Communications, 12(3), 1018–1025.CrossRef

33.

He, D., Chen, C., Chan, S., & Jiajun, B. (2012). Secure and efficient handover authentication based on bilinear pairing functions. IEEE Transactions on Wireless Communications, 11(1), 48–53.CrossRef

34.

Lu, Y., Li, L., Peng, H., & Yang, Y. (2016). Robust id based mutual authentication and key agreement scheme preserving user anonymity in mobile networks. KSII Transactions on Internet and Information Systems, 10(3), 1.

35.

Hsieh, W.-B., & Leu, J.-S. (2014). An anonymous mobile user authentication protocol using self-certified public keys based on multi-server architectures. The Journal of Supercomputing, 70(1), 133–148.CrossRef

36.

Hankerson, D., & Menezes, A. J. (2005). Guide to elliptic curve cryptography. Computing Reviews, 46(1), 13.MATH

37.

Gutub, A. A.-A., & Arabia, S. (2010). Remodeling of elliptic curve cryptography scalar multiplication architecture using parallel jacobian coordinate system. International Journal of Computer Science and Security (IJCSS), 4(4), 409.

38.

Garrett, K., Talluri, S. R., & Roy, S. (2015). On vulnerability analysis of several password authentication protocols. Innovations in Systems and Software Engineering, 11(3), 167–176.CrossRef

39.

Rankl, W., & Effing, W. (2004). Smart card handbook. New York: Wiley.

40.

Han, W., & Zhu, Z. (2014). An id-based mutual authentication with key agreement protocol for multiserver environment on elliptic curve cryptosystem. International Journal of Communication Systems, 27(8), 1173–1185.CrossRef

41.

He, D. (2012). An efficient remote user authentication and key agreement protocol for mobile client–server environment from pairings. Ad Hoc Networks, 10(6), 1009–1016.CrossRef

42.

Khatwani, C., & Roy, S. (2015). Security analysis of ECC based authentication protocols. In 2015 International conference on computational intelligence and communication networks (CICN) (pp. 1167–1172). IEEE.

43.

Roy, S. (2017). Denial of service attack on protocols for smart grid communications. In Security solutions and applied cryptography in smart grid communications (pp. 50–67). IGI Global.

44.

Viganò, L. (2006). Automated security protocol analysis with the avispa tool. Electronic Notes in Theoretical Computer Science, 155, 61–86.CrossRef

45.

Avispa Web Tool. (2017). Automated validation of internet security protocols and applications.

46.

Hlpsl Tutorial. (2006). http://www.avispa-project.org/package/tutorial.pdf.

47.

Dolev, D., & Yao, A. C. (1983). On the security of public key protocols. IEEE Transactions on Information Theory, 29(2), 198–208.MathSciNetCrossRefMATH

48.

Roy, S., Das, A. K., & Li, Y. (2011). Cryptanalysis and security enhancement of an advanced authentication scheme using smart cards, and a key agreement scheme for two-party communication. In 2011 IEEE 30th international performance computing and communications conference (IPCCC) (pp. 1–7). IEEE.

49.

Burrows, M., Abadi, M., & Needham, R. M. (1989). A logic of authentication. Proceedings of the Royal Society of London A: Mathematical, Physical and Engineering Sciences, 426, 233–271.MathSciNetCrossRefMATH

50.

Wen, J., Zhang, M., & Li, X. (2005). The study on the application of ban logic in formal analysis of authentication protocols. In Proceedings of the 7th international conference on electronic commerce (pp. 744–747). ACM.

51.

Wang, S., Cao, Z., Cao, F., et al. (2008). Efficient identity-based authenticated key agreement protocol with pkg forward secrecy. IJ Network Security, 7(2), 181–186.

52.

Hafizul Islam, S. K., & Biswas, G. P. (2015). A pairing-free identity-based two-party authenticated key agreement protocol for secure and efficient communication. Journal of King Saud University-Computer and Information Sciences, 29(1), 63–73.CrossRef

53.

Farash, M. S., Chaudhry, Shehzad A., Heydari, M., Sadough, S., Mohammad, S., Kumari, S., et al. (2017). A lightweight anonymous authentication scheme for consumer roaming in ubiquitous networks with provable security. International Journal of Communication Systems, 30(4), 2017.CrossRef

Titel: Cryptanalysis and Enhancement of an Anonymous Self-Certified Key Exchange Protocol
verfasst von: Susmita Mandal
Sujata Mohanty
Banshidhar Majhi
Publikationsdatum: 27.12.2017
Verlag: Springer US
Erschienen in: Wireless Personal Communications / Ausgabe 2/2018
Print ISSN: 0929-6212
Elektronische ISSN: 1572-834X
DOI: https://doi.org/10.1007/s11277-017-5156-5

Neuer Inhalt

Bildnachweise

VDI-Icon, Profil Icon, inhalt2, Springer Professional Modul/© Springer Fachmedien Wiesbaden GmbH, Nachhaltigkeitsaward Key Visual/© Cometis AG/Global ESG Monitor | Daniel Rupp | Generiert mit KI, Search Icon, Banner Hanser, Jonas Klose/© Pine Valley Capital GmbH, Carina Kießling von der Strategieberatung Roland Berger/© Monika Walther Fotografie | ATZ, Beijing Auto Show 2024: Deutsche Hersteller wollen angreifen./© EKH-Pictures / Generated with AI / Stock.adobe.com, Zeitschrift Wissensmanagement Cover, PatentFit-Logo/© Springer Fachmedien Wiesbaden GmbH, Zukunftswerkstatt Sales Excellence 2024/© AndreyPopov / Getty Images / iStock, 2023_Antrieb/© supervisuell, ATZ-Webinar: Prototypenfreie Entwicklung durch Offline- und Driver-in-the-Loop-HiL-Tests /© (c) VI-grade

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Technik"

Springer Professional "Wirtschaft+Technik"

Springer Professional "Wirtschaft"

Weitere Artikel der Ausgabe 2/2018

New Analytical Expressions for ASEP of Modulation Techniques with Diversity Over Lognormal Fading Channels with Application to Interference-Limited Environment

A Delay and Energy Efficient Poll-Based MAC Protocol for Wireless Body Area Networks

Trust Based Scheme for IoT Enabled Wireless Sensor Networks

Performance Analysis and Optimization Based on Adaptive Modulation and Chaotic Interleaving for Helicopter-Satellite Communications

Robust Iris Recognition Using Moment Invariants

Cluster-Based Opportunistic Spectrum Allocation in CRWMN’s Using Co-operative Mechanism

Neuer Inhalt

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.