nach oben

Wireless Personal Communications

Erschienen in:

01.03.2015

Evaluating Three Party Authentication and Key Agreement Protocols Using IP Multimedia Server–Client Systems

verfasst von: B. D. Deebak, R. Muthaiah, K. Thenmozhi, P. Swaminathan

Erschienen in: Wireless Personal Communications | Ausgabe 1/2015

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Since the technologies of Internet and wireless communication have grown tremendously in the past, people have always occupied of some security sensitive wireless devices for the Internet services, such as voice call, instant messaging, online game, electronic banking, electronics trading and so on. Over a few decades, session key sharing has been used as a promising strategy for two/three parties authentication. In addition, several authentication and key agreement (AKA) protocols have been developed, but then very few protocols have been dedicated for the IP multimedia domain. In the literature, the 3-PAKE schemes, such as Xie et al., Xiong et al., Tallapally, Hsieh et al. and Tseng et al. have thoroughly been studied for the identification of its security weaknesses. Following are the security weaknesses of 3-PAKE schemes, namely user anonymity, known-key security, mutual authentication, (perfect) forward secrecy and so on. In addition, the existing schemes can not withstand for the attacks, like modification, key-impersonation, parallel-session, privileged-insider and so on. Thus, this paper presents a novel three party authentication and key agreement protocol based on computational Diffie–Hellman which not only fulfills all the security properties of AKA, but also provides the resiliency to the most of the potential attacks. Since the proposed 3-PAKE scheme has less computational overhead, it is able to curtail all the hop-by-hop security association defined by the standard of third generation partnership project. Above all, a real time multimedia server and client systems have been designed and developed for the purpose of average end-to-end delay analysis. The examination result is shown that the proposed 3-PAKE scheme can offer better service extensibility than the other 3-PAKE schemes, since it has the minimum message rounds to be executed for the establishment of service connection.

Vorheriger Artikel Two-Factor Remote Authentication Protocol with User Anonymity Based on Elliptic Curve Cryptography

Nächster Artikel Handoff Strategy for Improving Energy Efficiency and Cloud Service Availability for Mobile Devices

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

He, D., Chen, Y., & Chen, J. (2012). Cryptanalysis and improvement of an extended chaotic maps-based key agreement protocol. Nonlinear Dynamics, 69, 1149–1157.CrossRefMATHMathSciNet

He, D., Chen, J., & Zhang, R. (2012). A more secure authentication scheme for telecare medicine information systems. Journal of Medical Systems, 36(3), 1989–1995.CrossRef

Islam, S. H., & Bisws, G. P. (2011). Improved remote login scheme based on ECC. In Proceedings of the international conference on recent trends in information technology (pp. 1221–1226).

Islam, S. H., & Bisws, G. P. (2011). Comments on ID-based client authentication with key agreement protocol on ECC for mobile client–server environment. In Proceedings of the international conference on advanced in computing and communications, CCIS, Springer-Verlag, Part II (Vol. 191, pp. 628–635).

Islam, S. H., & Bisws, G. P. (2012). An improved ID-based client authentication with key agreement scheme on ECC for mobile client–server environments. Theoretical and Applied Informatics, 24(4), 293–312.CrossRef

Diffie, W., & Hellman, M. E. (1976). New directions in cryptography. IEEE Transaction on Information Theory, 22(6), 644–654.CrossRefMATHMathSciNet

Shamir, A. (1985). Identity-based cryptosystems and signature schemes. In Proceeding of the 4th annual international cryptology conference (CRYPTO ’84, Springer, USA) (pp. 47–53).

Bellovin, S. M., & Merritt, M. (1992). Encrypted key exchange: Password-based protocols secure against dictionary attacks. In Proceedings of 1992 IEEE computer society conference on research in security and privacy (pp. 72–84).

Gong, L. (1995). Optimal authentication protocols resistant to password guessing attacks. In Proceedings of 8th IEEE computer security foundation workshop (pp. 24–29).

10.

Gong, L., Lomas, M., Needham, R., & Saltzer, J. (1993). Protecting poorly choosen secrets from guessing attacks. IEEE Journal on Selected Areas in Communications, 11(5), 648–656.CrossRef

11.

Kwon, T., Kang, M., Jung, S., & Song, J. (1999). An improvement of the password-based authentication protocol K1P on security against replay attacks. IEICE Transactions on Communications, E82-B(7), 991–997.

12.

Steiner, M., Tsudik, G., & Waidner, M. (1995). Refinement and extension of encrypted key exchange. ACM Operating Systems Review, 29(3), 22–30.CrossRef

13.

Ding, Y., & Horster, P. (1995). Undetectable on-line password guessing attacks. ACM Operating Systems Review, 29(3), 22–30.CrossRef

14.

Sun, H. M., Chen, B. C., & Hwang, T. (2005). Secure key agreement protocols for three-party against guessing attacks. The Journal of Systems and Software, 75(1–2), 63–68.CrossRef

15.

Lin, C. L., Sun, H. M., & Hwang, T. (2000). Three-party encrypted key exchange: Attacks and a solution. ACM Operating Systems Review, 34(4), 12–20.CrossRef

16.

Yeh, H. T., & Sun, H. M. (2004). Password-based user authentication and key distribution protocols for client–server applications. The Journal of Systems and Software, 72(1), 97–103.CrossRef

17.

Lin, C. L., Wen, H. A., Hwang, T., & Sun, H. M. (2004). Provably secure three-party password-authenticated key exchange. IEICE Transaction on Fundamentals, E87-A(11), 2990–3000.

18.

Wen, H. A., Lee, T. F., & Hwang, T. (2005). Provably secure three-party password-based authenticated key exchange protocol using weil pairing. IEE Proceedings-Communications, 152(2), 138–143.CrossRef

19.

Joux, A. (2004). One round protocol for tripartite Diffie–Hellman. Journal of Cryptology, 17, 263–276.CrossRefMATHMathSciNet

20.

Nam, J., Lee, Y., Kim, S., & Won, D. (2007). Security weakness in a three-party pairing-based protocol for password authenticated key exchange. Information Sciences, 177(6), 1364–1375.CrossRefMATHMathSciNet

21.

Chien, H. Y., & Wu, T. C. (2009). Provably secure password-based three-party key exchange with optimal message steps. Computer Journal, 52(6), 646–655.CrossRef

22.

Lee, T. F., Liu, J. L., Sung, M. J., Yang, S. B., & Chen, C. M. (2009). Communication-efficient three-party protocols for authentication and key agreement. Computers & Mathematics with Applications, 58(4), 641–648.CrossRefMATHMathSciNet

23.

Lu, R. X., & Cao, Z. F. (2007). Simple three-party key exchange protocol. Computers and Security, 26(1), 94–97.CrossRef

24.

Guo, H., Li, Z. J., Mu, Y., & Zhang, X. Y. (2008). Cryptanalysis of simple three-party key exchange protocol. Computers and Security, 27(1), 16–21.CrossRef

25.

Chang, Y. F. (2008). A practical three-party key exchange protocol with round efficiency. International Journal of Innovative Computing, Information and Control, 4(4), 953–960.

26.

Chung, H. R., & Ku, W. C. (2008). Three weaknesses in a simple three-party key exchange protocol. Information Sciences, 178(1), 220–229.CrossRefMATHMathSciNet

27.

Phan, R. C. W., Yau, W. C., & Goi, B. M. (2008). Cryptanalysis of simple three-party key exchange protocol (S-3PAKE). Information Sciences, 178(13), 2849–2856.CrossRefMATHMathSciNet

28.

Nam, J. Y., Paik, J. Y., Kang, H. K., Kim, U. M., & Won, D. H. (2009). An off-line dictionary attack on a simple three-party key exchange protocol. IEEE Communication Letters, 13(3), 205–207.CrossRef

29.

Kim, J. S., & Choi, Y. (2009). Enhanced password-based simple three-party key exchange protocol. Computers and Electrical Engineering, 35(1), 107–114.CrossRefMATH

30.

Huang, H. F. (2009). A simple three-party password-based key exchange protocol. International Journal of Communication Systems, 22(7), 857–862.CrossRef

31.

Yoon, E. J., & Yoo, K. Y. (2011). Cryptanalysis of a simple three-party password-based key exchange protocol. International Journal of Communication Systems, 24, 532–542.CrossRef

32.

Lou, D. C., & Huang, H. F. (2011). Efficient three-party password-based key exchange scheme. International Journal of Communication Systems, 24, 504–512.CrossRef

33.

Xie, Q., Dong, N., Tan, X., Wong, D. S., & Wang, G. (2013). Improvement of a three-party password-based key exchange protocol with formal verification. Information Technology and Control, 42(3), 231–237.CrossRef

34.

Chang, T. Y., Hwang, M. S., & Yang, W. P. (2011). A communication-efficient three-party password authenticated key exchange protocol. Information Sciences, 181(1), 217–226.CrossRefMathSciNet

35.

Wu, S., Pu, Q., Wang, S., & He, D. (2012). Cryptanalysis of a communication-efficient three-party password authenticated key exchange protocol. Information Sciences, 215(1), 83–96.CrossRefMATHMathSciNet

36.

Xiong, H., Chen, Y., Guan, Z., & Chen, Z. (2013). Finding and fixing vulnerabilities in several three-party password authenticated key exchange protocols without server public keys. Information Sciences, 235(1), 329–340.CrossRefMATHMathSciNet

37.

Tso, R. (2013). Security analysis and improvements of a communication-efficient three-party password authenticated key exchange protocol. The Journal of Supercomputing, 66(2), 863–874.CrossRef

38.

Chien, H. (2011). Secure verifier-based three-party key exchange in the random oracle model. Journal of Information Science and Engineering, 27(4), 1487–1501.MATHMathSciNet

39.

Pu, Q., Wang, J., Wu, S., & Fu, J. (2013). Secure verifier-based three-party password-authenticated key exchange. Peer-to-Peer Networking and Applications, 6(1), 15–25.CrossRef

40.

Tallapally, S. (2012). Security enhancement on simple three party PAKE protocol. Information Technology and Control, 41(1), 15–22.CrossRef

41.

Hsieh, B. T., Sun, H. M., Hwang, T., & Lin, C. T. (2002). An improvement of Saeednia’s identity based key exchange protocol. In Proceeding of the information security conference, 2002 (pp. 41–43).

42.

Tseng, Y. M. (2007). An efficient two-party identity-based key exchange protocol. Informatica, 18(1), 125–136.MATHMathSciNet

43.

Yun, D., Patrick, H. (1995). Undetectable on-line password guessing attacks. Operating Systems Review, 29(4), 77–86.

Titel: Evaluating Three Party Authentication and Key Agreement Protocols Using IP Multimedia Server–Client Systems
verfasst von: B. D. Deebak
R. Muthaiah
K. Thenmozhi
P. Swaminathan
Publikationsdatum: 01.03.2015
Verlag: Springer US
Erschienen in: Wireless Personal Communications / Ausgabe 1/2015
Print ISSN: 0929-6212
Elektronische ISSN: 1572-834X
DOI: https://doi.org/10.1007/s11277-014-2118-z

Neuer Inhalt

Bildnachweise

VDI-Icon, Profil Icon, inhalt2, Springer Professional Modul/© Springer Fachmedien Wiesbaden GmbH, Nachhaltigkeitsaward Key Visual/© Cometis AG/Global ESG Monitor | Daniel Rupp | Generiert mit KI, Search Icon, Banner Hanser, Jonas Klose/© Pine Valley Capital GmbH, Carina Kießling von der Strategieberatung Roland Berger/© Monika Walther Fotografie | ATZ, Beijing Auto Show 2024: Deutsche Hersteller wollen angreifen./© EKH-Pictures / Generated with AI / Stock.adobe.com, Zeitschrift Wissensmanagement Cover, PatentFit-Logo/© Springer Fachmedien Wiesbaden GmbH, Zukunftswerkstatt Sales Excellence 2024/© AndreyPopov / Getty Images / iStock, 2023_Antrieb/© supervisuell, ATZ-Webinar: Prototypenfreie Entwicklung durch Offline- und Driver-in-the-Loop-HiL-Tests /© (c) VI-grade

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Technik"

Springer Professional "Wirtschaft+Technik"

Springer Professional "Wirtschaft"

Weitere Artikel der Ausgabe 1/2015

Ergodic Capacity of Nonlinear MIMO–OFDM Relaying Channels

Reducing Broadcast Redundancy in Wireless Ad-Hoc Networks with Implicit Coordination Among Forwarding Nodes

Handoff Strategy for Improving Energy Efficiency and Cloud Service Availability for Mobile Devices

Design of U-Shaped In-Phase Power Divider Employing Ground-Slotted Technique for Wideband Applications

An Immediate System Call Sequence Based Approach for Detecting Malicious Program Executions in Cloud Environment

BER Analysis and Compensation for the Effects of Polynomial HPA Non-linearity in MIMO OFDM Systems Over Fading Channel

Neuer Inhalt

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.