Skip to main content
SpringerLink
Log in

An Efficient Password-Based Authenticated Key Exchange Protocol with Provable Security for Mobile Client–Client Networks

  • Published:
Wireless Personal Communications Aims and scope Submit manuscript

Abstract

Three party password based authenticated key exchange protocol can sanction couple of clients to institute a protected session key through a server above an insecure communication link. Youn et al. (Telecommun Syst 52(2):1367–1376, 2013) proposed three-party efficient and robust authenticated key exchange scheme that incurs three rounds. They assert that their scheme is invincible against customary attacks. Moreover, they claimed the scheme is lightweight due to low communication, computation costs and incorporating authentication in three rounds. However, comprehensive analysis in this paper reveals that Youn et al.’s scheme is susceptible to impersonation attack. To overcome the security feebleness, this paper introduces a modest scheme which not only maintains round efficiency, communication and computation costs but it also offer comprehensive security to repel popular security attacks. The security of the proposed scheme is verified through random oracle model.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3

Similar content being viewed by others

References

  1. Farash, M. S., Bayat, M., & Attari, M. A. (2011). Vulnerability of two multiple-key agreement protocols. Computers & Electrical Engineering, 37(2), 199–204.

    Article  MATH  Google Scholar 

  2. Farash, M. S., Attari, M. A., & Bayat, M. (2012). A certificateless multiple-key agreement protocol without one-way hash functions based on bilinear pairings. IACSIT International Journal of Engineering and Technology, 4(3), 321–325.

    Article  Google Scholar 

  3. Farash, M. S., Attari, M. A., Atani, R. E., & Jami, M. (2013). A new efficient authenticated multiple-key exchange protocol from bilinear pairings. Computers & Electrical Engineering, 39(2), 530–541.

    Article  Google Scholar 

  4. Farash, M. S., & Attari, M. A. (2013). Provably secure and efficient identity-based key agreement protocol for independent PKGs using ECC. The ISC International Journal of Information Security, 5(1), 1–15.

    Google Scholar 

  5. Farash, M. S., & Attari, M. A. (2014). A pairing-free ID-based key agreement protocol with different PKGs. International Journal of Network Security, 16(2), 143–148.

    MathSciNet  Google Scholar 

  6. Chen, B. L., Kuo, W. C., & Wuu, L. C. (2012). A secure password-based remote user authentication scheme without smart cards. Information Technology and Control, 41(1), 53–59.

    Article  Google Scholar 

  7. Jiang, Q., Ma, J., Li, G., & Ma, Z. (2013). An improved password-based remote user authentication protocol without smart cards. Information Technology and Control, 42(2), 150–158.

    Article  Google Scholar 

  8. Bayat, M., Farash, M. S., & Movahed, A. (2010). A Novel Secure bilinear pairing based remote user authentication scheme with smart card. In IEEE/IFIP international conference on embedded and ubiquitous computing (EUC) (pp. 578–582).

  9. Farash, M. S., & Attari, M. A. (2013). An enhanced authenticated key agreement for session initiation protocol. Information Technology and Control, 42(4), 333–342.

    Article  Google Scholar 

  10. Farash, M. S., & Attari, M. A. (2013). Cryptanalysis and improvement of a chaotic maps-based key agreement protocol using Chebyshev sequence membership testing. Nonlinear Dynamics. doi:10.1007/s11071-013-1204-1.

    MathSciNet  MATH  Google Scholar 

  11. Xie, Q., Dong, N., Tan, X., Wong, D. S., & Wang, G. (2013). Improvement of a three-party password-based key exchange protocol with formal verification. Information Technology and Control, 42(3), 231–237.

    Article  Google Scholar 

  12. Liu, T., Pu, Q., Zhao, Y., & Wu, S. (2013). ECC-based password-authenticated key exchange in the three-party setting. Arabian Journal for Science and Engineering, 38(8), 2069–2077.

    Article  MathSciNet  Google Scholar 

  13. Chien, H. Y., & Wu, T. C. (2009). Provably secure password-based three-party key exchange with optimal message steps. Computer Journal, 52(6), 646–655.

    Article  Google Scholar 

  14. Lee, T. F., Liu, J. L., Sung, M. J., Yang, S. B., & Chen, C. M. (2009). Communication-efficient three-party protocols for authentication and key agreement. Computers & Mathematics with Applications, 58(4), 641–648.

    Article  MathSciNet  MATH  Google Scholar 

  15. Xiong, H., Chen, Y., Guan, Z., & Chen, Z. (2013). Finding and fixing vulnerabilities in several three-party password authenticated key exchange protocols without server public keys. Information Sciences, 235(1), 329–340.

    Article  MathSciNet  MATH  Google Scholar 

  16. Chen, H. B., Chen, T. H., Lee, W. B., & Chang, C. C. (2008). Security enhancement for a three-party encrypted key exchange protocol against undectectable on-line password guessing attacks. Computer Standards & Interfaces, 30(1–2), 95–99.

    Article  Google Scholar 

  17. Zhao, J., & Gu, D. (2012). Provably secure three-party password-based authenticated key. Information Sciences, 184(1), 310–323.

    Article  MathSciNet  MATH  Google Scholar 

  18. Yang, J. H., & Cao, T. J. (2012). Provably secure three-party password authenticated key exchange protocol in the standard model. Journal of Systems and Software, 85(2), 340–350.

    Article  Google Scholar 

  19. Kim, H. S., & Choi, J. Y. (2009). Enhanced password-based simple three-party key exchange protocol. Computers & Electrical Engineering, 35(1), 107–114.

    Article  MATH  Google Scholar 

  20. Nam, J., Paik, J., Kang, H. K., Kim, U. M., & Won, D. (2009). An off-line dictionary attack on a simple three-party key exchange protocol. IEEE Communications Letters, 13(3), 205–207.

    Article  Google Scholar 

  21. Nam, J., Paik, J., & Won, D. (2011). A security weakness in Abdalla et al.’s generic construction of a group key exchange protocol. Information Sciences, 181(1), 234–238.

    Article  MathSciNet  MATH  Google Scholar 

  22. Lou, D. C., & Huang, H. F. (2010). Efficient three-party password-based key exchange scheme. International Journal of Communication Systems, 24(4), 504–512.

    Article  Google Scholar 

  23. Huang, H. F. (2009). A simple three-party password-based key exchange protocol. International Journal of Communication Systems, 22(7), 857–862.

    Article  Google Scholar 

  24. Yoon, E. J., & Yoo, K. Y. (2011). Cryptanalysis of a simple three-party password-based key exchange protocol. International Journal of Communication Systems, 24(4), 532–542.

    Article  Google Scholar 

  25. Wu, S., Chen, K., & Zhu, Y. (2013). Enhancements of a three-party password-based authenticated key exchange protocol. International Arab Journal of Information Technology, 10(3), 215.

    Google Scholar 

  26. Lee, T. F., & Hwang, T. (2010). Simple password-based three-party authenticated key exchange without server public keys. Information Sciences, 180(9), 1702–1714.

    Article  MATH  Google Scholar 

  27. Chang, T. Y., Hwang, M. S., & Yang, W. P. (2011). A communication-efficient three-party password authenticated key exchange protocol. Information Sciences, 181(1), 217–226.

    Article  MathSciNet  Google Scholar 

  28. Wu, S., Pu, Q., Wang, S., & He, D. (2012). Cryptanalysis of a communication-efficient three-party password authenticated key exchange protocol. Information Sciences, 215(1), 83–96.

    Article  MathSciNet  MATH  Google Scholar 

  29. Tso, R. (2013). Security analysis and improvements of a communication-efficient three-party password authenticated key exchange protocol. The Journal of Supercomputing. doi:10.1007/s11227-013-0917-8.

    Google Scholar 

  30. Chien, H. (2011). Secure verifier-based three-party key exchange in the random oracle model. Journal of Information Science and Engineering, 27(4), 1487–1501.

    MathSciNet  MATH  Google Scholar 

  31. Pu, Q., Wang, J., Wu, S., & Fu, J. (2013). Secure verifier-based three-party password-authenticated key exchange. Peer-to-Peer Networking and Applications, 6(1), 15–25.

    Article  Google Scholar 

  32. Tallapally, S. (2012). Security enhancement on simple three-party PAKE protocol. Information Technology and Control, 41(1), 15–22.

    Article  Google Scholar 

  33. Farash, M. S., & Attari, M. A. (2014). An efficient and provably secure three-party password-based authenticated key exchange protocol based on Chebyshev chaotic maps. Nonlinear Dynamics. doi:10.1007/s11071-014-1304-6.

    MathSciNet  MATH  Google Scholar 

  34. Youn, T. Y., Kang, E. S., & Lee, C. (2013). Efficient three-party key exchange protocols with round efficiency. Telecommunication Systems, 52(2), 1367–1376.

    Google Scholar 

  35. Abdalla, M., & Pointcheval, D. (2005). Interactive Diffie–Hellman assumptions with applications to password-based authentication. In Proceedings of FC’05, LNCS 3570 (pp. 341–356).

Download references

Author information

Authors and Affiliations

  1. Faculty of Mathematics Sciences and Computer, Kharazmi University, Tehran, Iran

    Mohammad Sabzinejad Farash

  2. Department of Electrical Engineering, Shahid Beheshti University, Tehran, Iran

    Mohammad Heydari & S. Mohammad Sajad Sadough

  3. Department of Computer Science and Software Engineering, International Islamic University, Islamabad, Pakistan

    Shehzad Ashraf Chaudhry & Khalid Mahmood

Authors
  1. Mohammad Heydari
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. S. Mohammad Sajad Sadough
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Mohammad Sabzinejad Farash
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Shehzad Ashraf Chaudhry
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Khalid Mahmood
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Mohammad Sabzinejad Farash.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Heydari, M., Sadough, S.M.S., Farash, M.S. et al. An Efficient Password-Based Authenticated Key Exchange Protocol with Provable Security for Mobile Client–Client Networks. Wireless Pers Commun 88, 337–356 (2016). https://doi.org/10.1007/s11277-015-3123-6

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11277-015-3123-6

Keywords

Search

Navigation