nach oben

Peer-to-Peer Networking and Applications

Erschienen in:

01.07.2017

Untraceable biometric-based three-party authenticated key exchange for dynamic systems

verfasst von: Ngoc-Tu Nguyen, Chin-Chen Chang

Erschienen in: Peer-to-Peer Networking and Applications | Ausgabe 3/2018

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

An authenticated key exchange (AKE) between two end-users is a crucial procedure to ensure data integrity and confidentiality while they communicate through a public channel. The existing three-party AKE schemes conventionally employ a relatively easy to remember password and a systematic identity to generate and protect shared secrets, which are used to verify the legitimate participants for subsequent communications. Thus, none of these protocols could simultaneously achieve robust security, identity privacy, and revocation. The security drawbacks commonly arise from the low-entropy password stored in a server or a smart card. This study briefly reviewed and analyzed the weaknesses of Islam, and Yon and Yons’ schemes. Biometric information and a random one-time password were then utilized to design a robust protocol for systems with highly dynamic users. The proposed scheme not only resists all currently known attacks, but also provides several desirable properties, including the revocations of smart cards or users, and the reuse of compromised biometric information.

Vorheriger Artikel Cyclic ranking in single-resource peer-to-peer exchange

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Steiner M, Tsudik G, Waidner M (1995) Refinement and extension of encrypted key exchange. ACM SIGOPS Operating Systems Review 29(3):22–30CrossRef

Lin CL, Sun HM, Hwang T (2000) Three-party encrypted key exchange: attacks and a solution. ACM SIGOPS Operating Systems Review 34(4):12–20CrossRef

Ding Y, Horster P (1995) Undetectable on-line password guessing attacks. ACM SIGOPS Operating Systems Review 29(4):77–86CrossRef

Xiong H, Chen Y, Guan Z, Chen Z (2013) Finding and fixing vulnerabilities in several three-party password authenticated key exchange protocols without server public keys. Inf Sci 235:329–340MathSciNetCrossRefMATH

Farash MS, Attari MA (2014) An efficient client-client password-based authentication scheme with provable security. J Supercomput 70(2):1002–1022CrossRef

Tso R (2013) Security analysis and improvements of a communication-efficient three-party password authenticated key exchange protocol. J Supercomput 66(2):863–874CrossRef

Wei F, Ma J, Ge A, Li G, Ma C (2015) A provably secure three-party password authenticated key exchange protocol without using server’s public-keys and symmetric cryptosystems. Information Technology And Control 44(2):195–206

Lin TH, Lee TF (2014) Secure verifier-based three-party authentication schemes without server public keys for data exchange in telecare medicine information systems. J Med Syst 38(5):1–9

Tu H, Kumar N, He D, Kim J, Lee C (2014) An efficient password-based three-party authenticated multiple key exchange protocol for wireless mobile networks. J Supercomput 70(1):224–235CrossRef

10.

Li W, Wen Q, Su Q, Zhang H, Jin Z (2012) Password-authenticated multiple key exchange protocol for mobile applications. China Communications 9(1):64–72

11.

Nam J, Choo KKR, Han S, Paik J, Won D (2015) Two-round password-only authenticated key exchange in the three-party setting. Symmetry 7(1):105–124MathSciNetCrossRefMATH

12.

Deebak B, Muthaiah R, Thenmozhi K, Swaminathan P (2015) Evaluating three party authentication and key agreement protocols using IP multimedia server-client systems. Wirel Pers Commun 81(1):77–99CrossRef

13.

Lee CC, Li CT, Hsu CW (2013) A three-party password-based authenticated key exchange protocol with user anonymity using extended chaotic maps. Nonlinear Dyn 73(1-2):125–132MathSciNetCrossRefMATH

14.

Farash MS, Attari MA, Kumari S (2014) Cryptanalysis and improvement of a three-party password-based authenticated key exchange protocol with user anonymity using extended chaotic maps. International Journal of Communication Systems

15.

Hu X, Zhang Z (2014) Cryptanalysis and enhancement of a chaotic maps-based three-party password authenticated key exchange protocol. Nonlinear Dyn 78(2):1293–1300CrossRefMATH

16.

Farash MS, Attari MA (2014) An efficient and provably secure three-party password-based authenticated key exchange protocol based on chebyshev chaotic maps. Nonlinear Dyn 77(1-2):399–411MathSciNetCrossRefMATH

17.

Xie Q, Hu B, Wu T (2015) Improvement of a chaotic maps-based three-party password-authenticated key exchange protocol without using server’s public key and smart card. Nonlinear Dyn 79(4):2345–2358MathSciNetCrossRefMATH

18.

Islam SH (2015) Design and analysis of a three party password-based authenticated key exchange protocol using extended chaotic maps. Inf Sci 312:104–130MathSciNetCrossRef

19.

Zhao F, Gong P, Li S, Li M, Li P (2013) Cryptanalysis and improvement of a three-party key agreement protocol using enhanced chebyshev polynomials. Nonlinear Dyn 74(1-2):419–427MathSciNetCrossRefMATH

20.

Lee CC, Li CT, Chiu ST, Lai YM (2014) A new three-party-authenticated key agreement scheme based on chaotic maps without password table. Nonlinear Dyn 79(4):2485–2495MathSciNetCrossRefMATH

21.

Wang X, Zhao J (2010) An improved key agreement protocol based on chaos. Commun Nonlinear Sci Numer Simul 15(12):4052–4057MathSciNetCrossRefMATH

22.

Jaung WS (2004) Efficient three-party key exchange using smart cards. IEEE Trans Consum Electron 50(2):619–624CrossRef

23.

Kwon JO, Jeong IR, Lee DH (2007) Three-round smart card-based key exchange scheme. IEICE Trans Commun 90(11):3255–3258CrossRef

24.

Yoon EJ, Yoo KY (2008) Enhanced three-round smart card-based key exchange protocol. In: Autonomic and trusted computing, pp 507–515. Springer

25.

Wu S, Zhu Y, Pu Q (2011) Cryptanalysis and enhancements of three-party authenticated key exchange protocol using ECC. J Inf Sci Eng 27(4):1329–1343MathSciNetMATH

26.

Zhao J, Gu D, Zhang L (2012) Security analysis and enhancement for three-party password-based authenticated key exchange protocol. Security and Communication Networks 5(3):273–278CrossRef

27.

Chen TH, Lee WB, Chen HB (2008) A round–and computation-efficient three-party authenticated key exchange protocol. J Syst Softw 81(9):1581–1590CrossRef

28.

Khan MK, He D (2012) Weaknesses of ”security analysis and enhancement for three-party password-based authenticated key exchange protocol”. In: Data and knowledge engineering, pp 243–249. Springer

29.

Park S, Park HJ (2014) Privacy preserving three-party authenticated key agreement protocol using smart cards. International Journal of Security and Its Applications Accepted for the publication

30.

Yang H, Zhang Y, Zhou Y, Fu X, Liu H, Vasilakos AV (2014) Provably secure three-party authenticated key agreement protocol using smart cards. Comput Netw 58:29–38CrossRef

31.

Li X, Zhang Y, Liu X, Cao J (2013) A lightweight three-party privacy-preserving authentication key exchange protocol using smart card. KSII Trans Internet Inf Syst (TIIS) 7(5):1313–1327CrossRef

32.

Yoon EJ, Yoo KY (2011) Robust biometric-based three-party authenticated key establishment protocols. Int J Comput Math 88(6):1144–1157CrossRefMATH

33.

Jin ATB, Ling DNC, Goh A (2004) Biohashing: two factor authentication featuring fingerprint data and tokenised random number. Pattern Recogn 37(11):2245–2255CrossRef

34.

Tournemille J, Tamagno D (2005) Smart card device used as mass storage device. US Patent 6,945,454

35.

Okamoto T, Pointcheval D (2001) The gap-problems: a new class of problems for the security of cryptographic schemes. In: International workshop on public key cryptography, pp 104–118. Springer

36.

Das AK, Bruhadeshwar B (2013) An improved and effective secure password-based authentication and key agreement scheme using smart cards for the telecare medicine information system. J Med Syst 37(5):1–17CrossRef

37.

Dolev D, Yao A (1983) On the security of public key protocols. IEEE Trans Inf Theory 29(2):198–208MathSciNetCrossRefMATH

38.

Barker E (2016) Recommendation for key management part 1: General (revision 4). NIST Spec Publ 800(57):1–147

39.

Mishkovski I, Kocarev L (2011) Chaos-based public-key cryptography. In: Chaos-based cryptography, pp 27–65. Springer

40.

Güneysu T, Paar C (2008) Ultra high performance ECC over NIST primes on commercial FPGAs. In: Cryptographic hardware and embedded systems–CHES 2008, pp 62–78. Springer

Titel: Untraceable biometric-based three-party authenticated key exchange for dynamic systems
verfasst von: Ngoc-Tu Nguyen
Chin-Chen Chang
Publikationsdatum: 01.07.2017
Verlag: Springer US
Erschienen in: Peer-to-Peer Networking and Applications / Ausgabe 3/2018
Print ISSN: 1936-6442
Elektronische ISSN: 1936-6450
DOI: https://doi.org/10.1007/s12083-017-0584-2

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Weitere Artikel der Ausgabe 3/2018

A trigger-based pseudonym exchange scheme for location privacy preserving in VANETs

Joint optimization of wireless bandwidth and computing resource in cloudlet-based mobile cloud computing environment

P2P-PL: A pattern language to design efficient and robust peer-to-peer systems

An optimized intrusion response system for MANET:

The impact of hesitation on passive worm spreading in P2P networks

Tor anonymous traffic identification based on gravitational clustering