Abstract
This paper investigates three-party password authenticated key exchange protocols using elliptic curve cryptosystem (ECC). We first show that the direct elliptic curve analog of Chien’s protocol proposed most recently is vulnerable to off-line dictionary attack. Thereafter, we present an enhanced protocol based on ECC. Our proposal can defeat password-guessing attacks and the stolen-verifier attacks. And yet, it is also efficient. Furthermore, we can provide the rigorous proof of the security for it. Therefore, the protocol is quite popular in low resource environments.
Article PDF
Similar content being viewed by others
Avoid common mistakes on your manuscript.
References
Bellare, M.; Pointcheval, D.; Rogaway, P.: Authenticated key exchange secure against dictionary attacks. In: Proceedings of Advances in Cryptology: EUROCRYPT 2000. LNCS, vol. 1807, pp. 139–155. Springer (2000)
Boyko, V.; MacKenzie, P.D.; Patel, S.: Provably secure password-authenticated key exchange using Diffie–Hellman. In: Proceedings of Advances in Cryptology: EUROCRYPT 2000. LNCS, vol. 1807, pp. 156–171. Springer (2000)
Bresson, E.; Chevassut, O.; Pointcheval, D.: New security results on encrypted key exchange. In: Proceedings of PKC 2004: 7th International Workshop on Theory and Practice in Public Key Cryptography. LNCS, vol. 2947, pp. 145–158, Springer (2004)
Gennaro, R.; Lindell, Y.: A framework for password-based authenticated key exchange. In: Proceedings of Advances in Cryptology: EUROCRYPT 2003. LNCS, vol. 2656, pp. 524–543. Springer (2003)
Goldreich, O.; Lindell, Y.: Session-key generation using human passwords only. In: Proceedings of Advances in Cryptology: CRYPTO 2001. LNCS, vol. 2139, pp. 408–432. Springer (2001)
Boyd, C.; Montague, P.; Nguyen, K.: Elliptic curve based password authenticated key exchange protocols. In: Proceedings of 28th Australasian Conference on Information Security and Privacy: ACISP 2001. LNCS, vol. 2119, pp. 487–501, Springer (2001)
MacKenzie, P.D.; Patel, S.; Swaminathan, R.: Password-authenticated key exchange based on RSA. In: Proceedings of Advances in Cryptology: ASIACRYPT 2000. LNCS, vol. 1976, pp. 599–613. Springer (2000)
Abdalla, M.; Chevassut, O.; Pointcheval, D.: One-time verifier-based encrypted key exchange. In: Proceedings of the 8th International Workshop on Theory and Practice in Public Key (PKC ’05). LNCS, vol. 3386, pp. 47–64. Springer (2005)
Abdalla, M.; Pointcheval, D.: Simple password-based encrypted key exchange protocols. In: Proceedings of Topics in Cryptology: CT-RSA 2005. LNCS, vol. 3376, pp. 191–208, Springer (2005)
Abdalla, M.; Fouque, P.-A.; Pointcheval, D.: Password-based authenticated key exchange in the three-party setting. In: Proceedings of PKC’2005. LNCS, vol. 3386, pp. 65–84, Springer (2005) [Full version appeared in IEE Information Security 153(1), 27–39 (2006)]
Abdalla, M.; Pointcheval, D.: Interactive Diffie–Hellman assumptions with applications to password-based authentication. In: Proceedings of FC’2005. LNCS, vol. 3570, pp. 341–356. Springer (2005)
Lu R.X., Cao Z.F (2007) Simple three-party key exchange protocol. Comput. Secur. 26: 94–97
Chien H.Y., Wu T.C (2009) Provably secure password-based three-party key exchange with optimal message steps. Comput. J. 52(6): 646–655
Huang H.-F (2009) A simple three-party password-based key exchange protocol. Int. J. Commun. Syst. 22(7): 857–862
Zeng Y., Ma J., Moon S (2010) An improvement on a three-party password-based key exchange protocol using weil pairing. Int. J. Netw. Secur. 11(1): 17–22
Lo J.-W., Lee J.-Z., Hwang M.-S., Chu Y.-P (2010) An advanced password authenticated key exchange protocol for imbalanced wireless networks. J. Internet Technol. 11(7): 997–1004
Lee T-F., Hwang T (2010) Simple password-based three-party authenticated key exchange without server public keys. Inf. Sci. 180(9): 1702–1714
Chang T.-Y., Hwang M.-S., Yang W.-P (2011) A communication- efficient three-party password authenticated key exchange protocol. Inf. Sci. 181: 217–226
H.-Y. Chien (2011) Secure verifier-based three-party key exchange in the random oracle model. J. Inf. Sci. Eng. 27(4): 1487–1501
Lou D.-C., Huang H.-F (2011) Efficient three-party password-based key exchange scheme. Int. J. Commun. Syst. 24(4): 504–512
Wang, W.; Hu, L.: Efficient and provably secure generic construction of three-party password-based authenticated key exchange protocols. In: Proceedings of INDOCRYPT 2006. LNCS, vol. 4329, pp. 118–132. Springer (2006)
Choo, K.-K.R.; Boyd, C.; Hitchcock, Y.: Examining indistinguishability-based proof models for key establishment protocols. In: Proceedings of ASIACRYPT’2005. LNCS, vol. 3788, pp. 585–604. Springer (2005)
Chung H.-R., Ku W.-C (2008) Three weaknesses in a simple three-party key exchange protocol. Inf. Sci. 178: 220–229
Yoon E.J., Yoo K.Y (2011) Cryptanalysis of a simple three-party password-based key exchange protocol. Int. J. Commun. Syst. 24(4): 532–542
Hankerson, D.; Menezes, A.; Vanstone, S.: Guide to Elliptic Curve Cryptography. Springer, Berlin (2004)
Koblitz N (1987) Elliptic curve cryptosystem. Math. Comput. 48: 203–209
Abdalla, M.; Bellare, M.; Rogaway, P.: The oracle Diffie–Hellman assumptions and an analysis of DHIES. In: Proceedings of CT-RSA’2001 pp. 143–158. Springer (2001)
Pointcheval, D.: Provable Security for public key schemes. In: Contemporary Cryptology. Advanced Courses in Mathematics, CRM Barcelona, pp. 133–189 (2005)
Ding Y., Horster P (1995) Undetectable on-line password guessing attacks. ACM Oper. Syst. Rev. 29: 77–86
Liang, H.; Hu, J.; Wu, S.: Re-attack on a three-party password-based authenticated key exchange protocol. Math. Comput. Model. (2012). doi:10.1016/j.mcm.2012.10.019
Wu S (2011) Security analysis and enhancements of verifier-based password-authenticated key exchange protocols in the three-party setting. J. Inf. Sci. Eng. 27: 1059–1072
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Liu, T., Pu, Q., Zhao, Y. et al. ECC-Based Password-Authenticated Key Exchange in the Three-Party Setting. Arab J Sci Eng 38, 2069–2077 (2013). https://doi.org/10.1007/s13369-013-0543-z
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s13369-013-0543-z