A provably secure smart card-based authenticated group key exchange protocol
Pages 1602 - 1607
Abstract
A password-based authenticated group key exchange protocol assists group participants who possess low-entropy, human-memorable passwords in establishing a secure communication channel. In this type of scheme, the server needs to store the users' verifiers in a database. Therefore, it is susceptible to stolen-verifier attacks. In this paper, we propose a new authenticated group key protocol that eliminates the need of verifier database at the server side. Our protocol is based on a two-factor authentication that employs both smart card and password. Copyright © 2014 John Wiley & Sons, Ltd.
References
[1]
Diffie W, Hellman ME. New directions in cryptography. IEEE Information Theory 1976; Volume 22: pp.644-654.
[2]
Diffie W, Oorschot PV, Wiener M. Authentication and authenticated key exchanges. Designs, Codes and Cryptography 1992; Volume 2: pp.107-125.
[3]
Bellare M, Rogaway P. Entity authentication and key distribution. In Advances in Cryptology - CRYPTO' 93, LNCS, Vol. Volume 773. Springer-Verlag: Berlin Heidelberg, 1994; pp.232-249.
[4]
Bellare M, Canetti R, Krawczyk H. A modular approach to the design and analysis of authentication and key exchange protocols. In: Proceedings of the Thirtieth Annual ACM Symposium on Theory of Computing1998; pp.419-428.
[5]
Shoup V. On formal models for secure key exchange. Draft, 1999; available at "http://eprint.iacr.org/1999/012" [accessed 20 Dec, 2013].
[6]
Canetti R, Krawczyk H. Analysis of key-exchange protocols and their use for building secure channels. In Advances in Cryptology - Eurocrypt 2001, LNCS, Vol. Volume 2045. Springer-Verlag: Berlin Heidelberg, 2001; pp.453-474.
[7]
Canetti R, Krawczyk H. Universally composable notions of key exchange and secure channels. In Advances in Cryptology - Eurocrypt 2002, LNCS, Vol. Volume 2332. Springer-Verlag: Berlin Heidelberg, 2002; pp.337-351.
[8]
Bresson E, Chevassut O, Pointcheval D, Quisquater J. Provably authenticated group Diffie-Hellman key exchange. In: Proceedings of the 8th ACM Conference on Computer and Communications Security. ACM, 2001; pp.255-264.
[9]
Bresson E, Chevassut O, Pointcheval D. Dynamic group Diffie-Hellman key exchange under standard assumptions. In EUROCRYPT 2002, LNCS, Vol. Volume 2332, Knudsen LR ed. Springer: Heidelberg, 2002; pp.321-336.
[10]
Katz J, Shin J. Modeling insider attacks on group key-exchange protocols. In: Proceedings of the 12th ACM Conference on Computer and Communications Security2005; pp.180-189.
[11]
Armknecht F, Furukawa J. On the minimum communication effort for secure group key exchange. Journal of the ACM JACM 2009; Volume 38: pp.108-115.
[12]
Gorantla M, Boyd C, Nieto J. Universally composable contributory group key exchange. In: Proceedings of the 4th International Symposium. ACM, 2009; pp.146-156.
[13]
Furukawa J, Armknecht F, Kurosawa K. A universally composable group key exchange protocol with minimum communication effort. Security and Cryptography for Networks 2008; Volume 36: pp.392-408.
[14]
Bellovin SM, Merritt M. Encrypted key exchange: password-based protocols secure against dictionary attacks. IEEE computer Society Symposium on Research in Security and Privacy. Oakland, 1992; pp.72-84.
[15]
Goldreich O, Lindell Y. Session key generation using human passwords only. In CRYPTO 2001, LNCS, Vol. Volume 2139, Kilian J ed. Springer: Heidelberg, 2001; pp.408-432.
[16]
Katz J, Ostrovsky R, Yung M. Practical password-authenticated key exchange provably secure under standard assumptions. In EUROCRYPT 2001, LNCS, Vol. Volume 2045, Pfitzmann B ed. Springer: Heidelberg, 2001; pp.474-494.
[17]
Gennaro R, Lindell Y. A framework for password-based authenticated key exchange. ACM Transactions on Information and System Security TISSEC 2006; Volume 9: pp.181-234.
[18]
Gennaro R. Faster and shorter password-authenticated key exchange. In TCC 2008, LNCS, Vol. Volume 4948, Canetti, R ed. Springer: Heidelberg, 2008; pp.589-606.
[19]
Bellare M, Pointcheval D, Rogaway P. Authenticated key exchange secure against dictionary attacks. In EUROCRYPT 2000, LNCS, Vol. Volume 1807, Preneel B ed. Springer: Heidelberg, 2000; pp.139-155.
[20]
Boyko V, MacKenzie P, Patel S. Provably secure password-authenticated key exchange using Diffie-Hellman. In EUROCRYPT 2000, LNCS, Vol. Volume 1807, Preneel B ed. Springer: Heidelberg, 2000; pp.156-171.
[21]
Abdalla M, Fouque PA, Pointcheval D. Password-based authenticated key exchange in the three-party setting. PKC 2005. Springer-Verlag, 2005; pp.22-30.
[22]
Chang CC, Chang YF. A novel three-party encrypted key exchange protocol. Computer Standards & Interfaces 2004; Volume 26: pp.471-476.
[23]
Lee TF, Hwang T, Lin CL. Enhanced three-party encrypted key exchange without server public keys. Computers and Security 2004; Volume 23: pp.571-577.
[24]
Sun HM, Chen BC, Hwang T. Secure key agreement protocols for three-party against guessing attacks. The Journal of Systems and Software 2005; Volume 75: pp.63-68.
[25]
Bresson E, Chevassut O, Pointcheval D. Group Diffie-Hellman key exchange secure against dictionary attacks. In Advances in Cryptology - Crypto'02. Springer: Berlin Heidelberg, 2002; pp.497-514.
[26]
Dutta R, Barua R. Password-based encrypted group key agreement. International Journal of Network Security 2006; Volume 3: pp.30-41.
[27]
Lee SM, Hwang JW, Lee DH. Efficient password-based group key exchange. Trust and privacy in digital business. In: Proceedings of 1st International Conference2004; pp.191-199.
[28]
Abdalla M, Bresson E, Chevassut O, Pointcheval D. Password-based group key exchange in a constant number of rounds. In Proceedings of PKD'06. 2006; pp.427-440.
[29]
Bellovin S, Merritt M. Augmented encrypted key exchange: a password-based protocol secure against dictionary attacks and password file compromise. In: Proceedings of ACM Conference on Computer and Communications Security1993; pp.244-250.
[30]
Chen CM, Ku WC. Stolen-verifier attack on two new strong-password authentication protocols. IEICE Transactions on Communications 2002; Volume E58B: pp.2519-2521.
[31]
Lin CL, Sun HM, Hwang T. Attacks and solutions on strong-password authentication. IEICE Transactions on Communications 2000; Volume E84B: pp.1363-1365.
[32]
Katz J, Yung M. Scalable protocols for authenticated group key exchange. In Advances in Cryptology - Crypto' 03, LNCS 2729. Springer-Verlag: Berlin Heidelberg, 2003; pp.10-125.
- A provably secure smart card-based authenticated group key exchange protocol
Recommendations
A communication-efficient three-party password authenticated key exchange protocol
Three-party password authenticated key exchange (3PAKE) protocols allow two users (clients) to establish a session key through an authentication server over an insecure channel. Clients only share an easy-to-remember password with the trusted server. In ...
Provably secure three party encrypted key exchange scheme with explicit authentication
In 2007, Lu and Cao proposed a simple, three-party, password-based, authenticated key exchange (S-3PEKE) protocol based on the chosen-basis computational Diffie-Hellman assumption. Although the authors claimed that their protocol was superior to similar ...
Cryptanalysis of smart-card-based password authenticated key agreement protocol for session initiation protocol of Zhang et al.
As the core signaling protocol for multimedia services, such as voice over internet protocol, the session initiation protocol SIP is receiving much attention and its security is becoming increasingly important. It is critical to develop a roust user ...
Comments
Please enable JavaScript to view thecomments powered by Disqus.Information & Contributors
Information
Published In
Publisher
John Wiley & Sons, Inc.
United States
Publication History
Published: 25 May 2015
Author Tags
Qualifiers
- Article
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 0Total Downloads
- Downloads (Last 12 months)0
- Downloads (Last 6 weeks)0
Reflects downloads up to 07 Mar 2025