Abstract
Authenticated Key Exchange (AKE) is an important cryptographic tool to establish a confidential channel between two or more entities over a public network. Various AKE protocols utilize smart cards to store sensitive contents which are normally used for authentication or session key generation. It assumed that smart cards come with a tamper-resistant property, but sensitive contents stored in it can still be extracted by side channel attacks. It means that if an adversary steals someones smart card, he may have chance to impersonate this victim or further launch another attacks. This kind of attack is called Stolen Smart Card Attack. In this paper, we propose a three-party password authentication key exchange protocol. Our design is secure against the stolen smart card attack. We also provide a security analysis to show our protocol is still secure if sensitive information which is stored in a smart card is extracted by an attacker.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Diffie, W., Hellman, M.: New directions in cryptography. IEEE transactions on Information Theory 22(6), 644–654 (1976)
Chen, C.M., Wang, K.H., Wu, T.Y., Pan, J.S., Sun, H.M.: A scalable transitive human-verifiable authentication protocol for mobile devices. IEEE Transactions on Information Forensics and Security 8(8), 1318–1330 (2013)
Sun, H.M., He, B.Z., Chen, C.M., Wu, T.Y., Lin, C.H., Wang, H.: A provable authenticated group key agreement protocol for mobile environment. Information Sciences 321, 224–237 (2015)
Farash, M.S., Attari, M.A.: An enhanced and secure three-party password-based authenticated key exchange protocol without using servers public-keys and symmetric cryptosystems. Information Technology and Control 43(2), 143–150 (2014)
Gope, P., Hwang, T.: An efficient mutual authentication and key agreement scheme preserving strong anonymity of the mobile user in global mobility networks. Journal of Network and Computer Applications 62, 1–8 (2016)
Li, X., Niu, J., Kumari, S., Khan, M.K., Liao, J., Liang, W.: Design and analysis of a chaotic maps-based three-party authenticated key agreement protocol. Nonlinear Dynamics 80(3), 1209–1220 (2015)
Yeh, H.L., Chen, T.H., Shih, W.K.: Robust smart card secured authentication scheme on sip using elliptic curve cryptography. Computer Standards & Interfaces 36(2), 397–402 (2014)
Islam, S.H., Khan, M.K.: Cryptanalysis and improvement of authentication and key agreement protocols for telecare medicine information systems. Journal of medical systems 38(10), 1–16 (2014)
Xie, Q., Hu, B.,Wu, T.: Improvement of a chaotic maps-based three-party password-authenticated key exchange protocol without using servers public key and smart card. Nonlinear Dynamics 79(4), 2345–2358 (2015)
Farash, M.S., Kumari, S., Bakhtiari, M.: Cryptanalysis and improvement of a robust smart card secured authentication scheme on sip using elliptic curve cryptography. Multimedia Tools and Applications 75(8), 4485–4504 (2016)
Xie, Q.: A new authenticated key agreement for session initiation protocol. International Journal of Communication Systems 25(1), 47–54 (2012)
Chaudhry, S.A., Naqvi, H., Shon, T., Sher, M., Farash, M.S.: Cryptanalysis and improvement of an improved two factor authentication protocol for telecare medical information systems. Journal of Medical Systems 39(6), 1–11 (2015)
Lai, H., Xiao, J., Li, L., Yang, Y.: Applying semigroup property of enhanced chebyshev polynomials to anonymous authentication protocol. Mathematical Problems in Engineering 2012 (2012)
Farash, M.S.: Cryptanalysis and improvement of an improved authentication with key agreement scheme on elliptic curve cryptosystem for global mobility networks. International Journal of Network Management 25(1), 31–51 (2015)
Zhang, L., Zhu, S., Tang, S.: Privacy protection for telecare medicine information systems using a chaotic map-based three-factor authenticated key agreement scheme. IEEE Journal of Biomedical and Health Informatics (2016)
Zhao, F., Gong, P., Li, S., Li, M., Li, P.: Cryptanalysis and improvement of a three-party key agreement protocol using enhanced chebyshev polynomials. Nonlinear Dynamics 74(1-2), 419–427 (2013)
Chen, C.M., Xu, L., Wu, T.Y., Li, C.R.: On the security of a chaotic maps-based three-party authenticated key agreement protocol. Journal of Network Intelligence (2), 61–65 (2016)
Abdalla, M., Pointcheval, D.: Interactive diffie-hellman assumptions with applications to password-based authentication. In: International Conference on Financial Cryptography and Data Security. pp. 341–356. Springer (2005)5
Chen, C.M., Ku, W.C.: Stolen-Verifier Attack on Two New Strong-Password Authentication Protocols. IEICE Transactions on Communications, vol.E85-B, no.11, pp.2519-2521. (2002)
Ku, W.C., Chen, C.M., Lee, H.L.: Cryptanalysis of a Variant of Peyravian-Zunic’s Password Authentication Scheme. IEICE Transactions on Communications, vol.E86-B, no.5, pp.1682-1684. (2003)
Ku, W.C., Chen, C.M., Lee, H.L.:Weaknesses of Lee-Li-Hwang’s Hash-Based Password Authentication Scheme. ACM Operating Systems Review, vol.37, no.4, pp.19-25. (2003)
Sun, H.M., Wang, K.H., Chen, C.M.: On the Security of an Efficient Time-Bound Hierarchical Key Management Scheme. IEEE Transactions on Dependable and Secure Computing, vol. 6, no. 2, pp. 159160.(2009)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Chen, CM., Xu, L., Fang, W., Wu, TY. (2017). A Three-Party Password Authenticated Key Exchange Protocol Resistant to Stolen Smart Card Attacks. In: Pan, JS., Tsai, PW., Huang, HC. (eds) Advances in Intelligent Information Hiding and Multimedia Signal Processing. Smart Innovation, Systems and Technologies, vol 63. Springer, Cham. https://doi.org/10.1007/978-3-319-50209-0_40
Download citation
DOI: https://doi.org/10.1007/978-3-319-50209-0_40
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-50208-3
Online ISBN: 978-3-319-50209-0
eBook Packages: EngineeringEngineering (R0)