Skip to main content
SpringerLink
Log in

A Three-Party Password Authenticated Key Exchange Protocol Resistant to Stolen Smart Card Attacks

  • Conference paper
  • First Online:
Advances in Intelligent Information Hiding and Multimedia Signal Processing

Part of the book series: Smart Innovation, Systems and Technologies ((SIST,volume 63))

Abstract

Authenticated Key Exchange (AKE) is an important cryptographic tool to establish a confidential channel between two or more entities over a public network. Various AKE protocols utilize smart cards to store sensitive contents which are normally used for authentication or session key generation. It assumed that smart cards come with a tamper-resistant property, but sensitive contents stored in it can still be extracted by side channel attacks. It means that if an adversary steals someones smart card, he may have chance to impersonate this victim or further launch another attacks. This kind of attack is called Stolen Smart Card Attack. In this paper, we propose a three-party password authentication key exchange protocol. Our design is secure against the stolen smart card attack. We also provide a security analysis to show our protocol is still secure if sensitive information which is stored in a smart card is extracted by an attacker.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 129.00
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 169.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 169.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Diffie, W., Hellman, M.: New directions in cryptography. IEEE transactions on Information Theory 22(6), 644–654 (1976)

    Google Scholar 

  2. Chen, C.M., Wang, K.H., Wu, T.Y., Pan, J.S., Sun, H.M.: A scalable transitive human-verifiable authentication protocol for mobile devices. IEEE Transactions on Information Forensics and Security 8(8), 1318–1330 (2013)

    Google Scholar 

  3. Sun, H.M., He, B.Z., Chen, C.M., Wu, T.Y., Lin, C.H., Wang, H.: A provable authenticated group key agreement protocol for mobile environment. Information Sciences 321, 224–237 (2015)

    Google Scholar 

  4. Farash, M.S., Attari, M.A.: An enhanced and secure three-party password-based authenticated key exchange protocol without using servers public-keys and symmetric cryptosystems. Information Technology and Control 43(2), 143–150 (2014)

    Google Scholar 

  5. Gope, P., Hwang, T.: An efficient mutual authentication and key agreement scheme preserving strong anonymity of the mobile user in global mobility networks. Journal of Network and Computer Applications 62, 1–8 (2016)

    Google Scholar 

  6. Li, X., Niu, J., Kumari, S., Khan, M.K., Liao, J., Liang, W.: Design and analysis of a chaotic maps-based three-party authenticated key agreement protocol. Nonlinear Dynamics 80(3), 1209–1220 (2015)

    Google Scholar 

  7. Yeh, H.L., Chen, T.H., Shih, W.K.: Robust smart card secured authentication scheme on sip using elliptic curve cryptography. Computer Standards & Interfaces 36(2), 397–402 (2014)

    Google Scholar 

  8. Islam, S.H., Khan, M.K.: Cryptanalysis and improvement of authentication and key agreement protocols for telecare medicine information systems. Journal of medical systems 38(10), 1–16 (2014)

    Google Scholar 

  9. Xie, Q., Hu, B.,Wu, T.: Improvement of a chaotic maps-based three-party password-authenticated key exchange protocol without using servers public key and smart card. Nonlinear Dynamics 79(4), 2345–2358 (2015)

    Google Scholar 

  10. Farash, M.S., Kumari, S., Bakhtiari, M.: Cryptanalysis and improvement of a robust smart card secured authentication scheme on sip using elliptic curve cryptography. Multimedia Tools and Applications 75(8), 4485–4504 (2016)

    Google Scholar 

  11. Xie, Q.: A new authenticated key agreement for session initiation protocol. International Journal of Communication Systems 25(1), 47–54 (2012)

    Google Scholar 

  12. Chaudhry, S.A., Naqvi, H., Shon, T., Sher, M., Farash, M.S.: Cryptanalysis and improvement of an improved two factor authentication protocol for telecare medical information systems. Journal of Medical Systems 39(6), 1–11 (2015)

    Google Scholar 

  13. Lai, H., Xiao, J., Li, L., Yang, Y.: Applying semigroup property of enhanced chebyshev polynomials to anonymous authentication protocol. Mathematical Problems in Engineering 2012 (2012)

    Google Scholar 

  14. Farash, M.S.: Cryptanalysis and improvement of an improved authentication with key agreement scheme on elliptic curve cryptosystem for global mobility networks. International Journal of Network Management 25(1), 31–51 (2015)

    Google Scholar 

  15. Zhang, L., Zhu, S., Tang, S.: Privacy protection for telecare medicine information systems using a chaotic map-based three-factor authenticated key agreement scheme. IEEE Journal of Biomedical and Health Informatics (2016)

    Google Scholar 

  16. Zhao, F., Gong, P., Li, S., Li, M., Li, P.: Cryptanalysis and improvement of a three-party key agreement protocol using enhanced chebyshev polynomials. Nonlinear Dynamics 74(1-2), 419–427 (2013)

    Google Scholar 

  17. Chen, C.M., Xu, L., Wu, T.Y., Li, C.R.: On the security of a chaotic maps-based three-party authenticated key agreement protocol. Journal of Network Intelligence (2), 61–65 (2016)

    Google Scholar 

  18. Abdalla, M., Pointcheval, D.: Interactive diffie-hellman assumptions with applications to password-based authentication. In: International Conference on Financial Cryptography and Data Security. pp. 341–356. Springer (2005)5

    Google Scholar 

  19. Chen, C.M., Ku, W.C.: Stolen-Verifier Attack on Two New Strong-Password Authentication Protocols. IEICE Transactions on Communications, vol.E85-B, no.11, pp.2519-2521. (2002)

    Google Scholar 

  20. Ku, W.C., Chen, C.M., Lee, H.L.: Cryptanalysis of a Variant of Peyravian-Zunic’s Password Authentication Scheme. IEICE Transactions on Communications, vol.E86-B, no.5, pp.1682-1684. (2003)

    Google Scholar 

  21. Ku, W.C., Chen, C.M., Lee, H.L.:Weaknesses of Lee-Li-Hwang’s Hash-Based Password Authentication Scheme. ACM Operating Systems Review, vol.37, no.4, pp.19-25. (2003)

    Google Scholar 

  22. Sun, H.M., Wang, K.H., Chen, C.M.: On the Security of an Efficient Time-Bound Hierarchical Key Management Scheme. IEEE Transactions on Dependable and Secure Computing, vol. 6, no. 2, pp. 159160.(2009)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. School of Computer Science and Technology, Harbin Institute of Technology Shenzhen Graduate School, Shenzhen, China

    Chien-Ming Chen, Linlin Xu, Weicheng Fang & Tsu-Yang Wu

Authors
  1. Chien-Ming Chen
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Linlin Xu
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Weicheng Fang
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Tsu-Yang Wu
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Chien-Ming Chen .

Editor information

Editors and Affiliations

  1. University Town, National Kaohsiung University of Applied University Town, Fujian, China

    Jeng-Shyang Pan

  2. College of Information Science and Engin, Fujiang University of Technology College of Information Science and Engin, Fujian, China

    Pei-Wei Tsai

  3. National University of Kaohsiung , Kaohsiung, Taiwan

    Hsiang-Cheh Huang

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer International Publishing AG

About this paper

Cite this paper

Chen, CM., Xu, L., Fang, W., Wu, TY. (2017). A Three-Party Password Authenticated Key Exchange Protocol Resistant to Stolen Smart Card Attacks. In: Pan, JS., Tsai, PW., Huang, HC. (eds) Advances in Intelligent Information Hiding and Multimedia Signal Processing. Smart Innovation, Systems and Technologies, vol 63. Springer, Cham. https://doi.org/10.1007/978-3-319-50209-0_40

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-50209-0_40

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-50208-3

  • Online ISBN: 978-3-319-50209-0

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation