Arabian Journal for Science and Engineering

, Volume 42, Issue 8, pp 3275–3287 | Cite as

EIMAKP: Heterogeneous Cross-Domain Authenticated Key Agreement Protocols in the EIM System

Research Article - Computer Engineering and Computer Science
First Online:
Received:
Accepted:
  • 110 Downloads

Abstract

In recent years, instant messaging (IM) has increasingly become a popular communication technology around the world, and the enterprise instant messaging (EIM) system is one of IM’s applications for enterprise use. The existing studies of EIM systems are directed at the design of functional components and the process of communication, which are usually based on XMPP protocol suite. However, in this paper, the security of EIM is more concerned from another perspective, which is the problem of identity authentication and key agreement between users and services. Several EIM systems are based on public key infrastructure (PKI) to achieve the high-security requirements of enterprises, while identity-based cryptography (IBC) brings new development direction for EIM systems. Although most of the EIM applications are applied independently in different enterprises, users’ heterogeneous cross-domain service access has become an inevitable trend. However, there is still no heterogeneous cross-domain authentication protocol between the PKI domain and the IBC domain having been proposed. Therefore, in order to address this problem, a novel and detailed heterogeneous cross-domain authenticated key agreement scheme is proposed in this paper. By utilizing the PKI-based distributed trust model and the access authorization tickets, this scheme can realize interconnection and seamless authentication between the PKI domain and the IBC domain. Analysis shows that the proposed scheme is theoretically correct, while guaranteeing high security and efficiency.

Keywords

Enterprise instant messaging Public key infrastructure Identity-based cryptography Heterogeneous cross-domain Authenticated key agreement 
This is a preview of subscription content, log in to check access.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Day, M.; Rosenberg, J.; Sugano, H.: A model for presence and instant messaging (2000)Google Scholar
  2. 2.
    Nardi, B.A.; Whittaker, S.; Bradner, E.: Interaction and outeraction: instant messaging in action. In: Proceedings of the 2000 ACM Conference on Computer Supported Cooperative Work, pp. 79–88. ACM (2000)Google Scholar
  3. 3.
    Dudziak, T.J.; Patel, B.; Kupsh, J.: Enterprise instant message aggregator. US Patent 7,890,084 (15 Feb 2011)Google Scholar
  4. 4.
    Snork Research, “What is enterprise IM?”. http://www.sonork.com/eng/what_is_eim.html 15 Aug 2007
  5. 5.
    Osterman Research, “Instant messaging: enterprise market needs and trends. http://www.ostermanresearch.com/execsum/or_im03es.pdf 19 Feb 2008
  6. 6.
    Rana, M.E.; Wei, G.; Hoornaert, P.: An enterprise instant messaging (EIM) solution to cater issues associated with instant messaging (IM) in business. In: IEEE Student Conference on Research and Development (2015)Google Scholar
  7. 7.
    Zhou, W.Q.; Wang, L.Q.; Zhou, T.; et al.: Research and application on enterprise instant messaging system based on XMPP. J. Jilin Univ. 28(01), 106–111 (2010)Google Scholar
  8. 8.
    Nie, P.: An open standard for instant messaging: eXtensible messaging and presence protocol (XMPP). University of Helsinki Department of Computer Science (2004)Google Scholar
  9. 9.
    Saint-Andre, P.: Extensible messaging and presence protocol (XMPP): core. University of Helsinki Department of Computer Science (2004)Google Scholar
  10. 10.
    Schoen, I.; Boberski, M.: Secure PKI proxy and method for instant messaging clients. US Patent Application 10/133,202 (26 Apr 2002)Google Scholar
  11. 11.
    Housely, R.; Ford, W.; Polk, W.; et al.: Internet X. 509 public key infrastructure[J]. Internet Engineering Task Force Draft, PKIX Working group, work in progress (1999)Google Scholar
  12. 12.
    Adams, C.; et al.: Internet X. 509 public key infrastructure certificate management protocol (CMP). No. RFC 4210 (2005)Google Scholar
  13. 13.
    Shamir, A.: Identity-Based Cryptosystems and Signature Schemes. Advances in Cryptology. Springer, Berlin (1985)MATHGoogle Scholar
  14. 14.
    Boneh, D.; Franklin, M.; Identity-based encryption from the Weil pairing. In: Advances in Cryptology—CRYPTO 2001, pp. 213–229. Springer, Berlin (2001)Google Scholar
  15. 15.
    Stochosky, M.: Peer-to-peer identity-based activity sharing. US Patent Application 10/781,029 (17 Feb 2004)Google Scholar
  16. 16.
    Appenzeller, G.; Pauker, M.J.; Spies, T.; et al.: Identity-based-encryption messaging system. US Patent 7,571,321 (4 Aug 2009)Google Scholar
  17. 17.
    Fan, Y.: Study of the gateway for instant messaging systems based on XMPP. Appl. Electr. Tech. 33(10), 123–124 (2007)Google Scholar
  18. 18.
    Linn, J.: Trust models and management in public-key infrastructures. RSA Laboratories (12, 2000)Google Scholar
  19. 19.
    Liu, H.; Luo, P.; Wang, D.: A scalable authentication model based on public keys. J. Netw. Comput. Appl. 31(4), 375–386 (2008)CrossRefGoogle Scholar
  20. 20.
    Zhang, W.; Wang, X.; Khan, M.K.: A virtual bridge certificate authority-based cross-domain authentication mechanism for distributed collaborative manufacturing systems. Secur. Commun. Netw. 8(6), 937–951 (2015)CrossRefGoogle Scholar
  21. 21.
    Li, F.; Xiong, P.; Jin, C.: Identity-based deniable authentication for ad hoc networks. Computing 96(9), 843–853 (2014)CrossRefMATHGoogle Scholar
  22. 22.
    Das, M.L.; Saxena, A.; Gulati, V.P.; et al.: A novel remote user authentication scheme using bilinear pairings. Comput. Secur. 25(3), 184–189 (2006)CrossRefGoogle Scholar
  23. 23.
    Chou, C.H.; Tsai, K.Y.; Lu, C.F.: Two ID-based authenticated schemes with key agreement for mobile environments. J. Supercomput. 66(2), 973–988 (2013)CrossRefGoogle Scholar
  24. 24.
    Farash, M.S.; Attari, M.A.: A secure and efficient identity-based authenticated key exchange protocol for mobile client–server networks. J. Supercomput. 69(1), 395–411 (2014)CrossRefGoogle Scholar
  25. 25.
    Cao, X.; Kou, W.; Du, X.: A pairing-free identity-based authenticated key agreement protocol with minimal message exchanges. Inf. Sci. 180(15), 2895–2903 (2010)MathSciNetCrossRefMATHGoogle Scholar
  26. 26.
    Hua-Xi, P.: An identity-based authentication model for multi-domain. Chin. J. Comput. 8, 003 (2006)Google Scholar
  27. 27.
    Yu, R.; Yuan, J.; Du, G.; et al.: An identity-based mechanism for enhancing SIP security. In: 2012 IEEE 3rd International Conference on Software Engineering and Service Science (ICSESS), pp. 447–451. IEEE (2012)Google Scholar
  28. 28.
    He, D.; Zeadally, S.; Kumar, N.; et al.: Anonymous authentication for wireless body area networks with provable security. IEEE Syst. J. PP(99), 1–12 (2016). doi: 10.1109/JSYST.2016.2544805
  29. 29.
    Chaudhry, S.A.: A secure biometric based multi-server authentication scheme for social multimedia networks. Multimedia Tools Appl. 75(20), 12705–12725 (2016)Google Scholar
  30. 30.
    Dolev, D.; Yao, A.C.: On the security of public key protocols. IEEE Trans. Inf. Theory 29(2), 198–208 (1983)MathSciNetCrossRefMATHGoogle Scholar
  31. 31.
    Ding, Y.: An improvement of GNY logic for the reflection attacks. J. Comput. Sci. Technol. 14(6), 619–623 (1999)MathSciNetCrossRefMATHGoogle Scholar
  32. 32.
    Dojen, R.; Jurcut, A.; Coffey, T.; Gyorodi, C.: On establishing and fixing a parallel session attack in a security protocol. In: Badica, C., Mangioni, G., Carchiolo, V., Burdescu, D.D. (eds.) Intelligent Distributed Computing, Systems and Applications. Springer, Berlin (2008)Google Scholar

Copyright information

© King Fahd University of Petroleum & Minerals 2017

Authors and Affiliations

  1. 1.School of Information Science and TechnologySouthwest Jiaotong UniversityChengduChina
  2. 2.Key Laboratory of Information Security and National Computing GridSouthwest Jiaotong UniversityChengduChina

Personalised recommendations