Abstract
A secure authenticated key exchange protocol is an essential key to bootstrap a secure wireless communication. Various research have been conducted to study the efficiency and security of these authenticated key exchange protocol. A recent work by Lu et al. addresses the needs of a three parties secure communication by presenting a new protocol that claimed to be resistance against various attacks. However we found that their protocol is still vulnerable against an off-line password guessing attack. In this attack, an adversary can obtain the password of an user without any direct interactions with the server. To surmount such problem, we propose a new three-party password-based authenticated key exchange protocol. The security of our protocol are proved by the automatic cryptographic protocol tool proverif. The protocol presented is also more secure and efficient comparing with other similar protocols in the literature.
Similar content being viewed by others
References
Abbasinezhad-Mood D, Nikooghadam M (2018a) Design and hardware implementation of a security-enhanced elliptic curve cryptography based lightweight authentication scheme for smart grid communications. Future Gener Comput Syst 84:47–57
Abbasinezhad-Mood D, Nikooghadam M (2018b) Efficient anonymous password-authenticated key exchange protocol to read isolated smart meters by utilization of extended chebyshev chaotic maps. IEEE Trans Ind Inform. https://doi.org/10.1109/TII.2018.2806974
Chang CC, Chang YF (2004) A novel three-party encrypted key exchange protocol. Comput Stand Interfaces 26(5):471–476
Chang TY, Yang WP, Hwang MS (2005) Simple authenticated key agreement and protected password change protocol. Comput Math Appl 49(5):703–714
Chang TY, Hwang MS, Yang WP (2011) A communication-efficient three-party password authenticated key exchange protocol. Inform Sci 181(1):217–226
Chaudhry SA, Naqvi H, Sher M, Farash MS, Hassan MU (2017) An improved and provably secure privacy preserving authentication protocol for SIP. Peer Peer Netw Appl 10(1):1–15
Chen BL, Kuo WC, Wuu LC (2012) A secure password-based remote user authentication scheme without smart cards. Inform Technol Control 41(1):53–59
Chen CM, Xu L, Wu TY, Li CR (2016) On the security of a chaotic maps-based three-party authenticated key agreement protocol. J Netw Intell 1(2):61–66
Chen CM, Fang W, Liu S, Wu TY, Pan JS, Wang KH (2018a) Improvement on a chaotic map-based mutual anonymous authentication protocol. J Inform Sci Eng 34(2):371–390
Chen CM, Xu L, Wang KH, Liu S, Wu TY (2018b) Cryptanalysis and improvements on three-party-authenticated key agreement protocols based on chaotic maps. J Int Technol 19(3):679–687
Farash MS, Attari MA (2014) An enhanced and secure three-party password-based authenticated key exchange protocol without using server’s public-keys and symmetric cryptosystems. Inform Technol Control 43(2):143–150
Jiang Q, Zeadally S, Ma J, He D (2017) Lightweight three-factor authentication and key agreement protocol for internet-integrated wireless sensor networks. IEEE Access 5:3376–3392
Jiang Q, Chen Z, Li B, Shen J, Yang L, Ma J (2018) Security analysis and improvement of bio-hashing based three-factor authentication scheme for telecare medical information systems. J Ambient Intell Humaniz Comput 9(4):1061–1073
Lee SW, Kim HS, Yoo KY (2005) Efficient verifier-based key agreement protocol for three parties without server’s public key. Appl Math Comput 167(2):996–1003
Li CT, Chen CL, Lee CC, Weng CY, Chen CM (2018) A novel three-party password-based authenticated key exchange protocol with user anonymity based on chaotic maps. Soft Comput 22(8):2495–2506
Lin JP, Fu JM (2013) Authenticated key agreement scheme with privacy-protection in the three-party setting. IJ Netw Secur 15(3):179–189
Lu Y, Peng H, Yang Y et al (2015) A three-party password-based authenticated key exchange protocol for wireless communications. Inform Technol Control 44(4):404–409
Shen H, Gao C, He D, Wu L (2015) New biometrics-based authentication scheme for multi-server environment in critical systems. J Ambient Intell Humaniz Comput 6(6):825–834
Tallapally S (2012) Security enhancement on simple three party PAKE protocol. Inform Technol Control 41(1):15–22
Wu F, Xu L, Kumari S, Li X (2017a) A privacy-preserving and provable user authentication scheme for wireless sensor networks based on internet of things security. J Ambient Intell Humaniz Comput 8(1):101–116
Wu F, Xu L, Kumari S, Li X, Shen J, Choo KKR, Wazid M, Das AK (2017b) An efficient authentication and key agreement scheme for multi-gateway wireless sensor networks in IoT deployment. J Netw Comput Appl 89:72–85
Xiong H, Choo KKR, Vasilakos AV (2017a) Revocable identity-based access control for big data with verifiable outsourced computing. IEEE Trans Big Data. https://doi.org/10.1109/TBDATA.2017.2697448
Xiong H, Tao J, Yuan C (2017b) Enabling telecare medical information systems with strong authentication and anonymity. IEEE Access 5:5648–5661
Zhu H (2017) A novel two-party scheme against off-line password guessing attacks using new theorem of chaotic maps. KSII Trans Int Inform Syst 11(12):6188–6204
Zhu H, Zhang Y (2017) An efficient chaotic maps-based deniable authentication group key agreement protocol. Wirel Pers Commun 96(1):217–229
Acknowledgements
The work of Tsu-Yang Wu was supported in part by the Science and Technology Development Center, Ministry of Education, China under Grant no. 2017A13025 and the Natural Science Foundation of Fujian Province under Grant no. 2018J01636.
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher’s Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Chen, CM., Wang, KH., Yeh, KH. et al. Attacks and solutions on a three-party password-based authenticated key exchange protocol for wireless communications. J Ambient Intell Human Comput 10, 3133–3142 (2019). https://doi.org/10.1007/s12652-018-1029-3
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s12652-018-1029-3