Skip to main content
SpringerLink
Log in

Attacks and solutions on a three-party password-based authenticated key exchange protocol for wireless communications

  • Original Research
  • Published:
Journal of Ambient Intelligence and Humanized Computing Aims and scope Submit manuscript

Abstract

A secure authenticated key exchange protocol is an essential key to bootstrap a secure wireless communication. Various research have been conducted to study the efficiency and security of these authenticated key exchange protocol. A recent work by Lu et al. addresses the needs of a three parties secure communication by presenting a new protocol that claimed to be resistance against various attacks. However we found that their protocol is still vulnerable against an off-line password guessing attack. In this attack, an adversary can obtain the password of an user without any direct interactions with the server. To surmount such problem, we propose a new three-party password-based authenticated key exchange protocol. The security of our protocol are proved by the automatic cryptographic protocol tool proverif. The protocol presented is also more secure and efficient comparing with other similar protocols in the literature.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8

Similar content being viewed by others

References

  • Abbasinezhad-Mood D, Nikooghadam M (2018a) Design and hardware implementation of a security-enhanced elliptic curve cryptography based lightweight authentication scheme for smart grid communications. Future Gener Comput Syst 84:47–57

    Article  Google Scholar 

  • Abbasinezhad-Mood D, Nikooghadam M (2018b) Efficient anonymous password-authenticated key exchange protocol to read isolated smart meters by utilization of extended chebyshev chaotic maps. IEEE Trans Ind Inform. https://doi.org/10.1109/TII.2018.2806974

    Google Scholar 

  • Chang CC, Chang YF (2004) A novel three-party encrypted key exchange protocol. Comput Stand Interfaces 26(5):471–476

    Article  Google Scholar 

  • Chang TY, Yang WP, Hwang MS (2005) Simple authenticated key agreement and protected password change protocol. Comput Math Appl 49(5):703–714

    Article  MathSciNet  MATH  Google Scholar 

  • Chang TY, Hwang MS, Yang WP (2011) A communication-efficient three-party password authenticated key exchange protocol. Inform Sci 181(1):217–226

    Article  MathSciNet  Google Scholar 

  • Chaudhry SA, Naqvi H, Sher M, Farash MS, Hassan MU (2017) An improved and provably secure privacy preserving authentication protocol for SIP. Peer Peer Netw Appl 10(1):1–15

    Article  Google Scholar 

  • Chen BL, Kuo WC, Wuu LC (2012) A secure password-based remote user authentication scheme without smart cards. Inform Technol Control 41(1):53–59

    Article  Google Scholar 

  • Chen CM, Xu L, Wu TY, Li CR (2016) On the security of a chaotic maps-based three-party authenticated key agreement protocol. J Netw Intell 1(2):61–66

    Google Scholar 

  • Chen CM, Fang W, Liu S, Wu TY, Pan JS, Wang KH (2018a) Improvement on a chaotic map-based mutual anonymous authentication protocol. J Inform Sci Eng 34(2):371–390

    MathSciNet  Google Scholar 

  • Chen CM, Xu L, Wang KH, Liu S, Wu TY (2018b) Cryptanalysis and improvements on three-party-authenticated key agreement protocols based on chaotic maps. J Int Technol 19(3):679–687

    Google Scholar 

  • Farash MS, Attari MA (2014) An enhanced and secure three-party password-based authenticated key exchange protocol without using server’s public-keys and symmetric cryptosystems. Inform Technol Control 43(2):143–150

    Article  Google Scholar 

  • Jiang Q, Zeadally S, Ma J, He D (2017) Lightweight three-factor authentication and key agreement protocol for internet-integrated wireless sensor networks. IEEE Access 5:3376–3392

    Article  Google Scholar 

  • Jiang Q, Chen Z, Li B, Shen J, Yang L, Ma J (2018) Security analysis and improvement of bio-hashing based three-factor authentication scheme for telecare medical information systems. J Ambient Intell Humaniz Comput 9(4):1061–1073

    Article  Google Scholar 

  • Lee SW, Kim HS, Yoo KY (2005) Efficient verifier-based key agreement protocol for three parties without server’s public key. Appl Math Comput 167(2):996–1003

    MathSciNet  MATH  Google Scholar 

  • Li CT, Chen CL, Lee CC, Weng CY, Chen CM (2018) A novel three-party password-based authenticated key exchange protocol with user anonymity based on chaotic maps. Soft Comput 22(8):2495–2506

    Article  MATH  Google Scholar 

  • Lin JP, Fu JM (2013) Authenticated key agreement scheme with privacy-protection in the three-party setting. IJ Netw Secur 15(3):179–189

    Google Scholar 

  • Lu Y, Peng H, Yang Y et al (2015) A three-party password-based authenticated key exchange protocol for wireless communications. Inform Technol Control 44(4):404–409

    Article  Google Scholar 

  • Shen H, Gao C, He D, Wu L (2015) New biometrics-based authentication scheme for multi-server environment in critical systems. J Ambient Intell Humaniz Comput 6(6):825–834

    Article  Google Scholar 

  • Tallapally S (2012) Security enhancement on simple three party PAKE protocol. Inform Technol Control 41(1):15–22

    Article  Google Scholar 

  • Wu F, Xu L, Kumari S, Li X (2017a) A privacy-preserving and provable user authentication scheme for wireless sensor networks based on internet of things security. J Ambient Intell Humaniz Comput 8(1):101–116

    Article  Google Scholar 

  • Wu F, Xu L, Kumari S, Li X, Shen J, Choo KKR, Wazid M, Das AK (2017b) An efficient authentication and key agreement scheme for multi-gateway wireless sensor networks in IoT deployment. J Netw Comput Appl 89:72–85

    Article  Google Scholar 

  • Xiong H, Choo KKR, Vasilakos AV (2017a) Revocable identity-based access control for big data with verifiable outsourced computing. IEEE Trans Big Data. https://doi.org/10.1109/TBDATA.2017.2697448

    Google Scholar 

  • Xiong H, Tao J, Yuan C (2017b) Enabling telecare medical information systems with strong authentication and anonymity. IEEE Access 5:5648–5661

    Google Scholar 

  • Zhu H (2017) A novel two-party scheme against off-line password guessing attacks using new theorem of chaotic maps. KSII Trans Int Inform Syst 11(12):6188–6204

    Google Scholar 

  • Zhu H, Zhang Y (2017) An efficient chaotic maps-based deniable authentication group key agreement protocol. Wirel Pers Commun 96(1):217–229

    Article  Google Scholar 

Download references

Acknowledgements

The work of Tsu-Yang Wu was supported in part by the Science and Technology Development Center, Ministry of Education, China under Grant no. 2017A13025 and the Natural Science Foundation of Fujian Province under Grant no. 2018J01636.

Author information

Authors and Affiliations

  1. College of Computer Science and Engineering, Shandong University of Science and Technology, Shandong, China

    Chien-Ming Chen

  2. Hong Kong University of Science and Technology, Hong Kong, China

    King-Hang Wang

  3. Department of Information Management, National Dong Hwa University, Taiwan, China

    Kuo-Hui Yeh

  4. Harbin Institute of Technology (Shenzhen), Shenzhen, China

    Bin Xiang

  5. Fujian Provincial Key Laboratory of Big Data Mining and Applications, National Demonstration Center for Experimental Electronic Information and Electrical Technology Education, Fujian University of Technology, Fujian, China

    Tsu-Yang Wu

Authors
  1. Chien-Ming Chen
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. King-Hang Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Kuo-Hui Yeh
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Bin Xiang
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Tsu-Yang Wu
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Tsu-Yang Wu.

Additional information

Publisher’s Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Chen, CM., Wang, KH., Yeh, KH. et al. Attacks and solutions on a three-party password-based authenticated key exchange protocol for wireless communications. J Ambient Intell Human Comput 10, 3133–3142 (2019). https://doi.org/10.1007/s12652-018-1029-3

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s12652-018-1029-3

Keywords

Search

Navigation