Skip to main content
SpringerLink
Log in

ECC-Based Password-Authenticated Key Exchange in the Three-Party Setting

  • Research Article - Computer Engineering and Computer Science
  • Published:
Arabian Journal for Science and Engineering Aims and scope Submit manuscript

Abstract

This paper investigates three-party password authenticated key exchange protocols using elliptic curve cryptosystem (ECC). We first show that the direct elliptic curve analog of Chien’s protocol proposed most recently is vulnerable to off-line dictionary attack. Thereafter, we present an enhanced protocol based on ECC. Our proposal can defeat password-guessing attacks and the stolen-verifier attacks. And yet, it is also efficient. Furthermore, we can provide the rigorous proof of the security for it. Therefore, the protocol is quite popular in low resource environments.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Bellare, M.; Pointcheval, D.; Rogaway, P.: Authenticated key exchange secure against dictionary attacks. In: Proceedings of Advances in Cryptology: EUROCRYPT 2000. LNCS, vol. 1807, pp. 139–155. Springer (2000)

  2. Boyko, V.; MacKenzie, P.D.; Patel, S.: Provably secure password-authenticated key exchange using Diffie–Hellman. In: Proceedings of Advances in Cryptology: EUROCRYPT 2000. LNCS, vol. 1807, pp. 156–171. Springer (2000)

  3. Bresson, E.; Chevassut, O.; Pointcheval, D.: New security results on encrypted key exchange. In: Proceedings of PKC 2004: 7th International Workshop on Theory and Practice in Public Key Cryptography. LNCS, vol. 2947, pp. 145–158, Springer (2004)

  4. Gennaro, R.; Lindell, Y.: A framework for password-based authenticated key exchange. In: Proceedings of Advances in Cryptology: EUROCRYPT 2003. LNCS, vol. 2656, pp. 524–543. Springer (2003)

  5. Goldreich, O.; Lindell, Y.: Session-key generation using human passwords only. In: Proceedings of Advances in Cryptology: CRYPTO 2001. LNCS, vol. 2139, pp. 408–432. Springer (2001)

  6. Boyd, C.; Montague, P.; Nguyen, K.: Elliptic curve based password authenticated key exchange protocols. In: Proceedings of 28th Australasian Conference on Information Security and Privacy: ACISP 2001. LNCS, vol. 2119, pp. 487–501, Springer (2001)

  7. MacKenzie, P.D.; Patel, S.; Swaminathan, R.: Password-authenticated key exchange based on RSA. In: Proceedings of Advances in Cryptology: ASIACRYPT 2000. LNCS, vol. 1976, pp. 599–613. Springer (2000)

  8. Abdalla, M.; Chevassut, O.; Pointcheval, D.: One-time verifier-based encrypted key exchange. In: Proceedings of the 8th International Workshop on Theory and Practice in Public Key (PKC ’05). LNCS, vol. 3386, pp. 47–64. Springer (2005)

  9. Abdalla, M.; Pointcheval, D.: Simple password-based encrypted key exchange protocols. In: Proceedings of Topics in Cryptology: CT-RSA 2005. LNCS, vol. 3376, pp. 191–208, Springer (2005)

  10. Abdalla, M.; Fouque, P.-A.; Pointcheval, D.: Password-based authenticated key exchange in the three-party setting. In: Proceedings of PKC’2005. LNCS, vol. 3386, pp. 65–84, Springer (2005) [Full version appeared in IEE Information Security 153(1), 27–39 (2006)]

  11. Abdalla, M.; Pointcheval, D.: Interactive Diffie–Hellman assumptions with applications to password-based authentication. In: Proceedings of FC’2005. LNCS, vol. 3570, pp. 341–356. Springer (2005)

  12. Lu R.X., Cao Z.F (2007) Simple three-party key exchange protocol. Comput. Secur. 26: 94–97

    Article  Google Scholar 

  13. Chien H.Y., Wu T.C (2009) Provably secure password-based three-party key exchange with optimal message steps. Comput. J. 52(6): 646–655

    Article  Google Scholar 

  14. Huang H.-F (2009) A simple three-party password-based key exchange protocol. Int. J. Commun. Syst. 22(7): 857–862

    Article  Google Scholar 

  15. Zeng Y., Ma J., Moon S (2010) An improvement on a three-party password-based key exchange protocol using weil pairing. Int. J. Netw. Secur. 11(1): 17–22

    Google Scholar 

  16. Lo J.-W., Lee J.-Z., Hwang M.-S., Chu Y.-P (2010) An advanced password authenticated key exchange protocol for imbalanced wireless networks. J. Internet Technol. 11(7): 997–1004

    Google Scholar 

  17. Lee T-F., Hwang T (2010) Simple password-based three-party authenticated key exchange without server public keys. Inf. Sci. 180(9): 1702–1714

    Article  MATH  Google Scholar 

  18. Chang T.-Y., Hwang M.-S., Yang W.-P (2011) A communication- efficient three-party password authenticated key exchange protocol. Inf. Sci. 181: 217–226

    Article  MathSciNet  Google Scholar 

  19. H.-Y. Chien (2011) Secure verifier-based three-party key exchange in the random oracle model. J. Inf. Sci. Eng. 27(4): 1487–1501

    MathSciNet  MATH  Google Scholar 

  20. Lou D.-C., Huang H.-F (2011) Efficient three-party password-based key exchange scheme. Int. J. Commun. Syst. 24(4): 504–512

    Article  Google Scholar 

  21. Wang, W.; Hu, L.: Efficient and provably secure generic construction of three-party password-based authenticated key exchange protocols. In: Proceedings of INDOCRYPT 2006. LNCS, vol. 4329, pp. 118–132. Springer (2006)

  22. Choo, K.-K.R.; Boyd, C.; Hitchcock, Y.: Examining indistinguishability-based proof models for key establishment protocols. In: Proceedings of ASIACRYPT’2005. LNCS, vol. 3788, pp. 585–604. Springer (2005)

  23. Chung H.-R., Ku W.-C (2008) Three weaknesses in a simple three-party key exchange protocol. Inf. Sci. 178: 220–229

    Article  MathSciNet  MATH  Google Scholar 

  24. Yoon E.J., Yoo K.Y (2011) Cryptanalysis of a simple three-party password-based key exchange protocol. Int. J. Commun. Syst. 24(4): 532–542

    Article  Google Scholar 

  25. Hankerson, D.; Menezes, A.; Vanstone, S.: Guide to Elliptic Curve Cryptography. Springer, Berlin (2004)

  26. Koblitz N (1987) Elliptic curve cryptosystem. Math. Comput. 48: 203–209

    Article  MathSciNet  MATH  Google Scholar 

  27. Abdalla, M.; Bellare, M.; Rogaway, P.: The oracle Diffie–Hellman assumptions and an analysis of DHIES. In: Proceedings of CT-RSA’2001 pp. 143–158. Springer (2001)

  28. Pointcheval, D.: Provable Security for public key schemes. In: Contemporary Cryptology. Advanced Courses in Mathematics, CRM Barcelona, pp. 133–189 (2005)

  29. Ding Y., Horster P (1995) Undetectable on-line password guessing attacks. ACM Oper. Syst. Rev. 29: 77–86

    Article  Google Scholar 

  30. Liang, H.; Hu, J.; Wu, S.: Re-attack on a three-party password-based authenticated key exchange protocol. Math. Comput. Model. (2012). doi:10.1016/j.mcm.2012.10.019

  31. Wu S (2011) Security analysis and enhancements of verifier-based password-authenticated key exchange protocols in the three-party setting. J. Inf. Sci. Eng. 27: 1059–1072

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Zhengzhou Information Science and Technology Institute, Zhengzhou, China

    Tingting Liu & Shuhua Wu

  2. CIMS Research Center, Tongji University, Shanghai, China

    Qiong Pu

  3. College of Computer Science, Beijing University of Technology, Beijing, China

    Yong Zhao

Authors
  1. Tingting Liu
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Qiong Pu
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Yong Zhao
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Shuhua Wu
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Tingting Liu.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Liu, T., Pu, Q., Zhao, Y. et al. ECC-Based Password-Authenticated Key Exchange in the Three-Party Setting. Arab J Sci Eng 38, 2069–2077 (2013). https://doi.org/10.1007/s13369-013-0543-z

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s13369-013-0543-z

Keywords

Search

Navigation