Skip to main content
SpringerLink
Log in

Cryptanalysis and Design of a Three-Party Authenticated Key Exchange Protocol Using Smart Card

  • Research Article -- Computer Engineering and Computer Science
  • Published:
Arabian Journal for Science and Engineering Aims and scope Submit manuscript

Abstract

Three-party authenticated key exchange protocol (3PAKE) is used to provide security protection on the transmitted data over the insecure communication by performing session key agreement between the entities involved. Comparing with the 2PAKE protocol, 3PAKE protocol is more suitable for managing unrestricted number of users. Recently, several researchers have proposed many 3PAKE protocols using smart card. However, we have scrutinized carefully recently published Yang et al.’s protocol, and it has been observed that the same protocol suffers from several security weaknesses such as insider attack, off-line password guessing attack, many logged-in users’ attack and replay attack. Moreover, we have justified a serious security issue of the password change phase of the same scheme. In order to fix the above-mentioned shortcomings, this paper proposes an efficient 3PAKE protocol using smart card based on the cryptographic one-way hash function. The formal security analysis proves that proposed protocol provides strong security protection on the relevant security attacks including the above-mentioned security weaknesses. Moreover, the simulation results of the proposed scheme using AVISPA tool show that the same protocol is SAFE under OFMC and CL-AtSe models. The performance comparisons are also made, which ensure that the protocol is relatively better than the existing related schemes. To the best of our knowledge, the proposed scheme should be implemented in practical application, as it provides well security protection on the relevant security attacks, provides relatively better complexities than the existing schemes, achieves proper mutual authentication along with user-friendly password change phase.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Diffie W., Hellman M.: New directions in cryptography. IEEE Trans. Inf. Theory. 22, 644–654 (1976)

    Article  MATH  MathSciNet  Google Scholar 

  2. Bellovin, S.M.; Merritt, M.: Encrypted key exchange: password based protocols secure against dictionary attacks. In: Proceedings of IEEE Symposium on Research in Security and Privacy, pp. 72–84 (1992)

  3. Farash M.S., Bayat M., Attari M.A.: Vulnerability of two multiple-key agreement protocols. Comput. Electr. Eng. 37(2), 199–204 (2011)

    Article  MATH  Google Scholar 

  4. Farash, M.S.; Attari, M.A.: Cryptanalysis and impro-vement of a chaotic maps-based key agreement proto-col using Chebyshev sequence membership testing. Nonlinear Dyn. (2013) doi:10.1007/s11071-013-1204-1

  5. Diffie W., Wiener M., Oorschot P.V.: Authentication and authenticated key exchanges. Des. Codes Cryptogr. 2, 107–125 (1992)

    Article  MathSciNet  Google Scholar 

  6. Abdalla, M.; Fouque, P.A.; Pointcheval, D.: Password based authenticated key exchange in the three-party setting. In: Proceedings of the PKC’05, pp. 65–84 (2005)

  7. Law L., Menezes A., Qu M., Solinas J., Vanstone S.: An efficient protocol for authenticated key agreement. Des. Codes Cryptogr. 28, 119–134 (2003)

    Article  MATH  MathSciNet  Google Scholar 

  8. Yang Y., Deng R.H.l, Bao F.: A practical password-based two-server authentication and key exchange system. IEEE Trans. Dependable Secure Comput. 3, 105–114 (2006)

    Article  Google Scholar 

  9. Li X., Qiu W., Zheng D., Chen K., Li J.: Anonymity enhancement on robust and efficient password-authenticated key agreement using smart cards. IEEE Trans. Ind. Electron. 57, 793–800 (2010)

    Article  Google Scholar 

  10. Chang, C.; Lee, J.; Cheng, T.: Security design for three-party encrypted key exchange protocol using smart cards. In: Proceedings of the 2nd International Conference on Ubiquitous Information Management and Communication, pp. 329–333 (2008)

  11. Juang W.S.: Efficient three-party key exchange using smart cards. IEEE Trans. Consum. Electron. 50, 619–624 (2004)

    Article  Google Scholar 

  12. Yoon, E.J.; Yoo, K.Y.: Token-based authenticated key establishment protocols for three-party communication. In: Proceedings of the Conference on Emerging Direction in Embedded and Ubiquitous Computing, LNCS 4809, pp. 758–769 (2007)

  13. Yoon, E.J.; Yoo, K.Y.: 3PSA: 3-Party Smart Card-Based Authentication Scheme. In: Proceedings of the Fourth International Conference on Innovative Computing Information and Control(ICICIC), pp. 1447–1451 (2009)

  14. Kwon J.O., Jeong I.R., Lee D.H.: Three-round smart card-based key exchange scheme. IEICE Trans. Commun. E90-B, 3255–3258 (2007)

    Article  Google Scholar 

  15. Yang H., Zhang Y., Zhou Y., Fu X., Liu H., Vasilakos A.V.: Provably secure three-party authenticated key agreement protocol using smart cards. Comput. Netw. 58, 29–38 (2014)

    Article  Google Scholar 

  16. Chang T.Y., Hwang M.S., Yang W.P.: A communication-efficient three-party password authenticated key exchange protocol. Inf. Sci. 181(1), 217–226 (2011)

    Article  MathSciNet  Google Scholar 

  17. Wu S., Pu Q., Wang S., He D.: Cryptanalysis of a communication-efficient three-party password authenticated key exchange protocol. Inf. Sci. 215(1), 83–96 (2012)

    Article  MATH  MathSciNet  Google Scholar 

  18. Farash, M.S.; Attari, M.A.: An efficient and provably secure three-party password-based authenticated key exchange protocol based on Chebyshev chaotic maps. Nonlinear Dyn. (2014) doi:10.1007/s11071-014-1304-6

  19. Wu S., Chen K., Zhu Y.: Enhancements of A Three-Party Password-Based Authenticated Key Exchange Protocol. Int. Arab J. Inf. Technol. 10(3), 215–221 (2013)

    Google Scholar 

  20. Lou D.C., Huang H.F.: Efficient three-party password-based key exchange scheme. Int. J. Commun. Syst. 24, 504–512 (2011)

    Article  Google Scholar 

  21. Xie Q., Zhao J., Yu X.: Chaotic maps-based three-party password-authenticated key agreement scheme. Nonlinear Dyn. 74(4), 1021–1027 (2013)

    Article  MATH  MathSciNet  Google Scholar 

  22. Zhao F., Gong P., Li S., Li M., Li P.: Cryptanalysis and improvement of a three-party key agreement protocol using enhanced Chebyshev polynomials. Nonlinear Dyn. 74(1–2), 419–427 (2013)

    Article  MATH  MathSciNet  Google Scholar 

  23. Tan Z.: A chaotic maps-based authenticated key agreement protocol with strong anonymity. Nonlinear Dyn. 72(1–2), 311–320 (2013)

    Article  MATH  Google Scholar 

  24. Lee C.C., Hsu C.W.: A secure biometric-based remote user authentication with key agreement scheme using extended chaotic maps. Nonlinear Dyn. 71(1–2), 201–211 (2013)

    Article  MathSciNet  Google Scholar 

  25. Guo C., Chang C.C.: Chaotic maps-based password-authenticated key agreement using smart cards. Commun. Nonlinear Sci. Numer. Simul. 18(6), 1433–1440 (2013)

    Article  MATH  MathSciNet  Google Scholar 

  26. Lee C., Li C., Hsu C.: A three-party password-based authenticated key exchange protocol with user anonymity using extended chaotic maps. Nonlinear Dyn. 73(1–2), 125–132 (2013)

    Article  MATH  MathSciNet  Google Scholar 

  27. Yoon, E.J.; Yoo, K.Y.: Enhanced three-round smart card-based key exchange protocol. In: Proceedings of the 5th International Conference on Autonomic and Trusted Computing (ATC 2008), LNCS 5060, pp. 507–515 (2008)

  28. Chang Y.-F., Yu S.-H., Shiao D.-R.: An uniqueness-and anonymity-preserving remote user authentication scheme for connected health care. J. Med. Syst. 37, 9902 (2013)

    Article  Google Scholar 

  29. Messerges T.S., Dabbish E.A., Sloan R.H.: Examining smart-card security under the threat of power analysis attacks. IEEE Trans. Comput. 51(5), 541–552 (2002)

    Article  MathSciNet  Google Scholar 

  30. Kocher, P.; Jaffe, J.; Jun, B.: Differential power analysis. In: Proceedings of advances in Cryptology, pp. 388–397 (1999)

  31. Jina A.T.B., Linga D.N.C., Goh A.: Biohashing: Two factor authentication featuring fingerprint data and tokenised random number. Pattern Recogn. 37(11), 2245–2255 (2004)

    Article  Google Scholar 

  32. Lumini A., Nanni L.: An improved BioHashing for human authentication. Pattern Recogn. 40(3), 1057–1065 (2007)

    Article  MATH  Google Scholar 

  33. Amin R., Biswas G.P.: A Novel User Authentication and Key Agreement Protocol for Accessing Multi-Medical Server Usable in TMIS. J. Med. Syst. 39(3), 1–17 (2015)

    Article  Google Scholar 

  34. Mishra D., Das A.K., Mukhopadhyay S.: A secure user anonymity-preserving biometric-based multi-server authenticated key agreement scheme using smart cards. Expert Syst. Appl 41(18), 8129–8143 (2014)

    Article  Google Scholar 

  35. Das A.K., Goswami A.: A Secure and Efficient Uniqueness-and-Anonymity-Preserving Remote User Authentication Scheme for Connected Health Care. J. Med. Syst. 37, 9948 (2013). doi:10.1007/s10916-013-9948-1

    Article  Google Scholar 

  36. Pu Q., Wang J., Wu S., Fu J.: Secure verifier-based three-party password-authenticated key exchange. Peer peer Netw. Appl. 6(1), 15–25 (2013)

    Article  Google Scholar 

  37. Youn T.Y., Kang E.S., Lee C.: Efficient three-party key exchange protocols with round efficiency. Telecommun Syst. 52(2), 1367–1376 (2013)

    Google Scholar 

  38. Chang T.Y., Hwang M.S., Yang W.P.: A communication-efficient three-party password authenticated key exchange protocol. Inf. Sci. 181(1), 217–226 (2011)

    Article  MathSciNet  Google Scholar 

  39. Tso R.: Security analysis and improvements of a communication-efficient three-party password authenticated key exchange protocol. J Supercomput. (2013). doi:10.1007/s11227-013-0917-8

  40. Farash, M.S.; Attari, M.A.: An efficient client-client password-based authentication scheme with provable security. J Supercomput. (2014). doi:10.1007/s11227-014-1273-z

  41. Lee J.-S., Chang C.-C.: Secure communications for cluster-based ad hoc networks using node identities. J. Netw. Comput. Appl. 30(4), 1377–1396 (2007)

    Article  Google Scholar 

  42. Schneier B.: Applied Cryptography Protocols Algorithms and Source Code in C, second ed. Wiley, London (1996)

    Google Scholar 

  43. Amin, R.; Bisaws, G.P.: Design and analysis of bilinear pairing based mutual authentication and key agreement protocol usable in multi-server environment. Wireless Personal Commun. (2015). doi:10.1007/s11277-015-2616-7

  44. Amin, R.; Bisaws, G.P.: Remote access control mechanism using rabin public key cryptosystem. In: Information Systems Design and Intelligent Applications, pp. 525–533. Springer (2015). doi:10.1007/978-81-322-2250-7_52

  45. Amin, R.; Bisaws, G.P.: Anonymity preserving secure hash function based authentication scheme for consumer USB mass storage device, In: 2015 Third International Conference on Computer, Communication, Control and Information Technology (C3IT), pp. 1–6 (2015) doi:10.1109/C3IT.2015.7060190

  46. Amin, R.; Bisaws, G.P.: A secure three-factor user authentication and key agreement protocol for TMIS with user anonymity. J. Med. Syst. (2015). doi:10.1007/s10916-015-0258-7)

  47. Amin, R.; Bisaws, G.P.: An improved RSA based user authentication and session key agreement protocol usable in TMIS. J. Med. Syst. (2015). doi:10.1007/s10916-015-0262-y

  48. Amin R.: Cryptanalysis and an efficient secure ID-based remote user authentication scheme using smart card. Int. J. Comput. Appl. 75(13), 43–48 (2013)

    Google Scholar 

  49. AVISPA. AVISPA Web Tool. http://www.avispa-project.org/web-interface/expert.php/. Accessed December 2014 (2014)

  50. AVISPA. (2014). Automated validation of internet security protocols and applications. http://www.avispa-project.org/

  51. Dolev D., Yao A.: On the security of public key protocols. IEEE Trans. Inf. Theory 29(2), 198–208 (1983)

    Article  MATH  MathSciNet  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science and Engineering, Indian School of Mines, Dhanbad, 826004, India

    Ruhul Amin & G. P. Biswas

Authors
  1. Ruhul Amin
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. G. P. Biswas
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Ruhul Amin.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Amin, R., Biswas, G.P. Cryptanalysis and Design of a Three-Party Authenticated Key Exchange Protocol Using Smart Card. Arab J Sci Eng 40, 3135–3149 (2015). https://doi.org/10.1007/s13369-015-1743-5

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s13369-015-1743-5

Keywords

Search

Navigation