Abstract
Three-party authenticated key exchange protocol(3PAKE) is an important cryptographic technique for securecommunication which allows two parties to agree a new securesession key with the help of a trusted server. In this paper, weproposed a new three-party authenticated key exchange protocolwhich aims to achieve more efficiency with the same security levelof other existing 3PAKE protocols. Security analysis and formalverification using AVISPA tools show that the proposed protocolis secure against various known attacks. Comparing with othertypical 3PAKE protocols, the proposed protocol is more efficientwith less computation complexity.
I. INTRODUCTION
Encrypted key exchange authentication approaches are importantand widely applied in network communication. By theauthentication approaches, two communication parties share asecret key with a trusted server. When the communication partiesexchange information confidentially with authenticationproperty over an insecure network, they must be in agreementwith a new secret session key by the help of a server. This kindof key exchange method is called three-party authenticatedkey exchange (3PAKE). And the 3PAKE protocol can beemployed for various applications for mutual authenticationand secure communication, e.g. a trusted server assists intransactions between buyer and seller in e-commerce, homelocation register helps caller’s dial with visited location registerover telecommunication, etc.These 3PAKE protocols should meet various security requirementsof the applications, which can be described asfollows.• Mutual authentication: The participants of protocolsshould be authenticated by the server and also they mustauthenticate each other by themselves.• Secession key security: The agreed session key shouldonly be known by the parties who participate in thecommunication process.• Perfect forward secrecy: Perfect forward secrecy is theproperty that a session key derived from a set of longtermkeys will not be compromised if one of the longtermkey is compromised in the future.A good design of the 3PAKE protocol should be secureunder various known attacks which include common protocolattacks and cryptanalysis attacks. The common protocolattacks can be summarized as follows.• Man-in-the-middle attacks: The attacker makes independentconnections with the victims and relays messagesbetween them, making them believe that they are communicatingdirectly to each other over a private connectionwhereas, in fact, the entire conversation is controlled bythe attacker.• Replay attacks: A valid data transmission is maliciouslyor fraudulently repeated or delayed.The cryptanalysis attacks can be classified into three types[1]: off-line dictionary attacks, undetectable on-line dictionaryattacks and detectable on-line dictionary attacks.Password-based authentication has attracted a lot of attentiondue to its simplicity and convenience in key agreement.And many three-party authenticated key exchange protocolshave been proposed [2]–[7] in recent years. Yeh et al. [2] haveproposed two 3PAKE protocols for secure communication overa public network. One is a plaintext-equivalent authenticationprotocol and the other is a verifier-based authentication protocol.Lee et al. [6] have proposed an improved encryptedkey exchange protocol for authentication and key agreementbased on the protocol developed by Yeh et al. [2]. They haveclaimed that the proposed protocols have same computationcomplexity as the protocol of Yeh et al. For both schemes of[2] and [6], the server’s public key is needed. Lu and Cao [3]have proposed a new simple three-party password-based authenticatedkey exchange (S-3PAKE) protocol which does notrequire any server’s public key. Chung and Ku [8] have foundthat S-3PAKE protocol is vulnerable to an impersonation-ofinitiatorattack, an impersonation-of-responder attack, and aman-in-the-middle attack. And also Guo et al. [9] have foundthat S-3PAKE is vulnerable to a kind of man-in-the-middleattack that exploits an authentication flaw in the protocol andis subject to the undetectable on-line dictionary attack. Thenthey have provided an improved version. Kim and Choi [10]have proposed another improved version of S-3PAKE againstthe on-line password guessing attack. And both these twoimproved version of protocols [9], [10] have more computationcost than the original S-3PAKE protocol though they are moresecure.


Download full report
http://ieeexplore.ieeeiel5/5465898/54666...er=5466648