[attachment=6198]
This article is presented by:
Hui-Feng Huang and Yi-Jia Chang
Graduate School of Computer Science and Information Technology
National Taichung Institute of TechnologyAn Efficient Three Party Authenticated Key Exchange for Mobile Communications
ABSTRACT
In three-party password based key exchange protocol, a client is allowed to share a human-memorable password with a trusted server such that two clients can negotiate a session key to communicate with each other secretly. Recently, many three-party password based key exchange protocols have been developed. However, these proposed schemes cannot simultaneously achieve security and efficiency. Based on elliptic curve cryptography (ECC), this article will propose a new three-party password based authenticated key exchange scheme. The proposed method not only reduces computation cost for remote users and a trusted server but also is more efficient than previously proposed schemes. It is very suitable for hardware-limited users such as mobile units or smart cards.
INTRODUCTION
Diffie and Hellman’s protocol is the first key exchange protocol [5]. However, Diffie and Hellman protocol does not provide authentication mechanism, and therefore easily suffers from “man-in-the-middle” attack. To overcome this problem, many key exchange protocols with authentication function have been developed [1,3], among which password based authenticated key exchange protocols are of interest. Since the password based authenticated key exchange protocols require users only to remember a human-memorable password, it is rather simple and user friendly. In 1992, Bellovin and Merritt is the first password based authenticated key exchange (PAKE) protocol which has been widely studied and much research has been proposed [2]. Recently, besides the two-party PAKE protocols, many researchers have begun to study the three-party PAKE protocols [10,12,13,14]. In a three-party password based authenticated key exchange, each client (user) first shares a human-memorable password with a trusted server (TS), and then when two users wish to create a session key, they resort to the trusted server for authenticating each other. With the sharing passwords, TS can help the two clients to authenticate each other and construct a common key for secure communication. However, these previously proposed schemes cannot resist the password guessing attacks [7,8,14]. In order to improve the password guessing attacks, Lin et al. presented a new three-party password based authenticated key exchange by using the server’s public key [11]. However, employing the server’s public key places a burden on the clients, because they have to verify it in advance. Therefore, many three-party key exchange protocols without a server’s public key have been developed to improve this issue [9,10,12,13]. Unfortunately, some of them require more rounds for authentication protocol - the bandwidth consumption rates are quite demanding and likely to bottleneck in many applications [11] - the others are not secure [9,10,12]. Later, to the best of our knowledge, Lu and Cao proposed a three-party password based key exchange protocol which is more efficient than previously proposed schemes [14]. However, in 2008, Chang points out that Lu and Cao’s also suffers from on-line password guessing attacks [5]. Currently, more and more people need secure transactions by cell phone for the electronic commerce. The security and efficiency are both important requirements for mobile communications. It is necessary to construct low-computation and communication for three-party key exchange protocol, two remote users and a trusted server. Moreover, compared to Diffie-Hellman key agreement [5] or the RSA cryptography system [16], elliptic curve cryptography (ECC) can achieve the same level of security with smaller key size. For example, it has been shown that 160-bit ECC provides comparable security to 1024-bit RSA and 224-bit ECC provides comparable security to 2048-bit RSA [7,15]. Hence, under the same security level, smaller key sizes of ECC offer merits of computational efficiency, as well as memory, and bandwidth saving. It is better suited for resource constrained devices such as smart cards or mobile units. Therefore, based on ECC, this article proposes an efficient three-party password based key exchange without the server’s public key. The proposed method not only reduces computation cost for remote users and a trusted server but also is more efficient than Lu and Cao’s scheme [14]. It is very suitable for the mobile environments.