Cryptanalysis of a simple three‐party password‐based key exchange protocol

In order to secure communications between two clients with a trusted server's help in public network environments, a three‐party authenticated key exchange (3PAKE) protocol is used to provide the transaction confidentiality and the efficiency. In 2009, Huang proposed a simple three‐party password‐based authenticated key exchange (HS‐3PAKE) protocol without any server's public key. By analysis, Huang claimed that the proposed HS‐3PAKE protocol is not only secure against various attacks, but also more efficient than previously proposed 3PAKE protocols. However, this paper demonstrates that HS‐3PAKE protocol is vulnerable to undetectable online password guessing attacks and off‐line password guessing attacks by any other user. Copyright © 2010 John Wiley & Sons, Ltd.     

Universally composable three‐party password‐authenticated key exchange with contributiveness

Three‐party password‐authenticated key exchange (3PAKE) allows two clients, each sharing a password with a trusted server, to establish a session key with the help of the server. It is a quite practical mechanism for establishing secure channels in a large communication network. However, most current 3PAKE protocols are analyzed in security models that do not adequately address protocol composition problem. In this paper, an ideal functionality for 3PAKE within the universal composability framework is defined, which not only provides security guarantees under arbitrary composition with other protocols but also achieves contributiveness and explicit authentication. Moreover, we propose a generic construction of contributory 3PAKE protocol and prove that it securely realizes the ideal functionality in the static corruption model. Copyright © 2014 John Wiley & Sons, Ltd.     

Cryptanalysis of an efficient three‐party password‐based key exchange scheme

Three‐party password‐authenticated key exchange (3PAKE) protocols allow entities to negotiate a secret session key with the aid of a trusted server with whom they share a human‐memorable password. Recently, Lou and Huang proposed a simple 3PAKE protocol based on elliptic curve cryptography, which is claimed to be secure and to provide superior efficiency when compared with similar‐purpose solutions. In this paper, however, we show that the solution is vulnerable to key‐compromise impersonation and offline password guessing attacks from system insiders or outsiders, which indicates that the empirical approach used to evaluate the scheme's security is flawed. These results highlight the need of employing provable security approaches when designing and analyzing PAKE schemes. Copyright © 2011 John Wiley & Sons, Ltd.     

Efficient three‐party password‐based key exchange scheme

In three‐party password‐based key exchange protocol, a client is allowed to share a human‐memorable password with a trusted server such that two clients can negotiate a session key to communicate with each other secretly. Recently, many three‐party password‐based key exchange protocols have been developed. However, these proposed schemes cannot simultaneously achieve security and efficiency. Based on elliptic curve cryptography (ECC), this paper will propose a new simple three‐party password‐based authenticated key exchange scheme. The proposed method not only reduces computation cost for remote users and a trusted server but also is more efficient than previously proposed schemes. It is better suited for resource constrained devices, such as smart cards or mobile units. Copyright © 2010 John Wiley & Sons, Ltd.     

Cryptanalysis and improvement of a three‐party password‐based authenticated key exchange protocol with user anonymity using extended chaotic maps

Three‐party password‐authenticated key exchange (3PAKE) protocols allow two clients to agree on a secret session key through a server via a public channel. 3PAKE protocols have been designed using different arithmetic aspects including chaotic maps. Recently, Lee et al. proposed a 3PAKE protocol using Chebyshev chaotic maps and claimed that their protocol has low computation and communication cost and can also resist against numerous attacks. However, this paper shows that in spite of the computation and communication efficiency of the Lee et al. protocol, it is not secure against the modification attack. To conquer this security weakness, we propose a simple countermeasure, which maintains the computation and communication efficiency of the Lee et al. protocol. Copyright © 2014 John Wiley & Sons, Ltd.     

On ‘a simple three‐party password‐based key exchange protocol’

In 2009, Huang (Int. J. Commun. Syst., 22 , 857–862) proposed a simple and efficient three‐party password‐based key exchange protocol without server's public key. This work shows that the protocol could be vulnerable to an undetectable online password guessing attack. Furthermore, an improved protocol is proposed to avoid the attack. Copyright © 2011 John Wiley & Sons, Ltd.     

Cryptanalysis and enhancements of efficient three‐party password‐based key exchange scheme

In this paper, we first showed that Lou and Huang's three‐party password‐based key exchange protocol is still vulnerable to offline dictionary attacks. Thereafter, we proposed an enhanced protocol that can defeat the attack described and yet is efficient. Finally, we provided the rigorous proof of the security for it. Copyright © 2011 John Wiley & Sons, Ltd.     

Robust smart‐card‐based remote user password authentication scheme

Smart‐card‐based remote user password authentication schemes are commonly used for providing authorized users a secure method for remotely accessing resources over insecure networks. In 2009, Xu et al. proposed a smart‐card‐based password authentication scheme. They claimed their scheme can withstand attacks when the information stored on the smart card is disclosed. Recently, Sood et al. and Song discovered that the smart‐card‐based password authentication scheme of Xu et al. is vulnerable to impersonation and internal attacks. They then proposed their respective improved schemes. However, we found that there are still flaws in their schemes: the scheme of Sood et al. does not achieve mutual authentication and the secret key in the login phase of Song's scheme is permanent and thus vulnerable to stolen‐smart‐card and off‐line guessing attacks. In this paper, we will propose an improved and efficient smart‐card‐based password authentication and key agreement scheme. According to our analysis, the proposed scheme not only maintains the original secret requirement but also achieves mutual authentication and withstands the stolen‐smart‐card attack. Copyright © 2012 John Wiley & Sons, Ltd.     

MaTRU‐KE: A key exchange protocol based on MaTRU cryptosystem

We propose a quantum ‐resistant key exchange protocol based on hard problems of lattices using MaTRU cryptosystem as an underlying scheme. A key exchange protocol based on NTRU cryptosystem given by Lie et al is not secure against man‐in‐the‐middle (MITM) attack. To remove this failure and provide a secure protocol, our protocol uses a trusted third party (TTP). Additionally, our protocol is better than NTRU‐KE on efficiency and security point of view. In this paper, we propose key exchange protocol with TTP and without TTP, and describe the advantages and disadvantages of both schemes.     

A secure and efficient password‐authenticated group key exchange protocol for mobile ad hoc networks

Password‐authenticated group key exchange protocols enable communication parties to establish a common secret key (a session key) by only using short secret passwords. Such protocols have been receiving significant attention. This paper shows some security weaknesses in some recently proposed password‐authenticated group key exchange protocols. Furthermore, a secure and efficient password‐authenticated group key exchange protocol in mobile ad hoc networks is proposed. It only requires constant round to generate a group session key under the dynamic scenario. In other words, the overhead of key generation is independent of the size of a total group. Further, the security properties of our protocol are formally validated by a model checking tool called AVISPA. Security and performance analyses show that, compared with other related group key exchange schemes, the proposed protocol is also efficient for real‐world applications in enhancing the security over wireless communications. Copyright © 2011 John Wiley & Sons, Ltd.     

An efficient chaos‐based 2‐party key agreement protocol with provable security

Key agreement protocol is an important cryptographic primitive, which allows 2 parties to establish a secure session in an open network environment. A various of key agreement protocols were proposed. Nowadays, there still exists some other security flaws waiting to be solved. Owing to reduce the computational and communication costs and improve the security, chaotic map has been studied in‐depth and treated as a good solution. Recently, Liu et al proposed a chaos‐based 2‐party key agreement protocol and demonstrated that it can defend denial‐of‐service attack and replay attack. We found, however, it cannot resist off‐line password‐guessing attack, and it also has some other security flaws. In this paper, we propose an improved chaos‐based 2‐party key agreement protocol. The results prove that the protocol can solve the threats of off‐line password‐guessing attack and other security flaws in the security proof section. What is more, performance analysis shows that the computational cost of the improved protocol is lower than Liu et al protocol.     

An off-line dictionary attack on a simple three-party key exchange protocol

Key exchange protocols allow two or more parties communicating over a public network to establish a common secret key called a session key. Due to their significance in building a secure communication channel, a number of key exchange protocols have been suggested over the years for a variety of settings. Among these is the so-called S-3PAKE protocol proposed by Lu and Cao for password-authenticated key exchange in the three-party setting. In the current work, we are concerned with the password security of the S-3PAKE protocol. We first show that S-3PAKE is vulnerable to an off-line dictionary attack in which an attacker exhaustively enumerates all possible passwords in an off-line manner to determine the correct one. We then figure out how to eliminate the security vulnerability of S-3PAKE.     

A pairing‐free identity‐based handover AKE protocol with anonymity in the heterogeneous wireless networks

Nowadays, seamless roaming service in heterogeneous wireless networks attracts more and more attention. When a mobile user roams into a foreign domain, the process of secure handover authentication and key exchange (AKE) plays an important role to verify the authenticity and establish a secure communication between the user and the access point. Meanwhile, to prevent the user's current location and moving history information from being tracked, privacy preservation should be also considered. However, existing handover AKE schemes have more or less defects in security aspects or efficiency. In this paper, a secure pairing‐free identity‐based handover AKE protocol with privacy preservation is proposed. In our scheme, users' temporary identities will be used to conceal their real identities during the handover process, and the foreign server can verify the legitimacy of the user with the home server's assistance. Besides, to resist ephemeral private key leakage attack, the session key is generated from the static private keys and the ephemeral private keys together. Security analysis shows that our protocol is provably secure in extended Canetti‐Krawczyk (eCK) model under the computational Diffie‐Hellman (CDH) assumption and can capture desirable security properties including key‐compromise impersonation resistance, ephemeral secrets reveal resistance, strong anonymity, etc. Furthermore, the efficiency of our identity‐based protocol is improved by removing pairings, which not only simplifies the complex management of public key infrastructure (PKI) but also reduces the computation overhead of ID‐based cryptosystem with pairings. It is shown that our proposed handover AKE protocol provides better security assurance and higher computational efficiency for roaming authentication in heterogeneous wireless networks.     

Securing RTP Packets Using Per‐Packet Key Exchange for Real‐Time Multimedia

For secure multimedia communications, existing encryption techniques use an online session key for the key exchange, for which key size is limited to less than 10 digits to accommodate the latency condition caused by user devices only being able to handle low computational loads. This condition results in poor security of recorded encrypted data. In this letter, we propose a packet key scheme that encrypts real‐time packets using a different key per packet for multimedia applications. Therefore, a key of a relatively small size can provide after‐transmission confidentiality to data of a real‐time session.     

A privacy‐preserving biometrics based authenticated key agreement scheme using ECC

To ensure secure communication over the insecure public network, this work presents a privacy‐preserving biometrics‐based authenticated key agreement scheme using elliptic curve cryptography, making full use of the advantages that the biometrics can be used to uniquely identify a particular human, and the elliptic curve cryptography can provide the same level security with far less key size compared with other public key cryptography. The proposed scheme realizes the mutual authentication of participants, session key agreement, and various security properties and also can resist kinds of known attacks. Moreover, the proposed scheme has perfect user experience in the aspect of changing password by not interacting with the server. In addition, the security features of our new designed scheme are formally proved under the widely used BPR adversary model. Therefore, from the viewpoint of the authors, the proposed scheme can be considered as the authenticated key agreement scheme for mobile users.     

Verifiable three-party secure key exchange protocol based on eigenvalue

In order to solve the problem that the traditional key exchange protocol,which was not flexible enough and flawed in security,cannot provide the function of three-party key negotiation,firstly,a simple and flexible three-party key exchange scheme that can resist man-in-the-middle attacks was proposed with the help of secret matrix eigenvalues.However,the validity of key exchange cannot be verified by the scheme,and counterfeiting by middlemen can’t be prevented.Then based on it,the secret matrix was reconstructed,where the matrix order was a large even number,and all the eigenvalues appeared in pairs,similar to the diagonal matrix.Based on the special secret matrix,the verification part which can be used to verify the legitimacy of the communication party was introduced to the scheme,and the verifiable three-party key exchange protocol based on the eigenvalue was given.The protocol not only solved the problem of three-party key exchange,but also verified identity legitimacy.It is proved that it’s feasible to design a three-party key exchange protocol by the eigenvalue.The final protocol is both secure and efficient.     

MaTRU‐KE revisited: CCA2‐secure key establishment protocol based on MaTRU

Quantum attack–resistant cryptosystems are required for secure communication since there is a big demand to have quantum computers. Lattice‐based cryptography is one of the quantum‐secure families due to its key/ciphertext sizes and performance. NTRU‐based cryptosystems, a member of lattice‐based cryptosystems, have received much more attention. MaTRU, a noncommutative version of NTRU with some matrix properties, is used to obtain a key exchange protocol in 2018. In this paper, we focus on MaTRU‐based key exchange protocols having CCA2 properties. We propose CCA2‐secure versions of MaTRU‐KE and then provide a security analysis of CCA2‐secure key establishment protocols. We also provide a comparison with the previous ones.     

Cryptanalysis and security enhancement of a robust two‐factor authentication and key agreement protocol

Two‐factor user authentication scheme allows a user to use a smart card and a password to achieve mutual authentication and establish a session key between a server and a user. In 2012, Chen et al. showed that the scheme of Sood et al. does not achieve mutual authentication and is vulnerable to off‐line password guessing and smart card stolen attacks. They also found that another scheme proposed by Song is vulnerable to similar off‐line password guessing and smart card stolen attacks. They further proposed an improved scheme. In this paper, we first show that the improved scheme of Chen et al. still suffers from off‐line password guessing and smart card stolen attacks, does not support perfect forward secrecy, and lacks the fairness of session key establishment. We then propose a new security‐enhanced scheme and show its security and authentication using the formal verification tool ProVerif, which is based on applied pi calculus. Copyright © 2014 John Wiley & Sons, Ltd.     

Cryptanalysis of an identity‐based authenticated key exchange protocol

Authenticated key exchange protocols represent an important cryptographic mechanism that enables several parties to communicate securely over an open network. Elashry, Mu, and Susilo proposed an identity‐based authenticated key exchange (IBAKE) protocol where different parties establish secure communication by means of their public identities.The authors also introduced a new security notion for IBAKE protocols called resiliency, that is, if the secret shared key is compromised, the entities can generate another shared secret key without establishing a new session between them. They then claimed that their IBAKE protocol satisfies this security notion. We analyze the security of their protocol and prove that it has a major security flaw, which renders it insecure against an impersonation attack. We also disprove the resiliency property of their scheme by proposing an attack where an adversary can compute any shared secret key if just one secret bit is leaked.     

基于口令认证的密钥交换协议的安全性分析

在串空间理论模型引入了描述DH问题的方法以及分析猜测攻击的攻击者能力,对基于口令认证的密钥交换协议的安全性进行了形式化分析。提出一个对DH-EKE协议的简化,并证明了该协议的安全性:口令的秘密性,认证性,以及会话密钥的秘密性.根据分析给出基于口令认证的密钥交换协议抵抗猜测攻击的基本条件.将分析方法应用到基于口令的三方密钥交换协议上,给出单纯基于口令进行密钥交换协议的安全性需要满足的一个必要条件.