Improving security of a communication-efficient three-party password authentication key exchange protocol

International Journal of Network Security

Volumn 17, Issue 1, 2015, Pages 1-6

  Lee, Cheng Chi ^a,c   Chiu, Shih Ting ^a   Li, Chun Ta ^b  

^a FU JEN CATHOLIC UNIVERSITY   (Taiwan)

^b TAINAN UNIVERSITY OF TECHNOLOGY   (Taiwan)

^c ASIA UNIVERSITY   (Taiwan)

Author keywords

Authentication; Cryptanalysis; Guessing attack; Key exchange; Password based; Three party

Indexed keywords

ALUMINUM; SECURE COMMUNICATION;

CRYPTANALYSIS; GUESSING ATTACKS; KEY EXCHANGE; PASSWORD-BASED; THREE-PARTY;

AUTHENTICATION;

EID: 84921662977     PISSN: 1816353X     EISSN: 18163548     Source Type: Journal    
DOI: None     Document Type: Article

References (43)

1. S. M. Bellovin and M. Merritt, "Encrypted key exchange: password-based protocols secure against dictionary attacks," in Proceedings of 1992 IEEE Computer Society Conference on Research in Security and Privacy, pp. 72-84, 1992.
2. T. Y. Chang, M. S. Hwang, and W. P. Yang, "A communication-efficient three-party password authenticated key exchange protocol," Information Sciences, vol. 181, pp. 217-226, 2011.
3. T. Y. Chang, C. C. Yang and M. S. Hwang, "Improvement of convertible authenticated encryption schemes and its multiple recipients version", International Journal of Security and Its Applications, vol. 6, no. 4, pp. 151-162, 2012.
4. T. Y. Chang, W. P. Yang, M. S. Hwang, "Simple authenticated key agreement and protected password change protocol", Computers & Mathematics with Applications, vol. 49, pp. 703-714, 2005.
5. T. Y. Chen, C. C. Lee, M. S. Hwang, J. K. Jan, "Towards secure and efficient user authentication scheme using smart card for multi-server environments," The Journal of Supercomputing, vol. 66, no. 2, pp. 1008-1032, 2013.
6. T. H. Feng, C. H. Ling, and M. S. Hwang, "Cryptanalysis of Tan's improvement on a password authentication scheme for multi-server environments," International Journal of Network Security, vol. 16, no. 4, pp. 318-321, 2014.
7. D. He, J. Chen, and J. Hu, "Weaknesses of a remote user password authentication scheme using smart card," International Journal of Network Security, vol. 13, no. 1, pp. 58-60, 2011.
8. H. C. Hsiang and W. K. Shih, "Weaknesses and improvements of the Yoon-Ryu-Yoo remote user authentication scheme using smart cards," Computer Communications, vol. 32, no. 4, pp. 649-652, 2009.
9. W. B. Hsieh and J. S. Leu, "Exploiting hash functions to intensify the remote user authentication scheme," Computers & Security, vol. 31, no. 6, pp. 791-798, 2012.
10. M. S. Hwang, S. Y. Hsiao, W. P. Yang, "Security on improvement of modified authenticated key agreement protocol," Information - An International Interdisciplinary Journal, vol. 17, no. 4, pp.1173-1178, 2014.
11. M. S. Hwang, C. C. Lee, Y. L. Tang, "An improvement of SPLICE/AS in WIDE against guessing attack", International Journal of Informatica, vol. 12, no. 2, pp.297-302, 2001.
12. M. S. Hwang, S. K. Chong, T. Y. Chen, "DoS-resistant ID-based password authentication scheme using smart cards", Journal of Systems and Software, vol. 83, pp. 163-172, 2010.
13. M. S. Hwang and C. H. Lee, "Authenticated key-exchange in a mobile radio network", European Transactions on Telecommunications, vo1. 8, no.3, pp.265-269, 1997.
14. M. S. Hwang, C. W. Lin, C. C. Lee, "Improved Yen-Joye's authenticated multiple-key agreement protocol", IEE Electronics Letters, vol. 38, no. 23, pp. 1429-1431, 2002.
15. L. C. Huang, M. S. Hwang, "Two-party authenticated multiple-key agreement based on elliptic curve discrete logarithm problem", International Journal of Smart Home, vol. 7, no. 1, pp. 9-18, 2013.
16. L. Lamport, "Password authentication with insecure communication," Communications of the ACM, vol. 24, no. 11, pp. 770-772, 1981.
17. C. C. Lee, R. X. Chang, and H. J. Ko, "Improving two novel three-party encrypted key exchange protocols with perfect forward secrecy," International Journal of Foundations of Computer Science, vol. 21, no. 6, pp. 979-991, 2010.
18. C. C. Lee and Y. F. Chang, "On security of a practical three-party key exchange protocol with round efficiency," Information Technology and Control, vol. 37, no. 4, pp. 333-335, 2008.
19. C. C. Lee, S. D. Chen, and C. L. Chen, "A computation-efficient three-party encrypted key exchange protocol," Applied Mathematics & Information Sciences, vol. 6, no. 3 pp. 573-579, 2012.
20. C. C. Lee, C. T. Li, and R. X. Chang, "An undetectable on-line password guessing attack on Nam et al.'s three-party key exchange protocol," accepted to appear in Journal of Computational Methods in Sciences and Engineering, 2013
21. C. C. Lee, C. T. Li, and C. W. Hsu, "A three-party password-based authenticated key exchange protocol with user anonymity using extended chaotic maps," Nonlinear Dynamics, vol. 73, no. 1, pp. 125-132, 2013.
22. C. C. Lee, C. H. Liu, and M. S. Hwang, "Guessing attacks on strong-password authentication protocol", International Journal of Network Security, vol. 15, no. 1, pp. 64-67, 2013.
23. T. F. Lee, J. L. Liu, M. J. Sung, S. B. Yang, and C. M. Chen, "Communication-efficient three-party protocols for authentication and key agreement," Computers & Mathematics with Applications, vol. 58, no. 4, pp. 641-648, 2009.
24. T. F. Lee, T. Hwang, and C. L. Lin, "Enhanced three-party encrypted key exchange without server public keys," Computers & Security, vol. 23, no. 7, pp. 571-577, 2004.
25. C. T. Li and M. S. Hwang, "An efficient biometrics-based remote user authentication scheme using smart cards", Journal of Network and Computer Applications, vol. 33, no. 1, pp. 1-5, 2010.
26. C. T. Li, M. S. Hwang, Y. P. Chu, "A secure and efficient communication scheme with authenticated key establishment and privacy preserving for vehicular Ad Hoc networks", Computer Communications, vol. 31, no. 12, pp. 2803-2814, 2008.
27. C. T. Li, M. S. Hwang, Y. P. Chu, "Improving the security of a secure anonymous routing protocol with authenticated key exchange for Ad Hoc networks", International Journal of Computer Systems Science and Engineering, vol. 23, no. 3, pp. 227-234, 2008.
28. I-En Liao, C. C. Lee, M. S. Hwang, "A password authentication scheme over insecure networks", Journal of Computer and System Sciences, vol. 72, no. 4, pp. 727-740, 2006.
29. C. W. Lin, C. S. Tsai, M. S. Hwang, "A new strong-password authentication scheme using one-way hash functions", International Journal of Computer and Systems Sciences, vol. 45, no. 4, pp. 623-626, 2006.
30. I. C. Lin, H. H. Ou, M. S. Hwang, "A user authentication system using back-propagation network", Neural Computing & Applications, vol. 14, no. 3, pp. 243-249, 2005.
31. J. W. Lo, J. Z. Lee, M, S. Hwang, Y. P. Chu, "An advanced password authenticated key exchange protocol for imbalanced wireless networks", Journal of Internet Technology, vol. 11, no. 7, pp. 997-1004, 2010.
32. J. W. Lo, S. C. Lin, M. S. Hwang, "A parallel password-authenticated key exchange protocol for wireless environments", Information Technology and Control, vol. 39, no. 2, pp. 146-151, 2010.
33. J. J. Shen, C. W. Lin, M. S. Hwang, "Security enhancement for the timestamp-based password authentication scheme using smart cards", Computers & Security, vol. 22, no. 7, pp. 591-595, 2003.
34. H. Tao and C. Adams, "Pass-go: aproposal to improve the usability of graphical passwords,"International Journal of Network Security, vol. 7, no. 2, pp. 273-292, 2008.
35. C. S. Tsai, C. C. Lee, and M. S. Hwang, "Password authentication schemes: current status and key issues,"International Journal of Network Security, vol. 3, no. 2, pp. 101-115, 2006.
36. R. C. Wang and C. C. Yang, "Cryptanalysis of two improved password authentication schemes using smart cards," International Journal of Network Security, vol. 3, no. 3, pp. 283-285, 2006.
37. H. C. Wu, M. S. Hwang, C. H. Liu, "A secure strong-password authentication protocol", Fundamenta Informaticae, vol. 68, pp. 399-406, 2005.
38. S. Wu, Q. Pu, S. Wang, and D. He, "Cryptanalysis of a communication-efficient three-party password authenticated key exchange protocol," Information Sciences, vol. 215, pp. 83-96, 2012.
39. C. C. Yang, T. Y. Chang, M. S. Hwang, "Cryptanalysis of simple authenticated key agreement protocols", IEICE Transactions on Foundations, vol. E87-A, no. 8, pp. 2174-2176, 2004.
40. Y. Zeng, J. Ma, and M. Sangjae, "An improvement on a three-party password-based key exchange protocol using weil pairing," International Journal of Network Security, vol. 11, no. 1, pp. 17-22, 2010.
41. J. Zhao and D. Gu, "Provably secure three-party password-based authenticated key exchange protocol," Information Sciences, vol. 184, no. 1, pp. 310-323, 2012.
42. Y. Zhang and M. Fujise, "Security management in the next generation wireless networks," International Journal of Network Security, vol. 3, no. 1, pp. 1-7, 2006.
43. X. Zhuang, C. C. Chang, Z. H. Wang, Y. Zhu, "A simple password authentication scheme based on geometric hashing function," International Journal of Network Security, vol. 16, no. 4, pp. 237-243, 2014.