An efficient password authenticated key exchange protocol for imbalanced wireless networks
Introduction
With the speedy growth of information science, both the wired networks and the wireless ones have developed very well. More and more people use wireless entities to communicate with other people. As we know, transmitting information through the air may result in some security damages since air is a public medium. How to communicate securely in an insecure communication channel becomes an important issue. As a result, the security service for user authentication and secret key distribution comes into being for communication networks. Many authentication methods have been proposed for electronic commerce environments—Kerberos [1] for example. Among them, the password authentication scheme is the most commonly used mechanism. In the password authentication scheme, a client shares an easy-to-remember password with a trusted server. The concepts are also applied in other usages [2], [3], [4].
However, protocols with easy-to-remember passwords are vulnerable to password-guessing attacks. In Ref. [5], Ding and Horster divided password-guessing attacks into three types: (1) detectable on-line password-guessing attacks, (2) undetectable on-line password-guessing attacks and (3) off-line password-guessing attacks. It is known that only the legal user and the sever know the legal user's password. If the malicious user Eve wants to guess the user's password with on-line password-guessing attacks, he/she needs to send a request to the server and waits for the response from the server to determine whether the guessed password is valid or not. With deep insight into off-line password-guessing attacks, too meaningful information such as the identity of a party may result in damage.
In 1992, Bellovin and Merrit [2] presented an encrypted key exchange protocol (EKE), which is the landmark of two-party authentication and other key exchange protocols [6], [7]. Most schemes are based on Diffie-Hellman key exchange protocol [8]. However, the limitation of a low-power device makes these schemes not suitable for imbalanced wireless networks. It is because the modular exponential operations need to be executed by both communication parties and takes the low-power device a long time. Recently, Zhu et al. [9] proposed a password authenticated key exchange protocol based on RSA [10]. They claimed that the proposed protocol is efficient enough to be implemented for low-power devices. Later, Yeh et al. [11] demonstrated that Zhu et al.'s proposed protocol does not ensure explicit key authentication such that the proposed protocol suffers from the undetectable on-line password-guessing attacks. Then, they presented an improvement to overcome the found weakness.
Yeh et al.'s protocol still employs the concepts of RSA public key cryptosystem. Hence, the client encrypts the secret information such that only the user owning the correct private key can get the secret information. Nevertheless, no certificate is applied for proving the legality of the received public key pair. What is more, there is only a simple interactive protocol used to prove the validity of the RSA public key pair. This approach results in serious security flaws in Yeh et al.'s proposed protocol. Because of the security flaws, any malicious user can impersonate the server to get the important information to perform off-line password-guessing attacks. On the other hand, the computation load of the low-power device is not light enough. Owing to the above mentioned drawbacks, we propose a password authenticated key exchange protocol, which is not only secure but also efficient.
The paper is organized as follows. In Section 2, we list the notations used in the reviewed protocols. In Section 3, we review Zhu et al.'s proposed protocol and the drawbacks of it. Then, Yeh et al.'s proposed protocol and the drawbacks of it are shown in Section 4. In Section 5, we present the proposed password authenticated key exchange protocol for imbalanced wireless networks followed with the analyses and more discussions in Section 6. Finally, we draw some conclusions in Section 7.
Section snippets
Notations
The notations used in the reviewed protocols are listed as follows.
- A
the server
- B
the low-power client
- IDA/IDB
the identity of A/B
- pw
the password shared between A and B
- (e, n)
the RSA public key pair of A
- d
the RSA private key of A
- EK/DK
a symmetric en/decryption algorithm, where K is the involved key
- H1, H2, H3, H4, H5, H6
distinct cryptographic hash functions
A review and cryptanalysis of Zhu et al.'s protocol
In this section, we first review Zhu et al.'s proposed protocol. Then, the cryptanalysis of Zhu et al.'s protocol is shown in Section 3.2.
A review and cryptanalysis of Yeh et al.'s protocol
In the following, we first review Yeh et al.'s proposed protocol in Section 4.1. Then, the cryptanalysis of Yeh et al.'s protocol is presented in Section 4.2.
The proposed scheme
As stated in the reviewed schemes, A denotes the system and B denotes the low-power client, where IDA and IDB are the identities of A and B, respectively. And pw is the password shared between A and B. The system A publishes the following public system parameters: (1) E1P/D1P: a symmetric en/decryption algorithm, where P is the involved password; (2) F1, F2, F3: distinct cryptographic hash functions; and (3) n=p*q, where p≡3 (mod 4) and q≡3 (mod 4) are two large primes kept secretly by the
Security analyses and more discussions
In this section, we are going to demonstrate that our proposed protocol is not only secure but also efficient. And the properties achieved by the proposed protocol are also given.
Conclusions
Due to the drawbacks of Zhu et al.'s and Yeh et al.'s protocols, we propose a brand-new protocol for imbalanced wireless networks. According to the security analyses, it is obvious that our proposed protocol is secure enough to withstand all possible attacks including those Zhu et al.'s and Yeh et al.'s protocols suffer from. What is more, our proposed protocol provides both power saving and computation efficiency, which makes the proposed protocol suitable for the imbalanced wireless networks.
Ya-Fen Chang received the BS degree in computer science and information engineering from National Chiao Tung University, Hsinchu, Taiwan in 2000. She is currently pursuing her Ph.D. degree in computer science and information engineering from National Chung Cheng University, Chiayi, Taiwan. Her current research interests include electronic commerce, information security, cryptography, and mobile communications.
References (11)
- et al.
Kerberos: an authentication service for computer networks
IEEE Communications Magazine
(1994) - et al.
Encrypted Key Exchange: Password-based Protocols Secure against Dictionary Attacks
- et al.
Three-party encrypted key exchange: attacks and a solution
ACM SIGOPS Operating Systems Review
(2000 (October)) - et al.
Three-party encrypted key exchange without server public-keys
IEEE Communications Letters
(2001 (December)) - et al.
Undetectable on-line password guessing attacks
ACM SIGOPS Operating Systems Review
(1995 (October))
Cited by (8)
Security analysis of a pairing-free identity-based authenticated group key agreement protocol for imbalanced mobile networks
2015, International Journal of Network SecurityUntraceable dynamic-identity-based remote user authentication scheme with verifiable password update
2014, International Journal of Communication SystemsA secure two-party password-authenticated key exchange protocol
2014, Proceedings of the 2014 IEEE 15th International Conference on Information Reuse and Integration, IEEE IRI 2014Providing anonymous channels and mutual authentication for mobile communications
2010, Proceedings - 4th International Conference on Genetic and Evolutionary Computing, ICGEC 2010Non-interactive t-out-of-n oblivious transfer based on the RSA cryptosystem
2007, Proceedings - 3rd International Conference on Intelligent Information Hiding and Multimedia Signal Processing, IIHMSP 2007.Anonymous authentication scheme for wireless communications
2007, International Journal of Mobile Communications
Ya-Fen Chang received the BS degree in computer science and information engineering from National Chiao Tung University, Hsinchu, Taiwan in 2000. She is currently pursuing her Ph.D. degree in computer science and information engineering from National Chung Cheng University, Chiayi, Taiwan. Her current research interests include electronic commerce, information security, cryptography, and mobile communications.
Chin-Chen Chang received the BS degree in applied mathematics in 1977 and the MS degree in computer and decision sciences in 1979, both from National Tsing Hua University, Hsinchu, Taiwan. He received his Ph.D. in computer engineering in 1982 from National Chiao Tung University, Hsinchu, Taiwan. During the academic years of 1980–1983, he was on the faculty of the Department of Computer Engineering at National Chiao Tung University. From 1983 to 1989, he was among the faculty of the Institute of Applied Mathematics, National Chung Hsing University, Taichung, Taiwan. Since August 1989, he has worked as a professor of the Institute of Computer Science and Information Engineering at National Chung Cheng University, Chiayi, Taiwan. Since 2002, he has been a Chair Professor of National Chung Cheng University. His current research interests include database design, computer cryptography, image compression and data structure. Dr. Chang is a fellow of the IEEE, a fellow of the IEE, a research fellow of National Science Council of ROC, and a member of the Chinese Language Computer Society, the Chinese Institute of Engineers of the Republic of China, the International Association for Crypto-logic Research, the Computer Society of the Republic of China, and the Phi Tau Phi Honorary Society of the Republic of China. Dr. Chang was the chair and is the honorary chair of the executive committee of the Chinese Cryptography and Information Security Association of the Republic of China.
Jen-Ho Yang received the BS degree and the MS degree in information engineering from I-Shou University, Kaohsiung, Taiwan in 1998 and 2002, respectively. He is currently pursuing his Ph.D. degree in computer science and information engineering from National Chung Cheng University, Chiayi, Taiwan. His current research interests include information security and cryptography.