Skip to main content
SpringerLink
Log in

A secure and efficient identity-based authenticated key exchange protocol for mobile client–server networks

  • Published:
The Journal of Supercomputing Aims and scope Submit manuscript

Abstract

Recently, Chou et al. (J Supercomput 66(2): 973–988, 2013) proposed two identity-based key exchange protocols using elliptic curves for mobile environments. The first one is an two-party authentication key exchange protocol to establish a session key between a client and a remote server. The second one is an extended version for three-party setting to establish a session key between two clients with the help of a trusted server. However, this paper finds the first one vulnerable to impersonation attack and key-compromise impersonation attack, and the second one insecure against impersonation attack. To overcome the weaknesses, we propose an improved identity-based two-party authentication key exchange protocol using elliptic curves. The rigorous analysis shows that our scheme achieves more security than related protocols.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1

Similar content being viewed by others

References

  1. Lee CC, Lin TH, Tsai CS (2009) A new authenticated group key agreement in a mobile environment. Ann Telecommun 64(11–12):735–744. doi:10.1007/s12243-009-0096-z

    Article  Google Scholar 

  2. Farash MS, Bayat M, Attari MA (2011) Vulnerability of two multiple-key agreement protocols. Comput Electr Eng 37(2):199–204

    Article  MATH  Google Scholar 

  3. Farash MS, Attari MA, Bayat M (2012) A certificateless multiple-key agreement protocol without one-way hash functions based on bilinear pairings. IACSIT Int J Eng Technol 4(3):321–325

    Article  Google Scholar 

  4. Farash MS, Attari MA, Atani RE, Jami M (2013) A new efficient authenticated multiple-key exchange protocol from bilinear pairings. Comput Electr Eng 39(2):530–541

    Article  Google Scholar 

  5. Farash MS, Attari MA (2013) Provably secure and efficient identity-based key agreement protocol for independent PKGs using ECC. ISC Int J Inform Secur 5(1):1–15

    Google Scholar 

  6. Farash MS, Attari MA (2014) A pairing-free ID-based key agreement protocol with different PKGs. Int J Netw Secur 16(2):143–148

    MathSciNet  Google Scholar 

  7. Bayat M, Farash MS, Movahed A (2010). A novel secure bilinear pairing based remote user authentication scheme with smart card. In: Proceeding of the IEEE/IFIP international conference on embedded and ubiquitous computing (EUC), pp 578–582

  8. Farash MS, Attari MA (2013) An enhanced authenticated key agreement for session initiation protocol. Inform Technol Control 42(4):333–342

    Article  Google Scholar 

  9. Farash MS, Attari MA (2013) Cryptanalysis and improvement of a chaotic maps-based key agreement protocol using Chebyshev sequence membership testing. Nonlinear Dyn. doi:10.1007/s11071-013-1204-1

  10. Islam SH, Biswas GP (2012) An improved ID-based client authentication with key agreement scheme on ECC for mobile client–server environments. Theor Appl Inform 24(4):293–312. doi:10.2478/v10179-012-0018-z

    Article  Google Scholar 

  11. Tang H, Liu X (2012) Cryptanalysis of Arshad et al’.s ECC-based mutual authentication scheme for session initiation protocol. Multimed Tool Appl 65(3):321–333. doi:10.1007/s11042-012-1001-8

    Article  Google Scholar 

  12. Xie Q (2012) A new authenticated key agreement for session initiation protocol. Int J Commun Syst 25(1):47–54. doi:10.1002/dac.1286

    Article  Google Scholar 

  13. Yoon E, Choi S, Yoo K (2012) A secure and efficiency ID-based authenticated key agreement scheme based on elliptic curve cryptosystem for mobile devices. Int J Innov Comput Inform Control 8(4):2637–2653

    Google Scholar 

  14. Yang JH, Chang CC (2009) An ID-based remote mutual authentication with key agreement scheme for mobile devices on elliptic curve cryptosystem. Comput Secur 28(3):138–143. doi:10.1016/j.cose.2008.11.008

    Article  Google Scholar 

  15. Yoon E, Yoo K (2009) Robust ID-based remote mutual authentication with key agreement protocol for mobile devices on ECC. In: Proceeding of 2009 international conference on computational science and engineering, pp 633–640. doi:10.1109/CSE.2009.363

  16. He D, Chen J, Hu J (2011) An ID-based client authentication with key agreement protocol for mobile client–server environment on ECC with provable security. Inform Fusion 13(3):223–230. doi:10.1016/j.inffus.2011.01.001

    Article  Google Scholar 

  17. Chou CH, Tsai KY, Lu CF (2013) Two ID-based authenticated schemes with key agreement for mobile environments. J Supercomput 66(2):973–988. doi:10.1007/s11227-013-0962-3

    Article  Google Scholar 

  18. Islam SH, Biswas GP (2011) A more efficient and secure ID-based remote mutual authentication with key agreement scheme for mobile devices on elliptic curve cryptosystem. J Syst Softw 84(11):1892–1898. doi:10.1016/j.jss.2011.06.061

    Article  Google Scholar 

  19. Zhao J, Gu D (2012) Provably secure three-party password-based authenticated key exchange protocol. Inform Sci 184(1):310–323

    Article  MATH  MathSciNet  Google Scholar 

  20. Wu S, Pu Q, Wang S, He D (2012) Cryptanalysis of a communication-efficient three-party password authenticated key exchange protocol. Inform Sci 215:83–96. doi:10.1016/j.ins.2012.06.005

    Article  MATH  MathSciNet  Google Scholar 

  21. Yoon EJ, Yoo KY (2011) Cryptanalysis of a simple three-party password-based key exchange protocol. Int J Commun Syst 24(4):532–542. doi:10.1002/dac.1168

    Article  Google Scholar 

  22. Wu S, Chen K, Zhu Y (2013) Enhancements of a three-party password-based authenticated key exchange protocol. Int Arab J Inform Technol 10(3):215–221

    Google Scholar 

  23. Tallapally S (2012) Security enhancement on simple three party pake protocol. Inform Technol Control 41(1):15–22. doi:10.5755/j.01.itc.41.1.842

    Article  Google Scholar 

  24. Liu T, Pu Q, Zhao Y, Wu S (2013) ECC-based password-authenticated key exchange in the three-party setting. Arab J Sci Eng 38(8):2069–2077. doi:10.1007/s13369-013-0543-z

    Article  MathSciNet  Google Scholar 

  25. Yoon EJ, Yoo KY (2008) Improving the novel three-party encrypted key exchange protocol. Comput Stand Interfaces 30(5):309–314. doi:10.1016/j.csi.2007.08.018

    Article  Google Scholar 

  26. Yang JH, Chang CC (2009) An efficient three-party authenticated key exchange protocol using elliptic curve cryptography for mobile-commerce environments. J Syst Softw 82(9):1497–1502. doi:10.1016/j.jss.2009.03.075

    Article  Google Scholar 

  27. Chen TH, Lee WB, Chen HB (2008) A round-and computation-efficient three-party authenticated key exchange protocol. J Syst Softw 81(9):1581–1590. doi:10.1016/j.jss.2007.11.720

    Article  MathSciNet  Google Scholar 

  28. Tan Z (2010) An enhanced three-party authentication key exchange protocol for mobile commerce environments. J Commun 5(5):436–443. doi:10.4304/jcm.5.5.436-443

    Article  Google Scholar 

  29. He D, Chen Y, Chen J (2013) An ID-based three-party authenticated key exchange protocol using elliptic curve cryptography for mobile-commerce environments. Arab J Sci Eng 38(8):2055–2061

    Article  MathSciNet  Google Scholar 

  30. Farash MS, Attari MA (2014) An efficient and provably secure three-party password-based authenticated key exchange protocol based on Chebyshev chaotic maps. Nonlinear Dyn. doi:10.1007/s11071-014-1304-6

Download references

Author information

Authors and Affiliations

  1. Faculty of Mathematics Sciences and Computer, Kharazmi University, Tehran, Iran

    Mohammad Sabzinejad Farash

  2. Faculty of Electrical and Computer Engineering, K.N. Toosi University of Technology, Tehran, Iran

    Mahmoud Ahmadian Attari

Authors
  1. Mohammad Sabzinejad Farash
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Mahmoud Ahmadian Attari
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Mohammad Sabzinejad Farash.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Farash, M.S., Attari, M.A. A secure and efficient identity-based authenticated key exchange protocol for mobile client–server networks. J Supercomput 69, 395–411 (2014). https://doi.org/10.1007/s11227-014-1170-5

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11227-014-1170-5

Keywords

Search

Navigation