Abstract
Recently, Chou et al. (J Supercomput 66(2): 973–988, 2013) proposed two identity-based key exchange protocols using elliptic curves for mobile environments. The first one is an two-party authentication key exchange protocol to establish a session key between a client and a remote server. The second one is an extended version for three-party setting to establish a session key between two clients with the help of a trusted server. However, this paper finds the first one vulnerable to impersonation attack and key-compromise impersonation attack, and the second one insecure against impersonation attack. To overcome the weaknesses, we propose an improved identity-based two-party authentication key exchange protocol using elliptic curves. The rigorous analysis shows that our scheme achieves more security than related protocols.
Similar content being viewed by others
References
Lee CC, Lin TH, Tsai CS (2009) A new authenticated group key agreement in a mobile environment. Ann Telecommun 64(11–12):735–744. doi:10.1007/s12243-009-0096-z
Farash MS, Bayat M, Attari MA (2011) Vulnerability of two multiple-key agreement protocols. Comput Electr Eng 37(2):199–204
Farash MS, Attari MA, Bayat M (2012) A certificateless multiple-key agreement protocol without one-way hash functions based on bilinear pairings. IACSIT Int J Eng Technol 4(3):321–325
Farash MS, Attari MA, Atani RE, Jami M (2013) A new efficient authenticated multiple-key exchange protocol from bilinear pairings. Comput Electr Eng 39(2):530–541
Farash MS, Attari MA (2013) Provably secure and efficient identity-based key agreement protocol for independent PKGs using ECC. ISC Int J Inform Secur 5(1):1–15
Farash MS, Attari MA (2014) A pairing-free ID-based key agreement protocol with different PKGs. Int J Netw Secur 16(2):143–148
Bayat M, Farash MS, Movahed A (2010). A novel secure bilinear pairing based remote user authentication scheme with smart card. In: Proceeding of the IEEE/IFIP international conference on embedded and ubiquitous computing (EUC), pp 578–582
Farash MS, Attari MA (2013) An enhanced authenticated key agreement for session initiation protocol. Inform Technol Control 42(4):333–342
Farash MS, Attari MA (2013) Cryptanalysis and improvement of a chaotic maps-based key agreement protocol using Chebyshev sequence membership testing. Nonlinear Dyn. doi:10.1007/s11071-013-1204-1
Islam SH, Biswas GP (2012) An improved ID-based client authentication with key agreement scheme on ECC for mobile client–server environments. Theor Appl Inform 24(4):293–312. doi:10.2478/v10179-012-0018-z
Tang H, Liu X (2012) Cryptanalysis of Arshad et al’.s ECC-based mutual authentication scheme for session initiation protocol. Multimed Tool Appl 65(3):321–333. doi:10.1007/s11042-012-1001-8
Xie Q (2012) A new authenticated key agreement for session initiation protocol. Int J Commun Syst 25(1):47–54. doi:10.1002/dac.1286
Yoon E, Choi S, Yoo K (2012) A secure and efficiency ID-based authenticated key agreement scheme based on elliptic curve cryptosystem for mobile devices. Int J Innov Comput Inform Control 8(4):2637–2653
Yang JH, Chang CC (2009) An ID-based remote mutual authentication with key agreement scheme for mobile devices on elliptic curve cryptosystem. Comput Secur 28(3):138–143. doi:10.1016/j.cose.2008.11.008
Yoon E, Yoo K (2009) Robust ID-based remote mutual authentication with key agreement protocol for mobile devices on ECC. In: Proceeding of 2009 international conference on computational science and engineering, pp 633–640. doi:10.1109/CSE.2009.363
He D, Chen J, Hu J (2011) An ID-based client authentication with key agreement protocol for mobile client–server environment on ECC with provable security. Inform Fusion 13(3):223–230. doi:10.1016/j.inffus.2011.01.001
Chou CH, Tsai KY, Lu CF (2013) Two ID-based authenticated schemes with key agreement for mobile environments. J Supercomput 66(2):973–988. doi:10.1007/s11227-013-0962-3
Islam SH, Biswas GP (2011) A more efficient and secure ID-based remote mutual authentication with key agreement scheme for mobile devices on elliptic curve cryptosystem. J Syst Softw 84(11):1892–1898. doi:10.1016/j.jss.2011.06.061
Zhao J, Gu D (2012) Provably secure three-party password-based authenticated key exchange protocol. Inform Sci 184(1):310–323
Wu S, Pu Q, Wang S, He D (2012) Cryptanalysis of a communication-efficient three-party password authenticated key exchange protocol. Inform Sci 215:83–96. doi:10.1016/j.ins.2012.06.005
Yoon EJ, Yoo KY (2011) Cryptanalysis of a simple three-party password-based key exchange protocol. Int J Commun Syst 24(4):532–542. doi:10.1002/dac.1168
Wu S, Chen K, Zhu Y (2013) Enhancements of a three-party password-based authenticated key exchange protocol. Int Arab J Inform Technol 10(3):215–221
Tallapally S (2012) Security enhancement on simple three party pake protocol. Inform Technol Control 41(1):15–22. doi:10.5755/j.01.itc.41.1.842
Liu T, Pu Q, Zhao Y, Wu S (2013) ECC-based password-authenticated key exchange in the three-party setting. Arab J Sci Eng 38(8):2069–2077. doi:10.1007/s13369-013-0543-z
Yoon EJ, Yoo KY (2008) Improving the novel three-party encrypted key exchange protocol. Comput Stand Interfaces 30(5):309–314. doi:10.1016/j.csi.2007.08.018
Yang JH, Chang CC (2009) An efficient three-party authenticated key exchange protocol using elliptic curve cryptography for mobile-commerce environments. J Syst Softw 82(9):1497–1502. doi:10.1016/j.jss.2009.03.075
Chen TH, Lee WB, Chen HB (2008) A round-and computation-efficient three-party authenticated key exchange protocol. J Syst Softw 81(9):1581–1590. doi:10.1016/j.jss.2007.11.720
Tan Z (2010) An enhanced three-party authentication key exchange protocol for mobile commerce environments. J Commun 5(5):436–443. doi:10.4304/jcm.5.5.436-443
He D, Chen Y, Chen J (2013) An ID-based three-party authenticated key exchange protocol using elliptic curve cryptography for mobile-commerce environments. Arab J Sci Eng 38(8):2055–2061
Farash MS, Attari MA (2014) An efficient and provably secure three-party password-based authenticated key exchange protocol based on Chebyshev chaotic maps. Nonlinear Dyn. doi:10.1007/s11071-014-1304-6
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Farash, M.S., Attari, M.A. A secure and efficient identity-based authenticated key exchange protocol for mobile client–server networks. J Supercomput 69, 395–411 (2014). https://doi.org/10.1007/s11227-014-1170-5
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11227-014-1170-5