A Three-Party Password Authenticated Key Exchange Protocol Resistant to Stolen Smart Card Attacks

  • Chien-Ming ChenEmail author
  • Linlin Xu
  • Weicheng Fang
  • Tsu-Yang Wu
Conference paper
Part of the Smart Innovation, Systems and Technologies book series (SIST, volume 63)


Authenticated Key Exchange (AKE) is an important cryptographic tool to establish a confidential channel between two or more entities over a public network. Various AKE protocols utilize smart cards to store sensitive contents which are normally used for authentication or session key generation. It assumed that smart cards come with a tamper-resistant property, but sensitive contents stored in it can still be extracted by side channel attacks. It means that if an adversary steals someones smart card, he may have chance to impersonate this victim or further launch another attacks. This kind of attack is called Stolen Smart Card Attack. In this paper, we propose a three-party password authentication key exchange protocol. Our design is secure against the stolen smart card attack. We also provide a security analysis to show our protocol is still secure if sensitive information which is stored in a smart card is extracted by an attacker.


authentication key exchange protocol stolen smart card attacks 


  1. 1.
    Diffie, W., Hellman, M.: New directions in cryptography. IEEE transactions on Information Theory 22(6), 644–654 (1976)Google Scholar
  2. 2.
    Chen, C.M., Wang, K.H., Wu, T.Y., Pan, J.S., Sun, H.M.: A scalable transitive human-verifiable authentication protocol for mobile devices. IEEE Transactions on Information Forensics and Security 8(8), 1318–1330 (2013)Google Scholar
  3. 3.
    Sun, H.M., He, B.Z., Chen, C.M., Wu, T.Y., Lin, C.H., Wang, H.: A provable authenticated group key agreement protocol for mobile environment. Information Sciences 321, 224–237 (2015)Google Scholar
  4. 4.
    Farash, M.S., Attari, M.A.: An enhanced and secure three-party password-based authenticated key exchange protocol without using servers public-keys and symmetric cryptosystems. Information Technology and Control 43(2), 143–150 (2014)Google Scholar
  5. 5.
    Gope, P., Hwang, T.: An efficient mutual authentication and key agreement scheme preserving strong anonymity of the mobile user in global mobility networks. Journal of Network and Computer Applications 62, 1–8 (2016)Google Scholar
  6. 6.
    Li, X., Niu, J., Kumari, S., Khan, M.K., Liao, J., Liang, W.: Design and analysis of a chaotic maps-based three-party authenticated key agreement protocol. Nonlinear Dynamics 80(3), 1209–1220 (2015)Google Scholar
  7. 7.
    Yeh, H.L., Chen, T.H., Shih, W.K.: Robust smart card secured authentication scheme on sip using elliptic curve cryptography. Computer Standards & Interfaces 36(2), 397–402 (2014)Google Scholar
  8. 8.
    Islam, S.H., Khan, M.K.: Cryptanalysis and improvement of authentication and key agreement protocols for telecare medicine information systems. Journal of medical systems 38(10), 1–16 (2014)Google Scholar
  9. 9.
    Xie, Q., Hu, B.,Wu, T.: Improvement of a chaotic maps-based three-party password-authenticated key exchange protocol without using servers public key and smart card. Nonlinear Dynamics 79(4), 2345–2358 (2015)Google Scholar
  10. 10.
    Farash, M.S., Kumari, S., Bakhtiari, M.: Cryptanalysis and improvement of a robust smart card secured authentication scheme on sip using elliptic curve cryptography. Multimedia Tools and Applications 75(8), 4485–4504 (2016)Google Scholar
  11. 11.
    Xie, Q.: A new authenticated key agreement for session initiation protocol. International Journal of Communication Systems 25(1), 47–54 (2012)Google Scholar
  12. 12.
    Chaudhry, S.A., Naqvi, H., Shon, T., Sher, M., Farash, M.S.: Cryptanalysis and improvement of an improved two factor authentication protocol for telecare medical information systems. Journal of Medical Systems 39(6), 1–11 (2015)Google Scholar
  13. 13.
    Lai, H., Xiao, J., Li, L., Yang, Y.: Applying semigroup property of enhanced chebyshev polynomials to anonymous authentication protocol. Mathematical Problems in Engineering 2012 (2012)Google Scholar
  14. 14.
    Farash, M.S.: Cryptanalysis and improvement of an improved authentication with key agreement scheme on elliptic curve cryptosystem for global mobility networks. International Journal of Network Management 25(1), 31–51 (2015)Google Scholar
  15. 15.
    Zhang, L., Zhu, S., Tang, S.: Privacy protection for telecare medicine information systems using a chaotic map-based three-factor authenticated key agreement scheme. IEEE Journal of Biomedical and Health Informatics (2016)Google Scholar
  16. 16.
    Zhao, F., Gong, P., Li, S., Li, M., Li, P.: Cryptanalysis and improvement of a three-party key agreement protocol using enhanced chebyshev polynomials. Nonlinear Dynamics 74(1-2), 419–427 (2013)Google Scholar
  17. 17.
    Chen, C.M., Xu, L., Wu, T.Y., Li, C.R.: On the security of a chaotic maps-based three-party authenticated key agreement protocol. Journal of Network Intelligence (2), 61–65 (2016)Google Scholar
  18. 18.
    Abdalla, M., Pointcheval, D.: Interactive diffie-hellman assumptions with applications to password-based authentication. In: International Conference on Financial Cryptography and Data Security. pp. 341–356. Springer (2005)5Google Scholar
  19. 19.
    Chen, C.M., Ku, W.C.: Stolen-Verifier Attack on Two New Strong-Password Authentication Protocols. IEICE Transactions on Communications, vol.E85-B, no.11, pp.2519-2521. (2002)Google Scholar
  20. 20.
    Ku, W.C., Chen, C.M., Lee, H.L.: Cryptanalysis of a Variant of Peyravian-Zunic’s Password Authentication Scheme. IEICE Transactions on Communications, vol.E86-B, no.5, pp.1682-1684. (2003)Google Scholar
  21. 21.
    Ku, W.C., Chen, C.M., Lee, H.L.:Weaknesses of Lee-Li-Hwang’s Hash-Based Password Authentication Scheme. ACM Operating Systems Review, vol.37, no.4, pp.19-25. (2003)Google Scholar
  22. 22.
    Sun, H.M., Wang, K.H., Chen, C.M.: On the Security of an Efficient Time-Bound Hierarchical Key Management Scheme. IEEE Transactions on Dependable and Secure Computing, vol. 6, no. 2, pp. 159160.(2009)Google Scholar

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  • Chien-Ming Chen
    • 1
    Email author
  • Linlin Xu
    • 1
  • Weicheng Fang
    • 1
  • Tsu-Yang Wu
    • 1
  1. 1.School of Computer Science and TechnologyHarbin Institute of Technology Shenzhen Graduate SchoolShenzhenChina

Personalised recommendations