Skip to main content
SpringerLink
Log in

Highly Efficient Password-Based Three-Party Key Exchange in Random Oracle Model

  • Conference paper
Book cover Intelligence and Security Informatics (ISI 2008)

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 5075))

Included in the following conference series:

  • 2278 Accesses

Abstract

A password-based three-party encrypted key exchange (3PEKE) is a protocol enables any pair of two registered clients to establish session keys via the help of a trusted server such that each client shares only one password with the server. This approach greatly improves the scalability of key agreement protocol in distributed environments, and provides great user convenience. This paper proposes a new password-based 3PEKE scheme with only four message steps, which is the minimum among the published works. The proposed scheme is secure in the random oracle model.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Bellare, M., Desai, A., Pointcheval, D., Rogaway, P.: Relations among Notations of Security for Public Key Encryption Schemes. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 26–45. Springer, Heidelberg (1998)

    Chapter  Google Scholar 

  2. Bellare, M., Pointcheval, D., Rogaway, P.: Authenticated Key Exchange Secure against Dictionary Attacks. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 139–155. Springer, Heidelberg (2000)

    Chapter  Google Scholar 

  3. Bellare, M., Rogaway, P.: Provably Secure Session Key Distribution: The Three Party Case. In: 27th ACM Symp. on the Theory of Comput., pp. 57–66. ACM Press, New York (1995)

    Google Scholar 

  4. Chang, C.C., Chang, Y.F.: A Novel Three-Party Encrypted Key Exchange Protocol. Computer Standards and Interfaces 26(5), 471–476 (2004)

    Article  Google Scholar 

  5. Chien, H.Y.: Selectively Convertible Authenticated Encryption in The Random Oracle Model. The Computer Journal (January 17, 2008) (2008) doi:10.1093/comjnl/bxm090

    Google Scholar 

  6. Chung, H.R., Ku, W.C.: Three Weaknesses in a Simple Three-Party Key Exchange Protocol. Information Sciences 178(1), 220–229 (2008)

    Article  MATH  MathSciNet  Google Scholar 

  7. Ding, Y., Horster, P.: Undetectable On-Line Password Guessing Attacks. ACM Operating Systems Review 29(4), 77–86 (1995)

    Article  Google Scholar 

  8. Kohl, J., Neuman, C.: The Kerberos Network Authentication Service (V5). Internet Request for Comments 1510 (1993)

    Google Scholar 

  9. Ku, W.C., Chiang, M.H., Chang, S.T.: Weaknesses of Yoon-Ryu-Yoo’s Hash-Based Password Authentication Scheme. ACM Operating Systems Review 39(1), 85–89 (2005)

    Article  Google Scholar 

  10. Lee, T.F., Hwang, T., Lin, C.L.: Enhanced Three-Party Encrypted Key Exchange without Server Public Keys. Computers and Security 23(7), 571–577 (2004)

    Article  Google Scholar 

  11. Lin, C.L., Sun, H.M., Hwang, T.: Three Party-Encrypted Key Exchange: Attacks and a Solution. ACM Operating System Review 34(4), 12–20 (2000)

    Article  Google Scholar 

  12. Lin, C.L., Sun, H.M., Steiner, M., Hwang, T.: Three-Party Encrypted Key Exchange without Server Public-Keys. IEEE Commun. Lett. 5(12), 497–499 (2001)

    Article  Google Scholar 

  13. Lu, R., Cao, Z.: Simple Three-Party Key Exchange Protocol. Computers Security 26(1), 94–97 (2007)

    Article  Google Scholar 

  14. Molva, R., Tsudik, G., Van Herreweghen, E., Zatti, S.: KryptoKnight Authentication and Key Distribution System. In: Deswarte, Y., Quisquater, J.-J., Eizenberg, G. (eds.) ESORICS 1992. LNCS, vol. 648, pp. 1–16. Springer, Heidelberg (1992)

    Google Scholar 

  15. Nam, J., Kim, S., Won, D.: Attack on the Sun-Chen-Hwang’s Three-Party Key Agreement Protocols Using Passwords. IEICE Trans. on Fund. of Electronics, Communications and Computer Sciences E89-A(1), 209–212 (2006)

    Article  Google Scholar 

  16. Steiner, M., Tsudik, G., Wainder, M.: Refinement and Extension of Encrypted Key Exchange. ACM Operation Systems Review 29(3), 22–30 (1995)

    Article  Google Scholar 

  17. Sun, H.M., Chen, B.C., Hwang, T.: Secure Key Agreement Protocols for Three-Party against Guessing Attacks. The Journal of Systems and Software 75, 63–68 (2005)

    Article  Google Scholar 

  18. Chien, H.Y., Wang, R.C., Yang, C.C.: Note on Robust and Simple Authentication Protocol. The Computer Journal 48(1), 27–29 (2005)

    Article  Google Scholar 

  19. IEEE P1363.2: Password-Based Public-Key Cryptography, http://grouper.ieee.org/groups/1363/passwdPK/index.html

  20. Gong, L.: Optimal Authentication Protocols Resistant to Password Guessing Attacks. In: The 8th IEEE Workshop on Computer Security Foundations, p. 24 (1995)

    Google Scholar 

  21. Gong, L.: Lower Bounds on Messages and Rounds for Network Authentication Protocols. In: The 1st ACM Conference on Computer and Communications Security, pp. 26–37 (1993)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Information Management, National Chi-Nan University, 545, Taiwan R.O.C.

    Hung-Yu Chien

  2. Department of Information Management, National Taiwan University of Science and, Technology, R.O.C.

    Tzong-Chen Wu

Authors
  1. Hung-Yu Chien
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Tzong-Chen Wu
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. The Chinese University of Hong Kong, Hong Kong

    Christopher C. Yang

  2. The University of Arizona, USA

    Hsinchun Chen

  3. The University of Hong Kong, Hong Kong

    Michael Chau

  4. Nanyang Technological University, Singapore

    Kuiyu Chang

  5. University of Central Florida, USA

    Sheau-Dong Lang

  6. Tatung University, Taiwan

    Patrick S. Chen

  7. California University of Pennsylvania, USA

    Raymond Hsieh

  8. University of Arizona and Chinese Academy of Sciences, USA

    Daniel Zeng

  9. Chinese Academy of Sciences, China

    Fei-Yue Wang  & Wenji Mao  & 

  10. Carnegie Mellon University, USA

    Kathleen Carley  & Justin Zhan  & 

Rights and permissions

Reprints and permissions

Copyright information

© 2008 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Chien, HY., Wu, TC. (2008). Highly Efficient Password-Based Three-Party Key Exchange in Random Oracle Model. In: Yang, C.C., et al. Intelligence and Security Informatics. ISI 2008. Lecture Notes in Computer Science, vol 5075. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-69304-8_8

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-69304-8_8

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-69136-5

  • Online ISBN: 978-3-540-69304-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation