Skip to main content
SpringerLink
Log in

An Enhanced Password Authenticated Key Agreement Protocol for Wireless Mobile Network

  • Conference paper
Information Security and Cryptology (Inscrypt 2009)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 6151))

Included in the following conference series:

Abstract

Password-based Authenticated Key Agreement (PAKA) protocols are widely used in wireless mobile networks, however many existing PAKA protocols have security flaws. In the 3GPP2 network, there are several PAKA protocols proposed to enhance the security of the Authentication Key distribution mechanism which is subjected to the Man-In-The-Middle attack. We point out the security flaws of such protocols in [10,6] and give two practical attacks on them. Moreover we propose an enhanced PAKA protocol which can resist both undetectable on-line and off-line password guessing attacks, and formally analyze its security in the random oracle model. In addition, we consider a special version of Diffie-Hellman problem called Degenerate Diffie-Hellman problem and propose two assumptions called Computational and Decisional Degenerate Diffie-Hellman assumption which are as difficult as CDH assumption and DDH assumption respectively.

Supported by the National Natural Science Foundation of China under Grant No. 60803129; The National High-Tech Research and Development Plan of China under Grant Nos. 2007AA120404, 2007AA120405; The Next Generation Internet Business and Equipment Industrialization Program under Grant No. CNGI-09-03-03.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Aboba, B., Blunk, L., Vollbrecht, J., Levkowetz, H., Carlson, J.: Extensible authentication protocol (eap). Technical report, The Internet Engineering Task Force. RFC 3748 (June 2004)

    Google Scholar 

  2. Bellare, M., Pointcheval, D., Rogaway, P.: Authenticated key exchange secure against dictionary attacks. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 139–155. Springer, Heidelberg (2000)

    Chapter  Google Scholar 

  3. Bellare, M., Rogaway, P.: Random oracles are practical: A paradigm for designing efficient protocols. In: ACM Conference on Computer and Communications Security, pp. 62–73 (1993)

    Google Scholar 

  4. Bellare, M., Rogaway, P.: Collision-resistant hashing: Towards making uowhfs practical. In: Kaliski Jr., B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 470–484. Springer, Heidelberg (1997)

    Google Scholar 

  5. Bersani, F., Tschofenig, H.: The EAP-PSK Protocol: A Pre-Shared Key Extensible Authentication Protocol (EAP) Method. Technical report, The Internet Engineering Task Force. RFC 4764 (January 2007)

    Google Scholar 

  6. Chang, C.C., Chang, S.C.: An Improved Authentication Key Agreement Protocol Based on Elliptic Curve for Wireless Mobile Networks. In: IIHMSP 2008 International Conference on Intelligent Information Hiding and Multimedia Signal Processing, pp. 1375–1378 (2008)

    Google Scholar 

  7. 3GPP2 C.S0016-B. Over-the-air service provisioning of mobile stations in spread spectrum standards. Technical report (October 2002), http://www.3gpp2.org

  8. Ding, Y., Horster, P.: Undetectable on-line password guessing attacks. ACM SIGOPS Operating Systems Review 29(4), 77–86 (1995)

    Article  Google Scholar 

  9. Halevi, S., Krawczyk, H.: Public-key cryptography and password protocols. ACM Trans. Inf. Syst. Secur. 2(3), 230–268 (1999)

    Article  Google Scholar 

  10. Lu, R., Cao, Z., Zhu, H.: An enhanced authenticated key agreement protocol for wireless mobile communication. Computer Standards & Interfaces 29(6), 647–652 (2007)

    Article  Google Scholar 

  11. 3GPP2 N.S0011-0. Otasp and otapa. Technical report, http://www.3gpp2.org (January 1999)

  12. Seo, D.H., Sweeney, P.: Simple authenticated key agreement algorithm. Electronics Letters 35, 1073 (1999)

    Article  Google Scholar 

  13. Singhal, A., Garg, V., Mathuria, A.: Analysis and Enhancement of Two Key Agreement Protocols for Wireless Networks. In: 2nd International Conference on Communication Systems Software and Middleware, COMSWARE 2007, pp. 1–7 (2007)

    Google Scholar 

  14. Sui, A., Hui, L.C.K., Yiu, S.M., Chow, K.P., Tsang, W.W., Chong, C.F., Pun, K.H., Chan, H.W.: An improved authenticated key agreement protocol with perfect forward secrecy for wireless mobile communication. In: 2005 IEEE Wireless Communications and Networking Conference, vol. 4 (2005)

    Google Scholar 

  15. Wan, Z., Zhu, B., Deng, R.H., Bao, F., Ananda, A.L.: Dos-resistant access control protocol with identity confidentiality for wireless networks. In: 2005 IEEE Wireless Communications and Networking Conference, vol. 3 (2005)

    Google Scholar 

  16. Wan, Z., Ananda, A.L., Deng, R.H., Bao, F.: Anonymous dos-resistant access control protocol using passwords for wireless networks. In: LCN, pp. 328–335. IEEE Computer Society, Los Alamitos (2005)

    Google Scholar 

  17. Zhang, Z., Feng, D.: On Password-based Key Exchange with Enhanced Security. In: The 4rd SKLOIS Workshop on Security Protocols, pp. 132–144 (2009)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. State Key Laboratory of Information Security, Institute of Software, Chinese Academy of Sciences, Beijing, 100190, China

    Zhigang Gao & Dengguo Feng

  2. National Engineering Research Center of Information Security, Beijing, 100190, China

    Zhigang Gao

Authors
  1. Zhigang Gao
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Dengguo Feng
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Institute for Infocomm Research, Singapore

    Feng Bao

  2. Google Inc. and Computer Science Department, Columbia University, Room 464, S.W. Mudd Building, 10027, New York, NY, USA

    Moti Yung

  3. Institute of Software, SKLOIS, Chinese Academy of Sciences, 100190, Beijing, China

    Dongdai Lin

  4. SKLOIS, Graduate University of Chinese Academy of Sciences, 19A Yuquan Road, 100049, Beijing, China

    Jiwu Jing

Rights and permissions

Reprints and permissions

Copyright information

© 2010 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Gao, Z., Feng, D. (2010). An Enhanced Password Authenticated Key Agreement Protocol for Wireless Mobile Network. In: Bao, F., Yung, M., Lin, D., Jing, J. (eds) Information Security and Cryptology. Inscrypt 2009. Lecture Notes in Computer Science, vol 6151. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-16342-5_10

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-16342-5_10

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-16341-8

  • Online ISBN: 978-3-642-16342-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation