Skip to main content
SpringerLink
Log in

A Password-Based Mutual Authenticated Key Exchange Scheme by Blockchain for WBAN

  • Conference paper
  • First Online:
Machine Learning for Cyber Security (ML4CS 2023)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 14541))

Included in the following conference series:

  • 31 Accesses

Abstract

With the continuous development of Internet of Things technologies, Wireless Body Area Networks (WBAN) have shown great application potentials in the healthcare industry. However, adversaries may masquerade as legitimate users and sensitive medical data may be intercepted during transmission. Therefore, proper authentication and secure communications are required in WBAN. Password-based authenticated key exchange (PAKE) is an attractive solution for this problem due to its simplicity and low costs, i.e. the user and the server can use their shared password to perform authentication and to establish a session key for secure information exchange. However, many existing PAKE protocols are suffering some limitations. First, some schemes only consider one-way authentication, while masquerade is still possible on the server side. Second, some schemes are vulnerable to the offline dictionary attack, and the consequence is that the user’s password with limited entropy can be leaked. Third, some schemes need to employ secure channels, making them less practical in real-world applications. In this paper, we propose a password-based mutual authenticated key exchange scheme by Blockchain for WBAN, in which all these issues are addressed. In particular, mutual authentication is realized, and the adversary cannot launch the offline dictionary attack. Moreover, these features are achieved without employing a secure channel. Therefore, it achieves a good balance between usability and security. Security and performance analyses demonstrate that it satisfies the desirable security requirements and is very efficient for practical applications.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 119.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Bellare, M., Pointcheval, D., Rogaway, P.: Authenticated key exchange secure against dictionary attacks. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 139–155. Springer, Heidelberg (2000). https://doi.org/10.1007/3-540-45539-6_11

    Chapter  Google Scholar 

  2. Bellovin, S.M., Merritt, M.: Encrypted key exchange: password-based protocols secure against dictionary attacks (1992)

    Google Scholar 

  3. Bresson, E., Chevassut, O., Pointcheval, D.: Security proofs for an efficient password-based key exchange. In: Proceedings of the 10th ACM Conference on Computer and Communications Security, pp. 241–250 (2003)

    Google Scholar 

  4. Farash, M.S., Attari, M.A.: An efficient and provably secure three-party password-based authenticated key exchange protocol based on Chebyshev chaotic maps. Nonlinear Dyn. 77(1), 399–411 (2014)

    Article  MathSciNet  Google Scholar 

  5. Gu, Y., Jarecki, S., Krawczyk, H.: KHAPE: asymmetric PAKE from key-hiding key exchange. In: Malkin, T., Peikert, C. (eds.) CRYPTO 2021. LNCS, vol. 12828, pp. 701–730. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-84259-8_24

    Chapter  Google Scholar 

  6. Halevi, S., Krawczyk, H.: Public-key cryptography and password protocols. ACM Trans. Inf. Syst. Secur. (TISSEC) 2(3), 230–268 (1999)

    Article  Google Scholar 

  7. Hao, F., Ryan, P.: J-PAKE: authenticated key exchange without PKI. In: Gavrilova, M.L., Tan, C.J.K., Moreno, E.D. (eds.) Transactions on Computational Science XI. LNCS, vol. 6480, pp. 192–206. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-17697-5_10

    Chapter  Google Scholar 

  8. Harkins, D.: Simultaneous authentication of equals: a secure, password-based key exchange for mesh networks. In: 2008 Second International Conference on Sensor Technologies and Applications (sensorcomm 2008), pp. 839–844. IEEE (2008)

    Google Scholar 

  9. Hussain, M., Mehmood, A., Khan, S., Khan, M.A., Iqbal, Z.: Authentication techniques and methodologies used in wireless body area networks. J. Syst. Architect. 101, 101655 (2019)

    Article  Google Scholar 

  10. Ibrahim, M.H., Kumari, S., Das, A.K., Wazid, M., Odelu, V.: Secure anonymous mutual authentication for star two-tier wireless body area networks. Comput. Methods Progr. Biomed. 135, 37–50 (2016)

    Article  Google Scholar 

  11. Jablon, D.P.: Extended password key exchange protocols immune to dictionary attack. In: Proceedings of IEEE 6th Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprises, pp. 248–255. IEEE (1997)

    Google Scholar 

  12. Jarecki, S., Krawczyk, H., Xu, J.: OPAQUE: an asymmetric PAKE protocol secure against pre-computation attacks. In: Nielsen, J.B., Rijmen, V. (eds.) EUROCRYPT 2018. LNCS, vol. 10822, pp. 456–486. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-78372-7_15

    Chapter  Google Scholar 

  13. Jiang, J., Susilo, W., Baek, J.: Security analysis of “smaka: secure many-to-many authentication and key agreement scheme for vehicular networks’’. IEEE Trans. Inf. Forensics Secur. 17, 3006–3007 (2022)

    Article  Google Scholar 

  14. Kang, B., Xie, M., Si, L.: Research on a biometrics-based multi-cloud server authentication scheme. Netinfo Secur. 19(6), 45–52 (2019)

    Google Scholar 

  15. Katz, J., Ostrovsky, R., Yung, M.: Efficient password-authenticated key exchange using human-memorable passwords. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 475–494. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-44987-6_29

    Chapter  Google Scholar 

  16. Krawczyk, H.: HMQV: a high-performance secure Diffie-Hellman protocol. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 546–566. Springer, Heidelberg (2005). https://doi.org/10.1007/11535218_33

    Chapter  Google Scholar 

  17. Kudla, C., Paterson, K.G.: Modular security proofs for key agreement protocols. In: Roy, B. (ed.) ASIACRYPT 2005. LNCS, vol. 3788, pp. 549–565. Springer, Heidelberg (2005). https://doi.org/10.1007/11593447_30

    Chapter  Google Scholar 

  18. Kwon, J.O., Jeong, I.R., Lee, D.H.: Light-weight key exchange with different passwords in the standard model. J. Univ. Comput. Sci. 15(5), 1042–1064 (2009)

    MathSciNet  Google Scholar 

  19. software ltd, S.: Miracle. https://github.com/miracl/MIRACL, June 2015

  20. Lucks, S.: Open key exchange: how to defeat dictionary attacks without encrypting public keys. In: Christianson, B., Crispo, B., Lomas, M., Roe, M. (eds.) Security Protocols 1997. LNCS, vol. 1361, pp. 79–90. Springer, Heidelberg (1998). https://doi.org/10.1007/BFb0028161

    Chapter  Google Scholar 

  21. Nam, J., et al.: Password only authenticated three-party key exchange with provable security in the standard model. Sci. World J. 2014, 825072 (2014)

    Google Scholar 

  22. Narwal, B., Mohapatra, A.: A review on authentication protocols in wireless body area networks (WBAN). In: 2018 3rd International Conference on Contemporary Computing and Informatics (IC3I), pp. 227–232. IEEE (2018)

    Google Scholar 

  23. Steiner, M., Tsudik, G., Waidner, M.: Refinement and extension of encrypted key exchange. ACM SIGOPS Oper. Syst. Rev. 29(3), 22–30 (1995)

    Article  Google Scholar 

  24. Szalachowski, P.: Password-authenticated decentralized identities. IEEE Trans. Inf. Forensics Secur. 16, 4801–4810 (2021)

    Article  Google Scholar 

  25. Thomas, K., et al.: Protecting accounts from credential stuffing with password breach alerting. In: 28th USENIX Security Symposium (USENIX Security 2019), pp. 1556–1571 (2019)

    Google Scholar 

  26. Xiao, S., Zhang, H., Xiao, H., Chen, F.: A password authentication key agreement protocol for IoT devices. Netinfo Secur. 21(10), 83–89 (2021)

    Google Scholar 

  27. Yi, X., et al.: ID2s password-authenticated key exchange protocols. IEEE Trans. Comput. 65(12), 3687–3701 (2016)

    MathSciNet  Google Scholar 

  28. Yi, X., Tso, R., Okamoto, E.: ID-Based group password-authenticated key exchange. In: Takagi, T., Mambo, M. (eds.) IWSEC 2009. LNCS, vol. 5824, pp. 192–211. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-04846-3_13

    Chapter  Google Scholar 

  29. Yi, X., Tso, R., Okamoto, E.: Identity-based password-authenticated key exchange for client/server model. SECRYPT 12, 45–54 (2012)

    Google Scholar 

  30. Zhang, J., Zhong, H., Cui, J., Xu, Y., Liu, L.: SMAKA: secure many-to-many authentication and key agreement scheme for vehicular networks. IEEE Trans. Inf. Forensics Secur. 16, 1810–1824 (2020)

    Article  Google Scholar 

  31. Zhang, Y., Xiang, Y., Wu, W., Alelaiwi, A.: A variant of password authenticated key exchange protocol. Futur. Gener. Comput. Syst. 78, 699–711 (2018)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. School of Computer Science and Artificial Intelligence, Wuhan University of Technology, Wuhan, 430070, China

    Pei Huang, Yaorui He, Ting Liang & Zhe Xia

  2. Hubei Key Laboratory of Transportation Internet of Things, Wuhan University of Technology, Wuhan, 430070, China

    Zhe Xia

Authors
  1. Pei Huang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Yaorui He
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Ting Liang
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Zhe Xia
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Pei Huang .

Editor information

Editors and Affiliations

  1. University of Queensland, St Lucia, QLD, Australia

    Dan Dongseong Kim

  2. RMIT University, Melbourne, VIC, Australia

    Chao Chen

Rights and permissions

Reprints and permissions

Copyright information

© 2024 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Huang, P., He, Y., Liang, T., Xia, Z. (2024). A Password-Based Mutual Authenticated Key Exchange Scheme by Blockchain for WBAN. In: Kim, D.D., Chen, C. (eds) Machine Learning for Cyber Security. ML4CS 2023. Lecture Notes in Computer Science, vol 14541. Springer, Singapore. https://doi.org/10.1007/978-981-97-2458-1_5

Download citation

  • DOI: https://doi.org/10.1007/978-981-97-2458-1_5

  • Published:

  • Publisher Name: Springer, Singapore

  • Print ISBN: 978-981-97-2457-4

  • Online ISBN: 978-981-97-2458-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation