Abstract
An authenticated key exchange (AKE) between two end-users is a crucial procedure to ensure data integrity and confidentiality while they communicate through a public channel. The existing three-party AKE schemes conventionally employ a relatively easy to remember password and a systematic identity to generate and protect shared secrets, which are used to verify the legitimate participants for subsequent communications. Thus, none of these protocols could simultaneously achieve robust security, identity privacy, and revocation. The security drawbacks commonly arise from the low-entropy password stored in a server or a smart card. This study briefly reviewed and analyzed the weaknesses of Islam, and Yon and Yons’ schemes. Biometric information and a random one-time password were then utilized to design a robust protocol for systems with highly dynamic users. The proposed scheme not only resists all currently known attacks, but also provides several desirable properties, including the revocations of smart cards or users, and the reuse of compromised biometric information.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Steiner M, Tsudik G, Waidner M (1995) Refinement and extension of encrypted key exchange. ACM SIGOPS Operating Systems Review 29(3):22–30
Lin CL, Sun HM, Hwang T (2000) Three-party encrypted key exchange: attacks and a solution. ACM SIGOPS Operating Systems Review 34(4):12–20
Ding Y, Horster P (1995) Undetectable on-line password guessing attacks. ACM SIGOPS Operating Systems Review 29(4):77–86
Xiong H, Chen Y, Guan Z, Chen Z (2013) Finding and fixing vulnerabilities in several three-party password authenticated key exchange protocols without server public keys. Inf Sci 235:329–340
Farash MS, Attari MA (2014) An efficient client-client password-based authentication scheme with provable security. J Supercomput 70(2):1002–1022
Tso R (2013) Security analysis and improvements of a communication-efficient three-party password authenticated key exchange protocol. J Supercomput 66(2):863–874
Wei F, Ma J, Ge A, Li G, Ma C (2015) A provably secure three-party password authenticated key exchange protocol without using server’s public-keys and symmetric cryptosystems. Information Technology And Control 44(2):195–206
Lin TH, Lee TF (2014) Secure verifier-based three-party authentication schemes without server public keys for data exchange in telecare medicine information systems. J Med Syst 38(5):1–9
Tu H, Kumar N, He D, Kim J, Lee C (2014) An efficient password-based three-party authenticated multiple key exchange protocol for wireless mobile networks. J Supercomput 70(1):224–235
Li W, Wen Q, Su Q, Zhang H, Jin Z (2012) Password-authenticated multiple key exchange protocol for mobile applications. China Communications 9(1):64–72
Nam J, Choo KKR, Han S, Paik J, Won D (2015) Two-round password-only authenticated key exchange in the three-party setting. Symmetry 7(1):105–124
Deebak B, Muthaiah R, Thenmozhi K, Swaminathan P (2015) Evaluating three party authentication and key agreement protocols using IP multimedia server-client systems. Wirel Pers Commun 81(1):77–99
Lee CC, Li CT, Hsu CW (2013) A three-party password-based authenticated key exchange protocol with user anonymity using extended chaotic maps. Nonlinear Dyn 73(1-2):125–132
Farash MS, Attari MA, Kumari S (2014) Cryptanalysis and improvement of a three-party password-based authenticated key exchange protocol with user anonymity using extended chaotic maps. International Journal of Communication Systems
Hu X, Zhang Z (2014) Cryptanalysis and enhancement of a chaotic maps-based three-party password authenticated key exchange protocol. Nonlinear Dyn 78(2):1293–1300
Farash MS, Attari MA (2014) An efficient and provably secure three-party password-based authenticated key exchange protocol based on chebyshev chaotic maps. Nonlinear Dyn 77(1-2):399–411
Xie Q, Hu B, Wu T (2015) Improvement of a chaotic maps-based three-party password-authenticated key exchange protocol without using server’s public key and smart card. Nonlinear Dyn 79(4):2345–2358
Islam SH (2015) Design and analysis of a three party password-based authenticated key exchange protocol using extended chaotic maps. Inf Sci 312:104–130
Zhao F, Gong P, Li S, Li M, Li P (2013) Cryptanalysis and improvement of a three-party key agreement protocol using enhanced chebyshev polynomials. Nonlinear Dyn 74(1-2):419–427
Lee CC, Li CT, Chiu ST, Lai YM (2014) A new three-party-authenticated key agreement scheme based on chaotic maps without password table. Nonlinear Dyn 79(4):2485–2495
Wang X, Zhao J (2010) An improved key agreement protocol based on chaos. Commun Nonlinear Sci Numer Simul 15(12):4052–4057
Jaung WS (2004) Efficient three-party key exchange using smart cards. IEEE Trans Consum Electron 50(2):619–624
Kwon JO, Jeong IR, Lee DH (2007) Three-round smart card-based key exchange scheme. IEICE Trans Commun 90(11):3255–3258
Yoon EJ, Yoo KY (2008) Enhanced three-round smart card-based key exchange protocol. In: Autonomic and trusted computing, pp 507–515. Springer
Wu S, Zhu Y, Pu Q (2011) Cryptanalysis and enhancements of three-party authenticated key exchange protocol using ECC. J Inf Sci Eng 27(4):1329–1343
Zhao J, Gu D, Zhang L (2012) Security analysis and enhancement for three-party password-based authenticated key exchange protocol. Security and Communication Networks 5(3):273–278
Chen TH, Lee WB, Chen HB (2008) A round–and computation-efficient three-party authenticated key exchange protocol. J Syst Softw 81(9):1581–1590
Khan MK, He D (2012) Weaknesses of ”security analysis and enhancement for three-party password-based authenticated key exchange protocol”. In: Data and knowledge engineering, pp 243–249. Springer
Park S, Park HJ (2014) Privacy preserving three-party authenticated key agreement protocol using smart cards. International Journal of Security and Its Applications Accepted for the publication
Yang H, Zhang Y, Zhou Y, Fu X, Liu H, Vasilakos AV (2014) Provably secure three-party authenticated key agreement protocol using smart cards. Comput Netw 58:29–38
Li X, Zhang Y, Liu X, Cao J (2013) A lightweight three-party privacy-preserving authentication key exchange protocol using smart card. KSII Trans Internet Inf Syst (TIIS) 7(5):1313–1327
Yoon EJ, Yoo KY (2011) Robust biometric-based three-party authenticated key establishment protocols. Int J Comput Math 88(6):1144–1157
Jin ATB, Ling DNC, Goh A (2004) Biohashing: two factor authentication featuring fingerprint data and tokenised random number. Pattern Recogn 37(11):2245–2255
Tournemille J, Tamagno D (2005) Smart card device used as mass storage device. US Patent 6,945,454
Okamoto T, Pointcheval D (2001) The gap-problems: a new class of problems for the security of cryptographic schemes. In: International workshop on public key cryptography, pp 104–118. Springer
Das AK, Bruhadeshwar B (2013) An improved and effective secure password-based authentication and key agreement scheme using smart cards for the telecare medicine information system. J Med Syst 37(5):1–17
Dolev D, Yao A (1983) On the security of public key protocols. IEEE Trans Inf Theory 29(2):198–208
Barker E (2016) Recommendation for key management part 1: General (revision 4). NIST Spec Publ 800(57):1–147
Mishkovski I, Kocarev L (2011) Chaos-based public-key cryptography. In: Chaos-based cryptography, pp 27–65. Springer
Güneysu T, Paar C (2008) Ultra high performance ECC over NIST primes on commercial FPGAs. In: Cryptographic hardware and embedded systems–CHES 2008, pp 62–78. Springer
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Nguyen, NT., Chang, CC. Untraceable biometric-based three-party authenticated key exchange for dynamic systems. Peer-to-Peer Netw. Appl. 11, 644–663 (2018). https://doi.org/10.1007/s12083-017-0584-2
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s12083-017-0584-2