Abstract
With the rapid development of electronic commerce transactions on mobile devices, achieving secure communications between communication parties is an important issue. The typical solutions are authenticated key agreement protocols, designed to efficiently implement secure channels for two or more parties communicating via a public network by providing them with a shared secret key, called a session key. In this paper, we propose two key agreement schemes based on elliptic curve cryptosystems suited for mobile environments. The first one is an identity-based remote mutual authentication with key agreement scheme, and it is used to establish a session key between the client and the server. In the second one, we extend the proposed two-party authentication key exchange scheme to develop an efficient three-party authenticated key agreement scheme for establishing a session key between two users with the help of a trusted server. Both our proposed schemes achieve efficiency, practicability, simplicity, and strong notions of security.
Similar content being viewed by others
References
Blake-Wilson S, Johnson D, Menezes A (1997) Key agreement protocols and their security analysis. In: Proc of the sixth IMA international conference on cryptography and coding, pp 30–45
Borisov N, Goldberg I, Wagner D (2001) Intercepting mobile communications: the insecurity of 802.11. In: Proc of the 7th international conference on mobile computing and networking, pp 180–189. doi:10.1145/381677.381695
Canetti R, Krawczyk H (2001) Analysis of key-exchange protocols and their use for building secure channels. In: Proc of advances in cryptology—EUROCRYPT 2001, Innsbruck, Austria, pp 453–474. doi:10.1007/3-540-44987-6_28
Chen TH, Lee WB, Chen HB (2008) A round-and computation-efficient three-party authenticated key exchange protocol. J Syst Softw 81:1581–1590. doi:10.1016/j.jss.2007.11.720
Diffie W, Hellman M (1976) New directions in cryptography. IEEE Trans Inf Theory IT-22(6):644–654. doi:10.1109/TIT.1976.1055638
Guo H, Li Z, Mu Y, Zhang X (2008) Cryptanalysis of simple three party key exchange protocol. Comput Secur 27(1):16–21. doi:10.1016/j.cose.2008.03.001
He D, Chen Y (2011) An ID-based three-party authenticated key exchange protocol using elliptic curve cryptography for mobile-commerce environments. In: IACR cryptology eprint archive. http://eprint.iacr.org/2011/195.pdf
He D, Chen J, Hu J (2011) An ID-based client authentication with key agreement protocol for mobile client-server environment on ECC with provable security. Inf Fusion 13:223–230. doi:10.1016/j.inffus.2011.01.001
Hölbl M, Welzer T, Brumen B (2010) Two proposed identity-based three-party authenticated key agreement protocols from pairings. Comput Secur 29(2):244–252. doi:10.1016/j.cose.2009.08.006
Islam SH, Biswas GP (2011) A more efficient and secure ID-based remote mutual authentication with key agreement scheme for mobile devices on elliptic curve cryptosystem. J Syst Softw 84(11):1892–1898. doi:10.1016/j.jss.2011.06.061
Kaliski B Jr (2001) An unknown key-share attack on the MQV key agreement protocol. ACM Trans Inf Syst Secur 4:275–288. doi:10.1145/501978.501981
Koblitz N (1987) Elliptic curve cryptosystem. Math Comput 48:203–209
Lee CC, Chang YF (2008) On security of a practical three-party key exchange protocol with round efficiency. Inf Technol Control 37(4):333–335
Lee SW, Kim HS, Yoo KY (2005) Efficient verifier-based key agreement protocol for three parties without server’s public key. Appl Math Comput 167(2):996–1003. doi:10.1016/j.amc.2004.06.129
Lu R, Cao Z (2007) Simple three-party key exchange protocol. Comput Secur 26(1):94–97. doi:10.1016/j.cose.2006.08.005
Miller VS (1986) Use of elliptic curves in cryptography. In: Proc of advances in cryptology—CRYPTO, vol 85, pp 417–426
Padmavathy R (2010) Improved three party EKE protocol. Inf Technol Control 39(3):220–226
Tan Z (2010) An enhanced three-party authentication key exchange protocol for mobile commerce environments. J Commun 5:436–443. doi:10.4304/jcm.5.5.436-443
Tseng YM (2007) An efficient two-party identity-based key exchange protocol. Informatica 18:125–136
Yang JH, Chang CC (2009) An ID-based remote mutual authentication with key agreement scheme for mobile devices on elliptic curve cryptosystem. Comput Secur 28:138–143. doi:10.1016/j.cose.2008.11.008
Yang JH, Chang CC (2009) An efficient three-party authenticated key exchange protocol using elliptic curve cryptography for mobile-commerce environments. J Syst Softw 82:1497–1502. doi:10.1016/j.jss.2009.03.075
Yoon E, Choi S, Yoo K (2012) A secure and efficiency ID-based authenticated key agreement scheme based on elliptic curve cryptosystem for mobile devices. Int J Innov Comput Inf Control 8(4):2637–2653
Yoon EJ, Yoo KY (2008) Improving the novel three-party encrypted key exchange protocol. Comput Stand Interfaces 30(5):309–314. doi:10.1016/j.csi.2007.08.018
Yoon E, Yoo K (2009) Robust ID-based remote mutual authentication with key agreement protocol for mobile devices on ECC. In: Proc of 2009 international conference on computational science and engineering, pp 633–640. doi:10.1109/CSE.2009.363
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Chou, CH., Tsai, KY. & Lu, CF. Two ID-based authenticated schemes with key agreement for mobile environments. J Supercomput 66, 973–988 (2013). https://doi.org/10.1007/s11227-013-0962-3
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11227-013-0962-3