Abstract
With the rapid development of mobile communication technologies and network applications, communication models for mobile client and server interaction are becoming increasingly popular. The certificateless public key cryptography is suitable for designing security protocols which are used for mobile devices under the model of client and server. In the last decade, various ID-based protocols have been discussed, but some of them have several flaws. To address the security problems found in the key exchange protocol designed by Hassan et al., we introduce a new protocol named iHEEL protocol, a new key exchange and authentication protocol in client-server environment. Our new protocol is proved to be secure under the random oracle model and computational Diffie-Hellman assumption. Finally, iHEEL protocol is compared with several preceding protocols in terms of security properties and communication cost, which is measured by different data volumes.
Similar content being viewed by others
References
Abdalla M, Fouque P, Pointcheval D (2005) Password-based authenticated key exchange in the three-party setting. In: Proceedings of international conference on theory and practice in public key cryptography, public key cryptography 2005. Springer, New York, pp 65–84
Al-Riyami S, Paterson K (2003) Certificateless public key cryptography. In: Proceedings of international conference on the theory and application of cryptology and information security, advances in cryptology—ASIACRYPT 2003. Springer, New York, pp 452–473
Alawatugoda J, Stebila D, Boyd C (2014) Modelling after-the-fact leakage for key exchange. In: Proceedings of the 9th ACM symposium on information, computer and communications security. ACM, pp 207–216
Bellare M, Chang L, Yacobi Y (1992) Security for personal communication services: public-key vs. private key approaches. In: Proceedings of the third IEEE international symposium on personal, indoor and mobile radio communications. IEEE, pp 26–31
Boneh D, Franklin M (2003) Identity-based encryption from the weil pairing. SIAM J Comput 32(3):586–615
Canetti R, Krawczyk H (2001) Analysis of key-exchange protocols and their use for building secure channels. In: Proceedings of international conference on the theory and applications of cryptographic techniques, advances in cryptology—EUROCRYPT 2001. Springer, New York, pp 453–474
Chen L, Cheng Z, Smart N (2007) Identity-based key agreement protocols from pairings. Int J Inf Secur 6(4):213–241
Das M, Saxena A, Gulati V, Phatak D (2006) A novel remote user authentication scheme using bilinear pairings. Comput Secur 25(3):184–189
Fang G, Huang G (2006) Improvement of recently proposed remote user authentication schemes. IACR Cryptol ePrint Arch 2006:200
Giri D, Srivastava P (2006) An improved remote user authentication scheme with smart cards using bilinear pairings. IACR Cryptol ePrint Arch 2006:274
Goriparthi T, Das M, Negi A, Saxena A (2006) Cryptanalysis of recently proposed remote user authentication schemes. IACR Cryptol ePrint Arch 2006:28
Goriparthi T, Das M, Negi A, Saxena A (2009) An improved bilinear pairing based remote user authentication scheme. Comput Stand Interfaces 31(1):181–185
Hassan A, Eltayieb N, Elhabob R, Li F (2017) A provably secure certificateless user authentication protocol for mobile client-server environment. In: Proceedings of international conference on emerging internetworking, data and web technologies. Springer, New York, pp 592–602
Hassan A, Eltayieb N, Elhabob R, Li F (2018) An efficient certificateless user authentication and key exchange protocol for client-server environment. J Ambient Intell Humaniz Comput 9(6):1713–1727
He D (2012) An efficient remote user authentication and key agreement protocol for mobile client-server environment from pairings. Ad Hoc Netw 10(6):1009–1016
Hou M, Xu Q (2009) Secure certificateless-based authenticated key agreement protocol in the client-server setting. In: Proceedings of IEEE international symposium on IT in medicine and education, IEEE, pp 308–311
Shamir A (1984) Identity-based cryptosystems and signature schemes. In: Proceedings of workshop on the theory and application of cryptographic techniques, advances in cryptology—CRYPTO 1984. Springer, New York, pp 47–53
Shim K, Lee Y, Park C (2013) Eibas: an efficient identity-based broadcast authenticated scheme in wireless sensor networks. Ad Hoc Netw 11(1):182–189
Tsai J, Lo N (2015) Provably secure and efficient anonymous id-based authentication protocol for mobile devices using bilinear pairings. Wirel Pers Commun 83(2):1273–1286
Tseng Y, Wu T, Wu J (2008) A pairing-based user authentication scheme for wireless clients with smart cards. Informatica 19(2):285–302
Wu F, Xu L, Kumari S, Li X (2017a) A privacy-preserving and provable user authentication scheme for wireless sensor networks based on internet of things security. J Ambient Intell Humaniz Comput 8(1):101–116
Wu L, Zhang Y, Xie Y, Alelaiwi A, Shen J (2017b) An efficient and secure identity-based authentication and key agreement protocol with user anonymity for mobile devices. Wirel Pers Commun 94(4):3371–3387
Wu T, Tseng Y (2010) An efficient user authentication and key exchange protocol for mobile client-server environment. Comput Netw 54(9):1520–1530
Yang G, Mu Y, Susilo W, Wong D (2013) Leakage resilient authenticated key exchange secure in the auxiliary input model. In: Proceedings of international conference on information security practice and experience, information security practice and experience. Springer, New York, pp 204–217
Yang Z, Li S (2015) On security analysis of an after-the-fact leakage resilient key exchange protocol. Inf Process Lett 116(1):33–40
Yoon E, Yoo K (2010) A new efficient id-based user authentication and key exchange protocol for mobile client-server environment. In: Proceedings of IEEE international conference on wireless information technology and systems, IEEE, pp 1–4
Acknowledgements
This work was supported in part by the National Natural Science Foundation of China under Grant 61872449 and Grant U1708262. The authors thank the anonymous reviewers for their constructive comments which helped them improve the quality and presentation of this paper.
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Li, Y., Cheng, Q. & Li, X. Analysis and improvement of a key exchange and authentication protocol in client-server environment. J Ambient Intell Human Comput 11, 3787–3799 (2020). https://doi.org/10.1007/s12652-019-01582-x
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s12652-019-01582-x