An efficient password authenticated key exchange protocol for imbalanced wireless networks

https://doi.org/10.1016/j.csi.2004.08.002Get rights and content

Abstract

Recently, Zhu et al. proposed a password authenticated key exchange protocol based on RSA. Then, Yeh et al. demonstrated that Zhu et al.'s protocol suffers from the undetectable password-guessing attacks and proposed an improved version. However, there are still some security flaws in Yeh et al.'s proposed protocol. Moreover, the computation load of the wireless device is not light enough. For lightening the computation load, a secure and practical protocol is presented in this paper.

Introduction

With the speedy growth of information science, both the wired networks and the wireless ones have developed very well. More and more people use wireless entities to communicate with other people. As we know, transmitting information through the air may result in some security damages since air is a public medium. How to communicate securely in an insecure communication channel becomes an important issue. As a result, the security service for user authentication and secret key distribution comes into being for communication networks. Many authentication methods have been proposed for electronic commerce environments—Kerberos [1] for example. Among them, the password authentication scheme is the most commonly used mechanism. In the password authentication scheme, a client shares an easy-to-remember password with a trusted server. The concepts are also applied in other usages [2], [3], [4].

However, protocols with easy-to-remember passwords are vulnerable to password-guessing attacks. In Ref. [5], Ding and Horster divided password-guessing attacks into three types: (1) detectable on-line password-guessing attacks, (2) undetectable on-line password-guessing attacks and (3) off-line password-guessing attacks. It is known that only the legal user and the sever know the legal user's password. If the malicious user Eve wants to guess the user's password with on-line password-guessing attacks, he/she needs to send a request to the server and waits for the response from the server to determine whether the guessed password is valid or not. With deep insight into off-line password-guessing attacks, too meaningful information such as the identity of a party may result in damage.

In 1992, Bellovin and Merrit [2] presented an encrypted key exchange protocol (EKE), which is the landmark of two-party authentication and other key exchange protocols [6], [7]. Most schemes are based on Diffie-Hellman key exchange protocol [8]. However, the limitation of a low-power device makes these schemes not suitable for imbalanced wireless networks. It is because the modular exponential operations need to be executed by both communication parties and takes the low-power device a long time. Recently, Zhu et al. [9] proposed a password authenticated key exchange protocol based on RSA [10]. They claimed that the proposed protocol is efficient enough to be implemented for low-power devices. Later, Yeh et al. [11] demonstrated that Zhu et al.'s proposed protocol does not ensure explicit key authentication such that the proposed protocol suffers from the undetectable on-line password-guessing attacks. Then, they presented an improvement to overcome the found weakness.

Yeh et al.'s protocol still employs the concepts of RSA public key cryptosystem. Hence, the client encrypts the secret information such that only the user owning the correct private key can get the secret information. Nevertheless, no certificate is applied for proving the legality of the received public key pair. What is more, there is only a simple interactive protocol used to prove the validity of the RSA public key pair. This approach results in serious security flaws in Yeh et al.'s proposed protocol. Because of the security flaws, any malicious user can impersonate the server to get the important information to perform off-line password-guessing attacks. On the other hand, the computation load of the low-power device is not light enough. Owing to the above mentioned drawbacks, we propose a password authenticated key exchange protocol, which is not only secure but also efficient.

The paper is organized as follows. In Section 2, we list the notations used in the reviewed protocols. In Section 3, we review Zhu et al.'s proposed protocol and the drawbacks of it. Then, Yeh et al.'s proposed protocol and the drawbacks of it are shown in Section 4. In Section 5, we present the proposed password authenticated key exchange protocol for imbalanced wireless networks followed with the analyses and more discussions in Section 6. Finally, we draw some conclusions in Section 7.

Section snippets

Notations

The notations used in the reviewed protocols are listed as follows.

    A

    the server

    B

    the low-power client

    IDA/IDB

    the identity of A/B

    pw

    the password shared between A and B

    (e, n)

    the RSA public key pair of A

    d

    the RSA private key of A

    EK/DK

    a symmetric en/decryption algorithm, where K is the involved key

    H1, H2, H3, H4, H5, H6

    distinct cryptographic hash functions

A review and cryptanalysis of Zhu et al.'s protocol

In this section, we first review Zhu et al.'s proposed protocol. Then, the cryptanalysis of Zhu et al.'s protocol is shown in Section 3.2.

A review and cryptanalysis of Yeh et al.'s protocol

In the following, we first review Yeh et al.'s proposed protocol in Section 4.1. Then, the cryptanalysis of Yeh et al.'s protocol is presented in Section 4.2.

The proposed scheme

As stated in the reviewed schemes, A denotes the system and B denotes the low-power client, where IDA and IDB are the identities of A and B, respectively. And pw is the password shared between A and B. The system A publishes the following public system parameters: (1) E1P/D1P: a symmetric en/decryption algorithm, where P is the involved password; (2) F1, F2, F3: distinct cryptographic hash functions; and (3) n=p*q, where p≡3 (mod 4) and q≡3 (mod 4) are two large primes kept secretly by the

Security analyses and more discussions

In this section, we are going to demonstrate that our proposed protocol is not only secure but also efficient. And the properties achieved by the proposed protocol are also given.

Conclusions

Due to the drawbacks of Zhu et al.'s and Yeh et al.'s protocols, we propose a brand-new protocol for imbalanced wireless networks. According to the security analyses, it is obvious that our proposed protocol is secure enough to withstand all possible attacks including those Zhu et al.'s and Yeh et al.'s protocols suffer from. What is more, our proposed protocol provides both power saving and computation efficiency, which makes the proposed protocol suitable for the imbalanced wireless networks.

Ya-Fen Chang received the BS degree in computer science and information engineering from National Chiao Tung University, Hsinchu, Taiwan in 2000. She is currently pursuing her Ph.D. degree in computer science and information engineering from National Chung Cheng University, Chiayi, Taiwan. Her current research interests include electronic commerce, information security, cryptography, and mobile communications.

References (11)

  • B.C. Neuman et al.

    Kerberos: an authentication service for computer networks

    IEEE Communications Magazine

    (1994)
  • S.M. Bellovin et al.

    Encrypted Key Exchange: Password-based Protocols Secure against Dictionary Attacks

  • C.L. Lin et al.

    Three-party encrypted key exchange: attacks and a solution

    ACM SIGOPS Operating Systems Review

    (2000 (October))
  • C.L. Lin et al.

    Three-party encrypted key exchange without server public-keys

    IEEE Communications Letters

    (2001 (December))
  • Y. Ding et al.

    Undetectable on-line password guessing attacks

    ACM SIGOPS Operating Systems Review

    (1995 (October))
There are more references available in the full text version of this article.

Cited by (0)

Ya-Fen Chang received the BS degree in computer science and information engineering from National Chiao Tung University, Hsinchu, Taiwan in 2000. She is currently pursuing her Ph.D. degree in computer science and information engineering from National Chung Cheng University, Chiayi, Taiwan. Her current research interests include electronic commerce, information security, cryptography, and mobile communications.

Chin-Chen Chang received the BS degree in applied mathematics in 1977 and the MS degree in computer and decision sciences in 1979, both from National Tsing Hua University, Hsinchu, Taiwan. He received his Ph.D. in computer engineering in 1982 from National Chiao Tung University, Hsinchu, Taiwan. During the academic years of 1980–1983, he was on the faculty of the Department of Computer Engineering at National Chiao Tung University. From 1983 to 1989, he was among the faculty of the Institute of Applied Mathematics, National Chung Hsing University, Taichung, Taiwan. Since August 1989, he has worked as a professor of the Institute of Computer Science and Information Engineering at National Chung Cheng University, Chiayi, Taiwan. Since 2002, he has been a Chair Professor of National Chung Cheng University. His current research interests include database design, computer cryptography, image compression and data structure. Dr. Chang is a fellow of the IEEE, a fellow of the IEE, a research fellow of National Science Council of ROC, and a member of the Chinese Language Computer Society, the Chinese Institute of Engineers of the Republic of China, the International Association for Crypto-logic Research, the Computer Society of the Republic of China, and the Phi Tau Phi Honorary Society of the Republic of China. Dr. Chang was the chair and is the honorary chair of the executive committee of the Chinese Cryptography and Information Security Association of the Republic of China.

Jen-Ho Yang received the BS degree and the MS degree in information engineering from I-Shou University, Kaohsiung, Taiwan in 1998 and 2002, respectively. He is currently pursuing his Ph.D. degree in computer science and information engineering from National Chung Cheng University, Chiayi, Taiwan. His current research interests include information security and cryptography.

View full text