ABSTRACT
The key exchange protocol is the most important cryptography mechanism to protect end-to-end communications by the secret session key encryption. This paper focuses on the four-party key exchange protocol in a environment in which two clients (or UEs) are registered under two distinct servers. We propose a Three-Way Key Exchange and Agreement Protocol, denoted by TW-KEAP. It makes two communication parties have a secret session key to protect their subsequent communications on an efficient way, and intends the servers to involve with the key exchange procedure to derive the session key for the lawful interception support. Security analyses show that it provides mutual authentication, replay attack protection and perfect forward secrecy. Furthermore, the TW-KEAP has not only the shortest total service time based on the experimental results but also the shortest queuing delay from the queuing model analyses, as compared with current alternatives.
- W. Diffie, M. Hellman. New directions in cryptography. IEEE Transactions on Information Theory 1976; 22 (6): 644--654.Google Scholar
- S.M. Bellovin, M. Merritt. Encrypted Key Exchange: Password-Based Protocols Secure Against Dictionary Attacks. Proceedings of IEEE Symposium on Research in Security and Privacy 1992; 72--84. Google ScholarDigital Library
- M. Bellare, D. Pointcheval, P. Rogaway, Authenticated key exchange secure against dictionary attacks. Advances in Cryptology EUROCRYPT'00 2000; 139--155. Google ScholarDigital Library
- V. Boyko, P. MacKenzie, S. Patel. Provably Secure Password-Authenticated Key Exchange Using Diffie-Hellman. Advances in Cryptology EUROCRYPT'00 2000; 156--171. Google ScholarDigital Library
- J. Katz, R. Ostrovsky, M. Yung. Efficient Password-Authenticated Key Exchange Using Human-Memorable Passwords. Advances in Cryptology EUROCRYPT '01 2001; 475--494. Google ScholarDigital Library
- C. Lv, M. Ma, H. Li, J. Ma. An Efficient Three-Party Authenticated Key Exchange Protocol with One-Time Key. INFOCOM IEEE Conference on Computer Communications Workshops 2010; 1--5.Google Scholar
- H.-F. Huang. A simple three-party password-based key exchange protocol. International Journal of Communication Systems 2009; 22(7): 857--862. Google ScholarDigital Library
- T.-F. Lee, J.-L. Liu, M.-J. Sung, S.-B. Yang, C.-M. Chen. Communication-efficient three-party protocols for authentication and key agreement. Computers & Mathematics with Applications 2009; 58(4): 641--648. Google ScholarDigital Library
- R. Lu, Z. Cao. Simple three-party key exchange protocol. Computers & Security 2007; 26(1): 94--97.Google Scholar
- H.-T. Yeh, H.-M. Sun, "Password authenticated key exchange protocols among diverse network domains", Computers & Electrical Engineering 2005; 31(3): 175--189. Google ScholarDigital Library
- C.-Y. Chen, T.-Y. Wu, Y.-M. Huang, H.-C. Chao. An efficient end-to-end security mechanism for IP multimedia subsystem. Computer Communications 2008; 31(18): 4259--4268. Google ScholarDigital Library
- J. Rosenberg, H. Schulzrinne, G. Camarillo, A. Johnston, J. Peterson, R. Sparks, M. Handley, and E. Schooler. SIP: Session Initiation Protocol, RFC 3261 2002; available at http://www.ietf.org/rfc/rfc3261.txt. Google ScholarDigital Library
- 3GPP. 3rd Generation Partnership Project; Technical Specification Group Services and Systems Aspects; IP Multimedia Subsystem (IMS); Stage 2. Technical Specification 3G TS 23.228 version 10.3.1 (2011-01), 2011.Google Scholar
- H. Bao, F. Xu, X. Huang. Authentication Key Exchange Protocol for IMS Network. Power and Energy Engineering Conference (APPEEC) 2010 Asia-Pacific 2010; 1--4.Google Scholar
- B. Karpagavinayagam, R. State, O. Festor. Monitoring Architecture for Lawful Interception in VoIP Networks. Second International Conference on Internet Monitoring and Protection 2007. Google ScholarDigital Library
- 3GPP. 3rd Generation Partnership Project; Interworking between the IP Multimedia (IM) Core Network (CN) subsystem and Circuit Switched (CS) networks. Technical Specification 3G TS 29.163 version 10.0.0 (2010--12), 2010.Google Scholar
- Y.-L. Huang, P.-H. Lu, J.D. Tygar, A.D. Joseph. OSNP: Secure wireless authentication protocol using one-time key. Computers & Security 2009; 28(8): 803--815.Google Scholar
- F.-C. Kuo, H. Tschofenig, F. Meyer and X. Fu. Comparison Studies between Pre-Shared and Public Key Exchange Mechanisms for Transport Layer Security. Proceedings INFOCOM 2006. 25th IEEE International Conference on Computer Communications 2006; 1--6.Google Scholar
- Crypto++® Library 5.6.1; http://www.cryptopp.com/.Google Scholar
- A. Munir, A. Gordon-Ross. SIP-Based IMS Signaling Analysis for WiMax-3G Interworking Architectures. IEEE Transactions on Mobile Computing 2010; 9(5): 733--750. Google ScholarDigital Library
- S.C. Borst, A. Buvaneswari, L.M. Drabeck, M.J. Flanagan, J.M. Graybeal, G.K. Hampel, M. Haner, W.M. MacDonald, P.A. Polakos, G. Rittenhouse, I. Saniee, A. Weiss, P.A. Whiting. Dynamic Optimization in Future Cellular Networks. Bell Labs Technical Journal 2005; 10(2): 99--119.Google Scholar
- U. Bernhard, E. Jugl, J. Mueckenheim, H. Pampel, M. Soellner. Intelligent Management of Radio Resources in UMTS Access Networks. Bell Labs Technical Journal 2003; 7(3): 109--126.Google Scholar
Index Terms
- TW-KEAP: an efficient four-party key exchange protocol for end-to-end communications
Recommendations
Enhanced three-party encrypted key exchange without server public keys
This investigation proposes a secure and efficient three-party encrypted key exchange (3PEKE) protocol based on the LSSH-3PEKE protocol proposed by Lin et al. [Lin, C.-L., Sun, H.-M., Steiner, M., Hwang, T., 2001. IEEE Commun. Lett. 5 (12), 497-499]. ...
Beyond eCK: perfect forward secrecy under actor compromise and ephemeral-key reveal
We show that it is possible to achieve perfect forward secrecy (PFS) in two-message or one-round key exchange (KE) protocols even in the presence of very strong active adversaries that can reveal random values of sessions and compromise long-term secret ...
Password authenticated key exchange protocols among diverse network domains
Up to now, all papers in password-authenticated key exchange protocols are constrained to two-party or three-party models. Under these two models, the clients are registered or authenticated by the same server. However, in reality two communicants may ...
Comments