Skip to main content
SpringerLink
Log in

Efficient and secure three-party authenticated key exchange protocol for mobile environments

  • Published:
Journal of Zhejiang University SCIENCE C Aims and scope Submit manuscript

Abstract

Yang and Chang (2009) proposed a three-party authenticated key exchange protocol for securing communications in mobile-commerce environments. Their protocol reduces computation and communication costs by employing elliptic curve cryptosystems. However, Tan (2010) pointed out that Yang and Chang (2009)’s protocol cannot withstand impersonation and parallel attacks, and further proposed an enhanced protocol to resist these attacks. This paper demonstrates that Tan (2010)’s approach still suffers from impersonation attacks, and presents an efficient and secure three-party authenticated key exchange protocol to overcome shown weaknesses.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  • Cagalj, M., Capkun, S., Hubaux, J.P., 2006. Key agreement in peer-to-peer wireless networks. Proc. IEEE, 94(2): 467–478. [doi:10.1109/JPROC.2005.862475]

    Article  Google Scholar 

  • Canetti, R., Krawczyk, H., 2001. Analysis of Key-Exchange Protocols and Their Use for Building Secure Channels. Proc. Advances in Cryptology, p.453–474. [doi:10.1007/3-540-44987-6_28]

    Google Scholar 

  • Chen, T.H., Lee, W.B., Chen, H.B., 2008. A round- and computation-efficient three-party authenticated key exchange protocol. J. Syst. Softw., 81(9):1581–1590. [doi:10.1016/j.jss.2007.11.720]

    Article  MathSciNet  Google Scholar 

  • Diffie, W., Hellman, M., 1976. New directions in cryptography. IEEE Trans. Inf. Theory, 22(6):644–654. [doi:10.1109/TIT.1976.1055638]

    Article  MathSciNet  MATH  Google Scholar 

  • Guo, H., Li, Z., Mu, Y., Zhang, X., 2008. Cryptanalysis of simple three party key exchange protocol. Comput. Secur., 27(1–2):16–21. [doi:10.1016/j.cose.2008.03.001]

    Article  Google Scholar 

  • Hölbl, M., Welzer, T., Brumen, B., 2010. Two proposed identity-based three-party authenticated key agreement protocols from pairings. Comput. Secur., 29(2):244–252. [doi:10.1016/j.cose.2009.08.006]

    Article  Google Scholar 

  • Knuth, D.E., 1981. The Art of Computer Programming, Volume II: Seminumerical Algorithms (2nd Ed.). Addison-Wesley, Reading, MA.

    Google Scholar 

  • Koblitz, N., 1987. Elliptic curve cryptosystem. Math. Comput., 48(177):203–209. [doi:10.1090/S0025-5718-1987-0866109-5]

    Article  MathSciNet  MATH  Google Scholar 

  • Lee, C.C., Chang, Y.F., 2008. On security of a practical three-party key exchange protocol with round efficiency. Inf. Technol. Control, 37(4):333–335.

    MathSciNet  Google Scholar 

  • Lee, S.W., Kim, H.S., Yoo, K.Y., 2005. Efficient verifier-based key agreement protocol for three parties without server’s public key. Appl. Math. Comput., 167(2):996–1003. [doi:10.1016/j.amc.2004.06.129]

    Article  MathSciNet  MATH  Google Scholar 

  • Lu, R., Cao, Z., 2007. Simple three-party key exchange protocol. Comput. Secur., 26(1):94–97. [doi:10.1016/j.cose.2006.08.005]

    Article  Google Scholar 

  • Menezes, A.J., Orschot, P.C., Vanstone, S.A., 1996. Handbook of Applied Cryptography. CRC Press. [doi:10.1201/9781439821916]

    Book  Google Scholar 

  • Miller, V.S., 1986. Use of Elliptic Curves in Cryptography. Proc. Advances in Cryptology, p.417–426. [doi:10.1007/3-540-39799-X-31]

    Chapter  Google Scholar 

  • Padmavathy, R., 2010. Improved three party EKE protocol. Inf. Technol. Control, 39(3):220–226.

    Google Scholar 

  • Schnorr, C.P., 1989. Efficient Identification and Signatures for Smart Cards. Proc. CRYPTO, p.239–252. [doi:10.1007/0-387-34805-0-22]

    Google Scholar 

  • Tan, Z., 2010. An enhanced three-party authentication key exchange protocol for mobile commerce environments. J. Commun., 5(5):436–443. [doi:10.4304/jcm.5.5.436-443]

    Google Scholar 

  • Tsaur, W.J., Chou, C.H., 2005. Efficient algorithms for speeding up the computations of elliptic curve cryptosystems. Appl. Math. Comput., 168(2):1045–1064. [doi:10.1016/j.amc.2004.10.010]

    Article  MathSciNet  MATH  Google Scholar 

  • Yang, J.H., Chang, C.C., 2009. An efficient three-party authenticated key exchange protocol using elliptic curve cryptography for mobile-commerce environments. J. Syst. Software, 82(9):1497–1502. [doi:10.1016/j.jss.2009.03.075]

    Article  Google Scholar 

  • Yoon, E.J., Yoo, K.Y., 2008. Improving the novel three-party encrypted key exchange protocol. Comput. Stand. Interf., 30(5):309–314. [doi:10.1016/j.csi.2007.08.018]

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Information Management, National Taiwan University of Science and Technology, Taiwan, 106, Taipei

    Chih-ho Chou & Tzong-chen Wu

  2. Department of Management Information Systems, Hwa Hsia Institute of Technology, Taiwan, 235, New Taipei

    Kuo-yu Tsai

  3. Department of Information Management, National Dong Hwa University, Taiwan, 974, Hualien

    Kuo-hui Yeh

Authors
  1. Chih-ho Chou
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Kuo-yu Tsai
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Tzong-chen Wu
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Kuo-hui Yeh
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Kuo-yu Tsai.

Additional information

Project (Nos. 101-2218-E-011-001, 100-2218-E-259-004-MY2, and 101-2219-E-011-004) partially supported by the Taiwan Information Security Center (TWISC), National Science Council (NSC), Taiwan

Rights and permissions

Reprints and permissions

About this article

Cite this article

Chou, Ch., Tsai, Ky., Wu, Tc. et al. Efficient and secure three-party authenticated key exchange protocol for mobile environments. J. Zhejiang Univ. - Sci. C 14, 347–355 (2013). https://doi.org/10.1631/jzus.C1200273

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1631/jzus.C1200273

Key words

CLC number

Search

Navigation