Strongly secure <scp>ID</scp>‐based authenticated key agreement protocol for mobile multi‐server environments

Tseng, Yuh‐Min; Huang, Sen Shan; You, Meng Lin

doi:10.1002/dac.3251

Cited by 15 publications

(13 citation statements)

References 40 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The proposed protocol employs Tseng et al's ESL-secure ID-AKE protocol [7] against ESL attacks. The proposed protocol keeps all of the merits of KTAP regarding security including the authentication server is able to monitor the communication messages to prevent and trace network crime and solves the problems of KTAP in which the session key is only created by the authentication server.…”

Section: Resultsmentioning

confidence: 99%

“…The proposed protocol adopted Tseng et al's ESL-secure ID-AKE protocol [7] to achieve the client-to-server authentication. The authentication server S authenticates the client A and the application server B by checking whetherê(P,…”

Section: Security Analysismentioning

confidence: 99%

“…This phenomenon is called Ephemeral Secret Leakage (ESL) attacks. To solve this security vulnerability, Tseng et al [7] proposed the first ESL-secure ID-based Authenticated Key Exchange (ID-AKE) protocol for mobile client-server environments.…”

Section: Introductionmentioning

confidence: 99%

“…Otherwise, using the authentication server public keys and the symmetric cryptosystems for the user authentication requires expensive computation, which is not applicable to mobile devices with limited computing capability. This paper improved Tseng et al's scheme [7], to propose an ESL-secure ID-based three-party AKA protocol which is more suitable for mobile distributed computing environments. The proposed protocol adopts imbalanced computation to shift the computational burden to the powerful server and an online/offline computation technique to further reduce the computational cost required for mobile devices.…”

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

Ephemeral-Secret-Leakage Secure ID-Based Three-Party Authenticated Key Agreement Protocol for Mobile Distributed Computing Environments

et al. 2018

View full text Add to dashboard Cite

Abstract:A three-party Authenticated Key Agreement (AKA) protocol in the distributed computing environment is a client that requests services from an application server through an authentication server. The authentication server is responsible for authenticating the participating entities and helping them to construct a common session key. Adopting the Key Transfer Authentication Protocol (KTAP) in such an environment, the authentication server is able to monitor the communication messages to prevent and trace network crime. However, the session key in the KTAP setting is created only by the authentication server and is vulnerable to the resilience of key control. On the other hand, with the rapid growth of network technologies, mobile devices are widely used by people to access servers in the Internet. Many AKA protocols for mobile devices have been proposed, however, most protocols are vulnerable to Ephemeral Secret Leakage (ESL) attacks which compromise the private keys of clients and the session key by an adversary from eavesdropped messages. This paper proposes a novel ESL-secure ID-based three-party AKA protocol for mobile distributed computing environments based on ESL-secure ID-based Authenticated Key Exchange (ID-AKE) protocol. The proposed protocol solves the key control problem in KTAP while retaining the advantages of preventing and tracing network crime in KTAP and also resists ESL attacks. The AVISPA tool simulation results confirm the correctness of the protocol security analysis. Furthermore, we present a parallel version of the proposed ESL-secure ID-based three-party AKA protocol that is communication-efficient.

show abstract

Section: Resultsmentioning

confidence: 99%

Section: Security Analysismentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Ephemeral-Secret-Leakage Secure ID-Based Three-Party Authenticated Key Agreement Protocol for Mobile Distributed Computing Environments

et al. 2018

View full text Add to dashboard Cite

show abstract

“…They showed that their protocol is secure in random oracle model and performance of their protocol is suitable for applications. In this line, Tseng et al, in the year 2016, proposed a strongly secure key exchange protocol which is suitable for the multiserver environment. Their protocol is also secure against ephemeral secret leakage (ESL) attack.…”

Section: Literature Surveymentioning

confidence: 99%

An ECC‐based authenticated group key exchange protocol in IBE framework

Gupta

2017

Int J Communication

View full text Add to dashboard Cite

With the rapid demand for various increasing applications, the internet users require a common secret key to communicate among a group. The traditional key exchange protocols involve a trusted key generation center for generation and distribution of the group key among the various group members. Therefore, the establishment of a trusted key generation center server and the generation (and distribution) of common session key require an extra overhead. To avoid this difficulty, a number of group key exchange protocols have been proposed in the literature. However, these protocols are vulnerable to many attacks and have a high computational and communication cost. In this paper, we present an elliptic curve cryptography-based authenticated group key exchange (ECC-AGKE) protocol, which provides better security and has lower computational cost compared to related proposed schemes. Further, a complexity reduction method is deployed to reduce the overall complexity of the proposed elliptic curve cryptography-based authenticated group key exchange protocol. The security of proposed work is ensured by the properties of elliptic curves. A security adversarial model is given and an extensive formal security analysis against our claim is done in the random oracle model. We also made a comparison of our proposed protocol with similar works and found that ours have better complexity, security and efficiency over others. KEYWORDSauthentication, bilinear pairing, elliptic curve cryptography, group key exchange, secure communication to negotiate a common session key to secure their communication on a public network. The formal definition of key exchange protocol is given below: Definition 1.1. (Key negotiation technique): Suppose there are N-end users, namely, U 1 , U 2 … U N . These end users are willing to generate a common secret key K for securing the network communications among them. Each participating user {U i , i = 1, 2, … N} generates his key-related message, say {m i , i = 1, 2, … N} using some security parameter n and exchanges this message among themselves. Using these key-related messages m i , each Int J Commun Syst. 2017;30:e3363.wileyonlinelibrary.com/journal/dac

show abstract

Efficient and Anonymous Mutual Authentication Protocol in Multi‐Access Edge Computing (MEC) Environments

Kumar¹,

Liyanage²

2019

IoT Security

View full text Add to dashboard Cite

Strongly secure ID‐based authenticated key agreement protocol for mobile multi‐server environments

Cited by 15 publications

References 40 publications

Ephemeral-Secret-Leakage Secure ID-Based Three-Party Authenticated Key Agreement Protocol for Mobile Distributed Computing Environments

Ephemeral-Secret-Leakage Secure ID-Based Three-Party Authenticated Key Agreement Protocol for Mobile Distributed Computing Environments

An ECC‐based authenticated group key exchange protocol in IBE framework

Efficient and Anonymous Mutual Authentication Protocol in Multi‐Access Edge Computing (MEC) Environments

Contact Info

Product

Resources

About