Three weaknesses in a simple three-party key exchange protocol

Chung, Hao-Rung; Ku, Wei-Chi

doi:10.1016/j.ins.2007.08.004

Cited by 65 publications

(45 citation statements)

References 16 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Actually, many previous cryptographic schemes containing only informal arguments for security were subsequently shown to be insecure, e.g. [33][34][35][36][37]. Therefore, based on the results listed in the table, we conclude that our scheme is more practical than the related schemes for the users of mobile devices.…”

Section: Instantiationmentioning

confidence: 71%

Strong Authentication Scheme for Telecare Medicine Information Systems

Wang

Zhao

2011

J Med Syst

View full text Add to dashboard Cite

The telecare medicine information system enables or supports health-care delivery services. A secure authentication scheme will thus be needed to safeguard data integrity, confidentiality, and availability. In this paper, we propose a generic construction of smart-card-based password authentication protocol and prove its security. The proposed framework is superior to previous schemes in three following aspects : (1) our scheme is a true two-factor authentication scheme. (2) our scheme can yield a forward secure two-factor authentication scheme with user anonymity when appropriately instantiated. (3) our scheme utilizes each user's unique identity to accomplish the user authentication and does not need to store or verify others's certificates. And yet, our scheme is still reasonably efficient and can yield such a concrete scheme that is even more efficient than previous schemes. Therefore the end result is more practical for the telecare medicine system.

show abstract

Section: Instantiationmentioning

confidence: 71%

Strong Authentication Scheme for Telecare Medicine Information Systems

Wang

Zhao

2011

J Med Syst

View full text Add to dashboard Cite

show abstract

“…It helps in maintaining a secure link by using a common session key for specific communication. Schemes [5][6][7] discuss secure session key establishment between participants but later [8][9][10] identified that these plans are vulnerable to man-in-the-middle attack and undetectable online and offline dictionary attacks for guessing passwords. ECC-based schemes are also explored to evaluate the applicability of efficient solutions with desired security strengths using small key sizes as compared to preliminaries.…”

Section: Introductionmentioning

confidence: 99%

Secure Authentication and Prescription Safety Protocol for Telecare Health Services Using Ubiquitous IoT

et al. 2017

View full text Add to dashboard Cite

Internet-of-Things (IoT) include a large number of devices that can communicate across different networks. Cyber-Physical Systems (CPS) also includes a number of devices connected to the internet where wearable devices are also included. Both systems enable researchers to develop healthcare systems with additional intelligence as well as prediction capabilities both for lifestyle and in hospitals. It offers as much persistence as a platform to ubiquitous healthcare by using wearable sensors to transfer the information over servers, smartphones, and other smart devices in the Telecare Medical Information System (TMIS). Security is a challenging issue in TMIS, and resourceful access to health care services requires user verification and confidentiality. Existing schemes lack in ensuring reliable prescription safety along with authentication. This research presents a Secure Authentication and Prescription Safety (SAPS) protocol to ensure secure communication between the patient, doctor/nurse, and the trusted server. The proposed procedure relies upon the efficient elliptic curve cryptosystem which can generate a symmetric secure key to ensure secure data exchange between patients and physicians after successful authentication of participants individually. A trusted server is involved for mutual authentication between parties and then generates a common key after completing the validation process. Moreover, the scheme is verified by doing formal modeling using Rubin Logic and validated using simulations in NS-2.35. We have analyzed the SAPS against security attacks, and then performance analysis is elucidated. Results prove the dominance of SAPS over preliminaries regarding mutual authentication, message integrity, freshness, and session key management and attack prevention.

show abstract

“…A number of three-party PAKE protocols have been proposed over the last decade [2,3,5,6,[11][12][13][14][15][16][17][18][19][20][21][22][23][24][25]. Many of these protocols have never been proven secure in any model [3,13,[17][18][19][20][21] and/or have been found to be vulnerable to some attack(s) [2,3,5,6,8,[18][19][20]23,[26][27][28][29][30][31][32].…”

Section: Introductionmentioning

confidence: 99%

“…Many of these protocols have never been proven secure in any model [3,13,[17][18][19][20][21] and/or have been found to be vulnerable to some attack(s) [2,3,5,6,8,[18][19][20]23,[26][27][28][29][30][31][32]. Some protocols [2,11,12,15,23,24] have been proven secure only in a restricted model, in which the adversary is not allowed to corrupt protocol participants, and thus, no attacks by malicious clients can be captured.…”

Section: Introductionmentioning

confidence: 99%

Two-Round Password-Only Authenticated Key Exchange in the Three-Party Setting

et al. 2015

View full text Add to dashboard Cite

We present the first provably-secure three-party password-only authenticated key exchange (PAKE) protocol that can run in only two communication rounds. Our protocol is generic in the sense that it can be constructed from any two-party PAKE protocol. The protocol is proven secure in a variant of the widely-accepted model of Bellare, Pointcheval and Rogaway (2000) without any idealized assumptions on the cryptographic primitives used. We also investigate the security of the two-round, three-party PAKE protocol of Wang, Hu and Li (2010) and demonstrate that this protocol cannot achieve implicit key authentication in the presence of an active adversary.

show abstract

Three weaknesses in a simple three-party key exchange protocol

Cited by 65 publications

References 16 publications

Strong Authentication Scheme for Telecare Medicine Information Systems

Strong Authentication Scheme for Telecare Medicine Information Systems

Secure Authentication and Prescription Safety Protocol for Telecare Health Services Using Ubiquitous IoT

Two-Round Password-Only Authenticated Key Exchange in the Three-Party Setting

Contact Info

Product

Resources

About