Article: Three-party password-based authenticated key exchange protocol based on the computational Diffie-Hellman assumption Journal: International Journal of Communication Networks and Distributed Systems (IJCNDS) 2018 Vol.21 No.4 pp.560 - 581 Abstract: The three-party password-based authenticated key exchange protocol gives two clients the ability to negotiate a session key through a trusted server over a public channel. Most of the proposed 3PAKE protocols use public keys to guarantee identities; however, the sharing of public keys may lead to various types of attacks, such as a man-in-the-middle attack, which allows an attacker to simply intercept and insert traffic traversing a network. In this paper, we briefly describe an updated three-party password-based authenticated key exchange protocol and analyse its security. The proposed TPAKE protocol does not share plain-text data. Data shared between the parties are either hashed or encrypted. Using the random oracle model, the security of the proposed TPAKE protocol is formally proven under the computational Diffie-Hillman assumption. Furthermore, the analyses included in this paper show that our protocol can ensure perfect forward secrecy and can also resist many types of common attacks. Inderscience Publishers - linking academia, business and industry through research

Title: Three-party password-based authenticated key exchange protocol based on the computational Diffie-Hellman assumption

Authors: Aqeel Sahi; David Lai; Yan Li

Addresses: Faculty of Health, Engineering and Sciences, Department of Math and Computing, University of Southern Queensland, 487/521-535 West St, Darling Heights, QLD 4350, Australia; Computer Center, University of Thi-Qar, Iraq ' Faculty of Health, Engineering and Sciences, Department of Math and Computing, University of Southern Queensland, 487/521-535 West St, Darling Heights, QLD 4350, Australia ' Faculty of Health, Engineering and Sciences, Department of Math and Computing, University of Southern Queensland, 487/521-535 West St, Darling Heights, QLD 4350, Australia

Abstract: The three-party password-based authenticated key exchange protocol gives two clients the ability to negotiate a session key through a trusted server over a public channel. Most of the proposed 3PAKE protocols use public keys to guarantee identities; however, the sharing of public keys may lead to various types of attacks, such as a man-in-the-middle attack, which allows an attacker to simply intercept and insert traffic traversing a network. In this paper, we briefly describe an updated three-party password-based authenticated key exchange protocol and analyse its security. The proposed TPAKE protocol does not share plain-text data. Data shared between the parties are either hashed or encrypted. Using the random oracle model, the security of the proposed TPAKE protocol is formally proven under the computational Diffie-Hillman assumption. Furthermore, the analyses included in this paper show that our protocol can ensure perfect forward secrecy and can also resist many types of common attacks.

Keywords: authentication; cryptography; key exchange protocols; password-based; three-party; Diffie-Hellman; 2PAKE protocols; 3PAKE protocols; random oracle model; communication networks; distributed systems.

DOI: 10.1504/IJCNDS.2018.095373

International Journal of Communication Networks and Distributed Systems, 2018 Vol.21 No.4, pp.560 - 581

Received: 10 Jun 2017
Accepted: 13 Feb 2018
Published online: 03 Oct 2018 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article

Title: Three-party password-based authenticated key exchange protocol based on the computational Diffie-Hellman assumption

Keep up-to-date