An efficient certificateless user authentication and key exchange protocol for client-server environment (original) (raw)
Related papers
A Secure and Efficient Key Agreement Protocol Based on Certificateless Cryptography
International Journal of Intelligent Computing Research, 2012
Almost all the certificateless two-party authenticated key agreement (CTAKA) protocols found in the literature, suffer either serious security problems or inefficient performance that involves high computational costs. In this paper, we design a secure and efficient CTAKA protocol. Within the proposed CTAKA protocol, the KGC publishes the public keys of the users in a public directory (LDAP server) that has a certificate to prove its identity to the users. The LDAP certificate is the only existing certificate within the scheme. Both the two communicating parties are able to compute a common secret per session key using a secure generated random number. The protocol is fully secure against type 1 attack and fully secure against type 2 attacks under the assumptions that the KGC is an honest party and each party within the network has the full capability to keep its secret values safe. Moreover, the setup of the protocol does not include pairings and the whole key agreement process requires only four point scalar multiplications, two point additions, one hash function evaluation and one message exchange.
Recently, Chou et al. (J Supercomput 66(2): 973–988, 2013) proposed two identity-based key exchange protocols using elliptic curves for mobile environments. The first one is an two-party authentication key exchange protocol to establish a session key between a client and a remote server. The second one is an extended version for three-party setting to establish a session key between two clients with the help of a trusted server. However, this paper finds the first one vulnerable to impersonation attack and key-compromise impersonation attack, and the second one insecure against impersonation attack. To overcome the weaknesses, we propose an improved identity-based two-party authentication key exchange protocol using elliptic curves. The rigorous analysis shows that our scheme achieves more security than related protocols.
An enhanced certificateless authenticated key agreement protocol
13th International Conference on Advanced Communication Technology (ICACT2011), 2011
Authenticated key agreement protocol is used to share a secret key for encrypting data being transferred between two or more parties over a public network. An implementation of this protocol is the certificateless key agreement which utilizes the features of the identity-based public key cryptography and the traditional public key infrastructure. This implementation can produce multiple public keys for a corresponding private key. In this paper, an alternative key generation technique is proposed for certificateless public key cryptography in order to have one public key for one private key. This will improve the security features of the relevant key generation. Furthermore, the efficiency of the proposed protocol is presented in terms of computational operation. The comparison analysis shows that the proposed protocol conveys better efficiency with all the known security attributes compared to the existing protocols.
An efficient user authentication and key exchange protocol for mobile client–server environment
Computer Networks, 2010
Considering the low-power computing capability of mobile devices, the security scheme design is a nontrivial challenge. The identity (ID)-based public-key system with bilinear pairings defined on elliptic curves offers a flexible approach to achieve simplifying the certificate management. In the past, many user authentication schemes with bilinear pairings have been proposed. In 2009, Goriparthi et al. also proposed a new user authentication scheme for mobile client-server environment. However, these schemes do not provide mutual authentication and key exchange between the client and the server that are necessary for mobile wireless networks. In this paper, we present a new user authentication and key exchange protocol using bilinear pairings for mobile client-server environment. As compared with the recently proposed pairing-based user authentication schemes, our protocol provides both mutual authentication and key exchange. Performance analysis is made to show that our presented protocol is well suited for mobile client-server environment. Security analysis is given to demonstrate that our proposed protocol is provably secure against previous attacks.
Certificateless Public Key cryptosystems For Mobile Ad hoc Networks
Due to importance of security in many critical applications in Mobile Adhoc Networks (MANETs) and the limitation of the resources in mobile devices, it is important to have secure lightweight cryptosystem. The easier key management and less overhead of transmitting processes make Public Key Cryptosystems (PKC) suitable for MANETs. Obviously, the main issue regarding to the use of PKC is to ensure about the authenticity of users’ public key. However, complex management of Public Key Infrastructure in Traditional PKC and Key Escrow problem of Identity Based ones led to emphasize on the use of Certificateless PKC. In this research, beside of a Certificateless Public Key management scheme, a public key authentication schemes named IDRSA and two improved version of that named ClessRSA and EIDRSA have been investigated. In order to compare mentioned works, a standard format is given to investigate mentioned schemes based on the same notations and assumptions. Beside of mathematical comparison, the growth rate of computational expense for the particular part of mentioned schemes as a function of the number of requests is visualized. The results indicate that EIDRSA schemes has lower computational expense in compare with other existing ones because of eliminating Bilinear Pairing operation.
A Secure Mobile Banking Scheme based on Certificateless Cryptography in the Standard Security Model
International Journal of Computer Applications, 2013
Providing the security services (authenticity, integrity, confidentiality and non-repudiation) all together in mobile banking has remained a problematic issue for both banks and their customers. Both the public key infrastructure (PKI) and the identity-based public key cryptography (IB-PKC) which have been thought to provide solutions to these security services, have their own limitations. While the PKI suffers the scalability and certificate management problems, the identity-based cryptography suffers the key escrow problem. This paper proposes a secure web-based mobile banking scheme using certificateless public key cryptography. Within this scheme, the key generating center(KGC) has an offline connection with a public directory server. Both of the client and the bank's web-server use the identities of each other to obtain the public key of each from the KGC's public directory server. Then, each party computes an authenticated per-session shared secret symmetric key. By using this shared secret key the client can encrypt his username and password to access his banking account and carry out signed banking transactions. As a result, the proposed scheme is secure in the standard model and provides authentication, confidentiality, integrity and nonrepudiation. Moreover, the scheme is secure against known key attack, resilient against unknown key share and key-compromise impersonation, and secure against weak perfect forward secrecy.
An efficient certificateless authenticated key agreement scheme
IACR Cryptology ePrint Archive, 2011
Due to avoiding the key escrow problem in the identity-based cryptosystem, certificateless public key cryptosystem (CLPKC) has received a significant attention. As an important part of the CLPKC, the certificateless authenticated key agreement (CLAKA) protocol also received considerable attention. Most CLAKA protocols are built from bilinear mappings on elliptic curves which need costly operations. To improve the performance, several pairing-free CLAKA protocols have been proposed. In this paper we propose a new pairing-free CLAKA protocol. Compared with the related protocols our protocol has better performance. We also show our protocol is provably secure in a very strong security model, i.e. the extended Canetti-Krawczyk (eCK) model.
A New Provably Secure Authentication and Key Agreement Mechanism for SIP Using Certificateless
The session initiation protocol (SIP) is considered as the dominant signaling protocol for calls over the internet. However, SIP authentication typically uses HTTP digest authentication, which is vulnerable to many forms of known attacks. This paper proposes a new secure authentication and key agreement mechanism based on certificateless public-key cryptography, named as SAKA, between two previously unknown parties, which provides stronger security assurances for SIP authentication and media stream, and is provably secure in the CK security model. Due to using certificateless public key cryptography, SAKA effectively avoids the requirement of a large Public Key Infrastructure and conquers the key escrow problem in previous schemes.
An Integrated Public Key Infrastructure Model Based on Certificateless Cryptography
In this paper an integrated Certificateless Public Key Infrastructure (CLPKI) that focuses on key management issues is proposed. The proposed scheme provides two-factor private key authentication to protect the private key in case of device theft or compromise. The private key in the proposed scheme is not stored in the device, but rather it is calculated every time the user needs it. It depends also on a user’s chosen password and then even if the device is stolen, the attacker cannot get the private key because he/she does not know the user’s secret password. The proposed model provides many other key management features like private key recovery, private key portability and private key archiving. https://sites.google.com/site/ijcsis/
Multimedia Tools and Applications, 2015
The authenticated key agreement (AKA) protocol is an important cryptographic mechanism, which allows two users to establish a session key for future communication. Recently, the certificateless public key cryptography received wide attention since it could solve the certificate management problem in the traditional public key cryptography and solve the key escrow problem in the identity-based public key cryptography. In this paper, we present a strongly secure certificateless authenticated key agreement (CLAKA) protocol without pairing suitable for smart media and mobile environments, which is provably secure in the extended Canetti-Krawczyk (eCK) model and is secure as long as each party has at least one uncompromised secret. Compared with previous CLAKA protocols, our protocol has advantages over them in security or efficiency.