A pairing‐free certificateless authenticated key agreement protocol

Many certificateless two‐party authenticated key agreement schemes using bilinear pairings have been proposed. But the relative computation cost of the pairing is approximately twenty times higher than that of the scalar multiplication over elliptic curve group In order to improve the performance we propose a certificateless two‐party authenticated key agreement scheme without bilinear pairings in this paper. A security proof under random oracle model is also provided. Copyright © 2011 John Wiley & Sons, Ltd.     

Two-factor authenticated key agreement protocol based on biometric feature and password

A new two-factor authenticated key agreement protocol based on biometric feature and password was proposed.The protocol took advantages of the user’s biological information and password to achieve the secure communication without bringing the smart card.The biometric feature was not stored in the server by using the fuzzy extractor technique,so the sensitive information of the user cannot be leaked when the server was corrupted.The authentication messages of the user were protected by the server’s public key,so the protocol can resist the off-line dictionary attack which often appears in the authentication protocols based on password.The security of the proposed protocol was given in the random oracle model provided the elliptic computational Diffie-Hellman assumption holds.The performance analysis shows the proposed protocol has better security.     

一种多方可认证密钥协商方案的分析与改进

在无证书公钥密码体制下对一种多方可认证密钥协商方案进行了分析,指出该方案无法抵抗合法用户的扮演攻击和口令偶尔泄露导致的危机。分析了该方案存在漏洞的原因,并在此基础上给出一个改进的密钥协商方案。新方案引入密钥种子和口令进化机制解决了上述问题,同时消除了冗余消息,降低了用户占用的带宽。分析表明新方案的安全性更强。     

一种新的无证书可认证多方密钥协商协议

Joux提出的三方密钥协商方案虽然简洁、高效,但不能抵抗中间人攻击。基于无证书公钥密码体制,提出一种新的无证书可认证多方密钥协商方案,新方案将Joux的三方协议拓展至多方,并且具有认证功能。由于新方案中所用的签名为短签名,所以整个认证过程计算效率较高,另外,新方案还具有简单证书管理、无密钥托管的优点,新方案满足无密钥控制、抗中间人的主动攻击、前向安全性和抗密钥泄露伪装攻击等多种安全特性。     

An enhanced anonymous identity‐based key agreement protocol for smart grid advanced metering infrastructure

Sprouting populace mass within the urban areas furnishes critical challenges of providing uninterruptible community services to fulfill the primitive needs of inhabitants in smart cities. Smart cities facilitate and uplift the living standards of inhabitants through various smart systems or infrastructures, and smart grid is one of them. Secure transmission is a key requirement in the advanced metering infrastructure (AMI) of most smart grids, and key establishment cryptographic protocols can be used to achieve such a requirement. Designing efficient and secure key establishment protocols for AMI remains challenging. For example, in this paper, we reveal several weaknesses in the identity‐based key establishment protocol of Mohammadali et al (published in IEEE Trans Smart Grid, 2017), which is based on elliptic curves. We then improve their protocol and prove its security in the random oracle model. We also demonstrate that the improved protocol achieves both anonymity and untraceability, before presenting a comparative summary of the security and computational overheads of the proposed protocol and several other existing protocols.     

Cryptanalysis of an identity‐based authenticated key exchange protocol

Authenticated key exchange protocols represent an important cryptographic mechanism that enables several parties to communicate securely over an open network. Elashry, Mu, and Susilo proposed an identity‐based authenticated key exchange (IBAKE) protocol where different parties establish secure communication by means of their public identities.The authors also introduced a new security notion for IBAKE protocols called resiliency, that is, if the secret shared key is compromised, the entities can generate another shared secret key without establishing a new session between them. They then claimed that their IBAKE protocol satisfies this security notion. We analyze the security of their protocol and prove that it has a major security flaw, which renders it insecure against an impersonation attack. We also disprove the resiliency property of their scheme by proposing an attack where an adversary can compute any shared secret key if just one secret bit is leaked.     

无证书的层次认证密钥协商协议

提出了一种无证书的层次认证密钥协商协议,协议的安全性基于计算性Diffie-Hellman困难假设,并在eCK（extended Canetti–Krawczyk）模型下证明了该协议的安全性。该协议中,根PKG为多层的域PKG验证身份并生成部分私钥,域PKG为用户验证身份并生成部分私钥,私钥则由用户选定的秘密值和部分私钥共同生成。与已有协议相比,协议不含双线性映射配对运算,且具有较高的效率。     

An ID‐based mutual authentication with key agreement protocol for multiserver environment on elliptic curve cryptosystem

Mutual authentication is used to validate the legitimacy of a remote login user and a server. Conventional user authentication protocols are suited to solve the privacy and security problems for the single client/server architecture environment. However, the use of computer networks and information technology has grown spectacularly. More and more network architectures are used in multi‐server environments. Recently, several authentication schemes for multi‐server environments have been proposed. However, the performance of these schemes is not suitable for applications. To improve the performance, we propose a new ID‐based mutual authentication protocols for multi‐server environment without bilinear pairings. We also show that the proposed scheme is provable secure in the random oracle model. Copyright © 2012 John Wiley & Sons, Ltd.     

An efficient pairing‐free identity‐based authenticated group key agreement protocol

An authenticated group key agreement protocol allows participants to agree on a group key that will be subsequently used to provide secure group communication over an insecure network. In this paper, we give a security analysis on a pairing‐free identity‐based authenticated group key agreement because of Islam et al. We show that the protocol of Islam et al. cannot satisfy the minimal security requirements of the key agreement protocols. We propose an efficient pairing‐free identity‐based authenticated group key agreement for imbalanced mobile network. The proposed protocol can be implemented easily for practical application in mobile networks as it is free from bilinear. Under the difficulty of the InvCDH and CDH we demonstrate that the proposed protocol provides perfect forward secrecy, implicit key authentication and the dynamic functionality. As compared with the group key agreement protocols for imbalanced mobile network, the proposed protocol provides stronger security properties and high efficiency. Copyright © 2013 John Wiley & Sons, Ltd.     

An efficient chaos‐based 2‐party key agreement protocol with provable security

Key agreement protocol is an important cryptographic primitive, which allows 2 parties to establish a secure session in an open network environment. A various of key agreement protocols were proposed. Nowadays, there still exists some other security flaws waiting to be solved. Owing to reduce the computational and communication costs and improve the security, chaotic map has been studied in‐depth and treated as a good solution. Recently, Liu et al proposed a chaos‐based 2‐party key agreement protocol and demonstrated that it can defend denial‐of‐service attack and replay attack. We found, however, it cannot resist off‐line password‐guessing attack, and it also has some other security flaws. In this paper, we propose an improved chaos‐based 2‐party key agreement protocol. The results prove that the protocol can solve the threats of off‐line password‐guessing attack and other security flaws in the security proof section. What is more, performance analysis shows that the computational cost of the improved protocol is lower than Liu et al protocol.     

Strongly secure ID‐based authenticated key agreement protocol for mobile multi‐server environments

To provide mutual authentication and communication confidentiality between mobile clients and servers, numerous identity‐based authenticated key agreement (ID‐AKA) protocols were proposed to authenticate each other while constructing a common session key. In most of the existing ID‐AKA protocols, ephemeral secrets (random values) are involved in the computations of the common session key between mobile client and server. Thus, these ID‐AKA protocols might become vulnerable because of the ephemeral‐secret‐leakage (ESL) attacks in the sense that if the involved ephemeral secrets are compromised, an adversary could compute session keys and reveal the private keys of participants in an AKA protocol. Very recently, 2 ID‐AKA protocols were proposed to withstand the ESL attacks. One of them is suitable for single server environment and requires no pairing operations on the mobile client side. The other one fits multi‐server environments, but requires 2 expensive pairing operations. In this article, we present a strongly secure ID‐AKA protocol resisting ESL attacks under mobile multi‐server environments. By performance analysis and comparisons, we demonstrate that our protocol requires the lowest communication overhead, does not require any pairing operations, and is well suitable for mobile devices with limited computing capability. For security analysis, our protocol is provably secure under the computational Diffie‐Hellman assumption in the random oracle model.     

AN IMPROVED AUTHENTICATED KEY AGREEMENT PROTOCOL

In 1999, Seo and Sweeney proposed a simple authenticated key agreement protocol that was designed to act as a Diffie-Hellman key agreement protocol with user authentication. Various attacks on this protocol are described and enhanced in the literature. Recently, Ku and Wang proposed an improved authenticated key agreement protocol, where they asserted the protocol could withstand the existing attacks. This paper shows that Ku and Wang＇s protocol is still vulnerable to the modification attack and presents an improved authenticated key agreement protocol to enhance the security of Ku and Wang＇s protocol. The protocol has more efficient performance by replacing exponentiation operations with message authentication code operations.     

A privacy‐preserving biometrics based authenticated key agreement scheme using ECC

To ensure secure communication over the insecure public network, this work presents a privacy‐preserving biometrics‐based authenticated key agreement scheme using elliptic curve cryptography, making full use of the advantages that the biometrics can be used to uniquely identify a particular human, and the elliptic curve cryptography can provide the same level security with far less key size compared with other public key cryptography. The proposed scheme realizes the mutual authentication of participants, session key agreement, and various security properties and also can resist kinds of known attacks. Moreover, the proposed scheme has perfect user experience in the aspect of changing password by not interacting with the server. In addition, the security features of our new designed scheme are formally proved under the widely used BPR adversary model. Therefore, from the viewpoint of the authors, the proposed scheme can be considered as the authenticated key agreement scheme for mobile users.     

A short ID‐based proxy signature scheme

The notion of identity‐based proxy signature with message recovery feature has been proposed to shorten identity‐based proxy signatures and improve their communication overhead because signed messages are not transmitted with these kinds of signatures. There are a few schemes for this notion: the schemes of Singh and Verma and Yoon et al. Unfortunately, Tian et al., by presenting two forgery attacks, show that Singh and Verma scheme is not secure, and also, the scheme of Yoon et al. does not support provable security. The contributions of this paper are twofold. First, we review the scheme by Yoon et al. and discuss why it does not have message recovery property, and consequently, it is not short. Second, we propose a short identity‐based proxy signature scheme with the help of message recovery property and show that it is secure under computational Diffie–Hellman assumption in the random oracle model. Furthermore, our scheme is more efficient than (as efficient as) previous identity‐based proxy signatures. Copyright © 2014 John Wiley & Sons, Ltd.     

A chaotic map‐based anonymous multi‐server authenticated key agreement protocol using smart card

Authenticated key agreement protocols play an important role for network‐connected servers to authenticate remote users in Internet environment. In recent years, several authenticated key agreement protocols for single‐server environment have been developed based on chaotic maps. In modern societies, people usually have to access multiple websites or enterprise servers to accomplish their daily personal matters or duties on work; therefore, how to increase user's convenience by offering multi‐server authentication protocol becomes a practical research topic. In this study, a novel chaotic map‐based anonymous multi‐server authenticated key agreement protocol using smart card is proposed. In this protocol, a legal user can access multiple servers using only a single secret key obtained from a trusted third party, known as the registration center. Security analysis shows this protocol is secure against well‐known attacks. In addition, protocol efficiency analysis is conducted by comparing the proposed protocol with two recently proposed schemes in terms of computational cost during one authentication session. We have shown that the proposed protocol is twice faster than the one proposed by Khan and He while preserving the same security properties as their protocol has. Copyright © 2014 John Wiley & Sons, Ltd.     

MaTRU‐KE revisited: CCA2‐secure key establishment protocol based on MaTRU

Quantum attack–resistant cryptosystems are required for secure communication since there is a big demand to have quantum computers. Lattice‐based cryptography is one of the quantum‐secure families due to its key/ciphertext sizes and performance. NTRU‐based cryptosystems, a member of lattice‐based cryptosystems, have received much more attention. MaTRU, a noncommutative version of NTRU with some matrix properties, is used to obtain a key exchange protocol in 2018. In this paper, we focus on MaTRU‐based key exchange protocols having CCA2 properties. We propose CCA2‐secure versions of MaTRU‐KE and then provide a security analysis of CCA2‐secure key establishment protocols. We also provide a comparison with the previous ones.     

支持用户撤销的属性认证密钥协商协议

用户撤销是基于属性的认证密钥协商(ABAKA, attribute-based authenticated key agreement)协议在实际应用中所必需解决的问题。通过将Waters的基于属性的加密方案和Boneh-Gentry-Waters的广播加密方案相结合,提出了一个支持用户撤销的ABAKA协议。该协议能够实现对用户的即时撤销且不需要密钥权威对所有未被撤销的用户私钥进行定期更新。相比于现有的协议,该协议具有较高的通信效率,并能够在标准模型和修改的ABCK模型下可证安全,具有弱的完美前向安全性,并能够抵抗密钥泄露伪装攻击。     

基于身份的认证密钥协商协议

密钥协商协议应该在满足安全性的条件下,使实现协议所需的计算开销尽可能小。文中提出了一个基于身份的认证密钥协商协议BAKAP(ID-Based Authenticated Key Agreement Protocol)。该协议提供了已知密钥安全性、完善前向保密性、密钥泄露安全性、未知密钥共享安全性和密钥控制安全性。在该协议中,参与者只需执行两次椭圆曲线点乘法和一次双线性运算。该协议与已有协议相比,计算代价小。     

一种自证明身份密钥协商协议的研究

针对Diffie-Hellman密钥协商协议易受中间人（man in the middle）攻击的问题，提出了一种自证明身份的密钥协商协议，阐述了密钥交换原理，分析了其安全性和实现的关键技术。该协议将RSA与离散对数相结合，使通信双方在不需对方公开密钥证书，不需数字签名，也不需密钥分配中心（KDC）的条件下进行双向身份认证，并同时产生共享的会话密钥，具有一定实用价值。     

A provably secure biometrics and ECC‐based authentication and key agreement scheme for WSNs

Wireless sensor networks (WSNs) underpin many applications of the Internet of Things (IoT), ranging from smart cities to unmanned surveillance and others. Efficient user authentication in WSNs, particularly in settings with diverse IoT device configurations and specifications (eg, resource‐constrained IoT devices) and difficult physical conditions (eg, physical disaster area and adversarial environment such as battlefields), remains challenging, both in research and in practice. Here, we put forth a user anonymous authentication scheme, relying on both biometrics and elliptic curve cryptography, to establish desired security features like forward and backward secrecy. We then make use of the Random‐or‐Real (RoR) model to prove the security of our scheme. We have implemented the proposed scheme in an environment compatible with WSNs. We show after conducting the comparison of the proposed scheme with some recent and related existent schemes that it satisfies various essential and desirable security attributes of a WSN environment. We conclude that the proposed scheme is suitable for the WSN scenario demanding high security.