A novel ID-based authentication and key exchange protocol resistant to ephemeral-secret-leakage attacks for mobile devices

Yuh Min Tseng, Sen Shan Huang, Tung Tso Tsai, Li Tseng

Research output: Contribution to journalArticle

8 Citations (Scopus)

Abstract

With the rapid development in wireless communications and cloud computing technologies, clients (users) often use handheld mobile devices to access remote servers via open network channels. To provide authentication and confidentiality between clients and servers, a large number of ID-based authentication and key exchange (ID-AKE) protocols have been proposed for mobile client-server environments. However, most of the existing ID-AKE protocols adopt the precomputation technique so that they become vulnerable to the ephemeral-secret-leakage (ESL) attacks, in the sense that an adversary could use the ephemeral secrets to reveal the private keys of clients from the corresponding exchange messages. In the paper, we propose a new ESL-secure ID-AKE protocol for mobile client-server environments. We formally prove that the proposed protocol satisfies the security requirements of both mutual authentication and key exchange while resisting the ESL attacks. When compared with previously proposed ID-AKE protocols, our protocol has higher security and retains computational performance, since it requires no bilinear pairing operation for mobile clients. Finally, we mention the possibility of adopting our protocol as an authentication method of the extensible authentication protocol (EAP) for wireless networks.

Original languageEnglish
Article number898716
JournalInternational Journal of Distributed Sensor Networks
Volume2015
DOIs
Publication statusPublished - 2015 Jan 1

Fingerprint

Mobile devices
Authentication
Network protocols
Servers
Cloud computing
Wireless networks
Communication

All Science Journal Classification (ASJC) codes

  • Engineering(all)
  • Computer Networks and Communications

Cite this

@article{ba6adee272154793bc6f55766aab73ee,
title = "A novel ID-based authentication and key exchange protocol resistant to ephemeral-secret-leakage attacks for mobile devices",
abstract = "With the rapid development in wireless communications and cloud computing technologies, clients (users) often use handheld mobile devices to access remote servers via open network channels. To provide authentication and confidentiality between clients and servers, a large number of ID-based authentication and key exchange (ID-AKE) protocols have been proposed for mobile client-server environments. However, most of the existing ID-AKE protocols adopt the precomputation technique so that they become vulnerable to the ephemeral-secret-leakage (ESL) attacks, in the sense that an adversary could use the ephemeral secrets to reveal the private keys of clients from the corresponding exchange messages. In the paper, we propose a new ESL-secure ID-AKE protocol for mobile client-server environments. We formally prove that the proposed protocol satisfies the security requirements of both mutual authentication and key exchange while resisting the ESL attacks. When compared with previously proposed ID-AKE protocols, our protocol has higher security and retains computational performance, since it requires no bilinear pairing operation for mobile clients. Finally, we mention the possibility of adopting our protocol as an authentication method of the extensible authentication protocol (EAP) for wireless networks.",
author = "Tseng, {Yuh Min} and Huang, {Sen Shan} and Tsai, {Tung Tso} and Li Tseng",
year = "2015",
month = "1",
day = "1",
doi = "10.1155/2015/898716",
language = "English",
volume = "2015",
journal = "International Journal of Distributed Sensor Networks",
issn = "1550-1329",
publisher = "Hindawi Publishing Corporation",

}

TY - JOUR

T1 - A novel ID-based authentication and key exchange protocol resistant to ephemeral-secret-leakage attacks for mobile devices

AU - Tseng, Yuh Min

AU - Huang, Sen Shan

AU - Tsai, Tung Tso

AU - Tseng, Li

PY - 2015/1/1

Y1 - 2015/1/1

N2 - With the rapid development in wireless communications and cloud computing technologies, clients (users) often use handheld mobile devices to access remote servers via open network channels. To provide authentication and confidentiality between clients and servers, a large number of ID-based authentication and key exchange (ID-AKE) protocols have been proposed for mobile client-server environments. However, most of the existing ID-AKE protocols adopt the precomputation technique so that they become vulnerable to the ephemeral-secret-leakage (ESL) attacks, in the sense that an adversary could use the ephemeral secrets to reveal the private keys of clients from the corresponding exchange messages. In the paper, we propose a new ESL-secure ID-AKE protocol for mobile client-server environments. We formally prove that the proposed protocol satisfies the security requirements of both mutual authentication and key exchange while resisting the ESL attacks. When compared with previously proposed ID-AKE protocols, our protocol has higher security and retains computational performance, since it requires no bilinear pairing operation for mobile clients. Finally, we mention the possibility of adopting our protocol as an authentication method of the extensible authentication protocol (EAP) for wireless networks.

AB - With the rapid development in wireless communications and cloud computing technologies, clients (users) often use handheld mobile devices to access remote servers via open network channels. To provide authentication and confidentiality between clients and servers, a large number of ID-based authentication and key exchange (ID-AKE) protocols have been proposed for mobile client-server environments. However, most of the existing ID-AKE protocols adopt the precomputation technique so that they become vulnerable to the ephemeral-secret-leakage (ESL) attacks, in the sense that an adversary could use the ephemeral secrets to reveal the private keys of clients from the corresponding exchange messages. In the paper, we propose a new ESL-secure ID-AKE protocol for mobile client-server environments. We formally prove that the proposed protocol satisfies the security requirements of both mutual authentication and key exchange while resisting the ESL attacks. When compared with previously proposed ID-AKE protocols, our protocol has higher security and retains computational performance, since it requires no bilinear pairing operation for mobile clients. Finally, we mention the possibility of adopting our protocol as an authentication method of the extensible authentication protocol (EAP) for wireless networks.

UR - http://www.scopus.com/inward/record.url?scp=84930669455&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84930669455&partnerID=8YFLogxK

U2 - 10.1155/2015/898716

DO - 10.1155/2015/898716

M3 - Article

AN - SCOPUS:84930669455

VL - 2015

JO - International Journal of Distributed Sensor Networks

JF - International Journal of Distributed Sensor Networks

SN - 1550-1329

M1 - 898716

ER -