Two-Server 3D ElGamal Diffie-Hellman Password Authenticated and Key Exchange Protocol Using Geometrical Properties | Mobile Networks and Applications Skip to main content
Springer Nature Link
Log in

Two-Server 3D ElGamal Diffie-Hellman Password Authenticated and Key Exchange Protocol Using Geometrical Properties

  • Published:
Mobile Networks and Applications Aims and scope Submit manuscript

Abstract

In the contemporary world, Internet based services undoubtedly plays a vital role in supporting business processes. Yet, these services suffer from poor authentication methods, leading to intensive attacks. To address this issue and to enhance the security, in this paper, a cutting edge tetrahedron (3D) based two-server Password Authenticated Key Exchange (PAKE) protocol using ElGamal and Diffie-Hellman (DH) mechanism is devised, analyzed and implemented using geometrical shape based properties - circumcenter (ω) and the angle between the medians (θ). With the aid of these properties, obtaining a password/key from the ciphertext is infeasible. 3D ElGamal DH mechanism precludes the fear of low-encryption-exponent attack. The metrics considered for examining the protocols include communication complexity, computational complexity, security defensive rate and attack resistance rate.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Subscribe and save

Springer+ Basic
¥17,985 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price includes VAT (Japan)

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6

Similar content being viewed by others

References

  1. Abdalla M, Chevassut O, Fouque P, Pointcheval D (2005) A simple threshold authenticated key exchange from short secrets. Lect Notes Comput Sci 3788:566–584

    Article  MathSciNet  MATH  Google Scholar 

  2. Bellare M, Pointcheval D, Rogaway P (2000) Authenticated key exchange secure against dictionary attacks’, in proceedings of the 19th international conference on theory and application of cryptographic techniques 139–55

  3. Bellovin SM, Merritt M (1990) Limitations of the Kerberos authentication system. ACM SIGCOMM Comput Commun Rev 20:119–132

    Article  Google Scholar 

  4. Bellovin, SM, Merritt, M (1992) Encrypted key exchange: password-based protocols secure against dictionary attacks’, in proceedings of the IEEE symposium on research in security and privacy 72–84

  5. Bellovin SM, Merritt M (1993) Augmented encrypted key exchange: a password-based protocol secure against dictionary attacks and password file compromise’, in proceedings of the first ACM conference on computer and communications security 244–250

  6. Brainard J, Juels A, Kaliski B, Szydlo M (2003) A new two-server approach for authentication with short secrets’, in proceedings of the 12th USENIX security symposium, pp. 201–214

  7. Bresson E, Chevassut O, Pointcheval D (2003) Security proofs for an efficient password-based key exchange’, in proceedings of the 10th ACM conference on computer and communications security 241–250

  8. Brunet M (2005) Perfect Password: Selection, Protection, Authentication, Syngress, Rockland

  9. Byun JW, Lee DH, Lim JI (2006) Security analysis and improvement of a gateway-oriented password-based authenticated key exchange protocol. IEEE Commun Lett 10(9):683–685

    Article  Google Scholar 

  10. Chien HY, Wu TC, Yeh MK (2013) Provably secure gateway-oriented password-based authenticated key exchange protocol resistant to password guessing attacks. J Inf Sci Eng 29:249–265

    MathSciNet  Google Scholar 

  11. Chouksey A, Pandey Y (2013) An efficient password based two-server authentication and pre-shared key exchange system using smart cards. Int J Comput Sci Inform Technol 4(1):117–120

    Google Scholar 

  12. Cloud Computing Trends 2016 State of the Cloud Survey, Available from: <http://www.rightscale.com/blog/cloud-industry-insights/cloud-computing-trends-2016-state-cloud-survey#security>. [9 February 2016]

  13. Construction of a Triangle from Circumcenter, Orthocenter and Incenter, Available from: <http://www.cut-the-knot.org/triangle/O-H-I.shtml>. [30 September 2008]

  14. Ding Y, Horster P (1995) Undetectable on-line password guessing attacks. ACM SIGOPS Operating Syst Rev 29(4):77–86

    Article  Google Scholar 

  15. ElGamal T (1985) A public key cryptosystem and a signature scheme based on discrete logarithms. IEEE Trans Inf Theory 31(4):469–472

    Article  MathSciNet  MATH  Google Scholar 

  16. Final Report on Diginotar Hack Shows Total Compromise of CA Servers, Available from: <https://threatpost.com/final-report-diginotar-hack-shows-total-compromise-ca-servers-103112/77170/>. [31 October 2012]

  17. Gennaro R, Lindell Y (2006) A framework for password-based authenticated key exchange. ACM Trans Inf Syst Secur 9(2):181–234

    Article  MATH  Google Scholar 

  18. Goldreich O, Lindell Y (2006) Session-key generation using human passwords only. J Cryptol 19(3):241–340

    Article  MathSciNet  MATH  Google Scholar 

  19. Hao F, Ryan P (2010) J-PAKE: authenticated key exchange without PKI. Lect Notes Comput Sci 6480:192–206

    Article  MathSciNet  Google Scholar 

  20. Herzberg A, Jbara A (2008) Security and identification indicators for browsers against spoofing and phishing attacks. ACM Trans Internet Technol 8(4):1–36

    Article  Google Scholar 

  21. Is SAML an Effective Framework for Secure SSO?, Available from: <http://vinayendra.com/SAML.pdf>. [2 December 2012]

  22. Jablon DP (1996) Strong password-only authenticated key exchange*. ACM Comput Commun Rev 26(5):5–26

    Article  Google Scholar 

  23. Jablon DP (2001) Password authentication using multiple servers. Lect Notes Comput Sci 2020:344–360

    Article  MATH  Google Scholar 

  24. Jin H, Wong DS, Xu Y (2007) An efficient password-only two-server authenticated key exchange system. Lect Notes Comput Sci 4861:44–56

    Article  MATH  Google Scholar 

  25. Katz J, Mackenzie P, Taban G, Gligor V (2005) Two-server password-only authenticated key exchange. Lect Notes Comput Sci 3531:1–16

    Article  MATH  Google Scholar 

  26. Kim HS, Choi JY (2009) Enhanced password-based simple three-party key exchange protocol. Comput Electr Eng 35(1):107–114

    Article  MATH  Google Scholar 

  27. Kumari KA, Sadasivam GS, Rohini L (2016) An efficient 3D elliptic curve Diffie-Hellman (ECDH) based two-server password-only authenticated key exchange protocol with provable security. IETE J Res 62(6):762–773

    Article  Google Scholar 

  28. Lee JH, Lee DH (2007) Secure and efficient password-based authenticated key exchange protocol for two-server architecture, in proceedings of the international conference on convergence information technology 2102–2107

  29. Li H, Dai Y, Tian Y, Yang H (2009) Identity-based authentication for cloud computing. Lect Notes Comput Sci 5931:157–166

    Article  Google Scholar 

  30. Lin CL, Sun HM, Hwang T (2000) Three-party encrypted key exchange: attacks and a solution. ACM SIGOPS Operating Syst Rev 34(4):12–20

    Article  Google Scholar 

  31. Mackenzie P, Shrimpton T, Jakobsson M (2005) Threshold password-authenticated key exchange. Lect Notes Comput Sci 2442:385–400

    Article  MathSciNet  MATH  Google Scholar 

  32. Milenković I, Atinović O, Simić D (2013) Using Kerberos protocol for single sign-on in identity management systems. J Info Technol Appl 3:27–33

    Google Scholar 

  33. OASIS, Available at: https://www.oasis-open.org/committees/tc_home.php?wg_abbrev=wss

  34. Panwar PK, Kumar D (2012) Security through SSL. Int J Adv Res Comput Sci Software Eng 2(12):178–184

    Google Scholar 

  35. Raimondo MD, Gennaro R (2003) Password-authenticated key exchange extended abstract. Lect Notes Comput Sci 2656:507–523

    Article  MathSciNet  MATH  Google Scholar 

  36. Securing the Internet of Things The Conversation Every CIO Needs to Have with the CEO, Available from: <https://www.eiuperspectives.economist.com/sites/default/files/images/EIU-HPE%20IoT%20Security%20Article_PDF_1.pdf>. [30 March 2016]

  37. Somorovsky J, Mayer A, Schwenk J, Kampmann M, Jenson M (2012) ‘On breaking SAML: be whoever you want to be’, in proceedings of the 21st USENIX security symposium 1–16

  38. Sood SK (2012) Dynamic identity based authentication protocol for two-server architecture. J Inf Secur 3:326–334

    Google Scholar 

  39. Steiner M, Tsudik G, Waidner M (1995) Refinement and extension of encrypted key exchange. ACM SIGOPS Operating Syst Rev 29(3):22–30

    Article  Google Scholar 

  40. Szydlo M, Kaliski B (2005) Proofs for two-server password authentication. Lect Notes Comput Sci 3376:227–244

    Article  MathSciNet  MATH  Google Scholar 

  41. Tetrahedral Treats, Available from: <http://www.zebragraph.com/Geometers_Corner_files/tetrahedraltreats.pdf>

  42. Toorani M (2014) ‘Security analysis of J-PAKE’,in proceedings of IEEE symposium on computers and communication 1–16

  43. Tsiounis Y, Yung M (1998) On the security of ElGamal based encryption. Lect Notes Comput Sci 1431:117–134

    Article  MATH  Google Scholar 

  44. Wan Z, Deng RH, Bao F, Preneel B (2007) nPAKE+: a hierarchical group password-authenticated key exchange protocol using different passwords. Lect Notes Comput Sci 4861:31–43

    Article  MATH  Google Scholar 

  45. Wu, T (1998) ‘The secure remote password protocol’, in proceedings of the internet society symposium on network and distributed system security 1–17

  46. Yang D, Yang B (2010) ‘A novel two-server password authentication scheme with provable security’,in proceedings of 10th IEEE international conference on computer and information technology 1605–1609

  47. Yang Y, Deng RH, Bao F (2006) A practical password-based two-server authentication and key exchange system. IEEE Trans Dependable Secure Comput 3(2):105–114

    Article  Google Scholar 

  48. Yeh HT, Sun HM (2002) Simple authenticated key agreement protocol resistant to password guessing attacks. ACM SIGOPS Operating Syst Rev 36(4):14–22

    Article  Google Scholar 

  49. Yi X, Ling S, Wang H (2013) Efficient two-server password-only authenticated key exchange. IEEE Trans Paral Distrib Syst 24(9):1773–1782

    Article  MathSciNet  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of IT, PSG College of Technology, Coimbatore, India

    K. Anitha Kumari

  2. Department of CSE, PSG College of Technology, Coimbatore, India

    G. Sudha Sadasivam

Authors
  1. K. Anitha Kumari
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. G. Sudha Sadasivam
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to K. Anitha Kumari.

Additional information

NOTE: The proposed 3D ElGamal DH PAKE protocol is filed as a Patent [Filing No:201641022806], since this is the state-of-art protocol of its kind password is impracticable when both the servers are compromised.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Anitha Kumari, K., Sudha Sadasivam, G. Two-Server 3D ElGamal Diffie-Hellman Password Authenticated and Key Exchange Protocol Using Geometrical Properties. Mobile Netw Appl 24, 1104–1119 (2019). https://doi.org/10.1007/s11036-018-1104-1

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11036-018-1104-1

Keywords

Search

Navigation