SEARCH

SEARCH BY CITATION

Keywords:

  • authenticated key agreement;
  • collision-resistant hash function;
  • symmetric encryption

ABSTRACT

The three-party authenticated key agreement protocol enables two clients to authenticate each other and agree on a session key over an insecure public network with the help of a trusted server. The password-based three-party authenticated key agreement protocols often have two drawbacks: (1) the server must store large numbers of passwords and (2) low-entropy passwords easily suffer from potential guessing attacks. The public key infrastructure-based three-party authenticated key agreement protocols need no password. In 2008, Chen et al. proposed a round-efficient three-party authenticated key agreement protocol that needs no password or public key cryptosystem. However, the computation costs and communication loads of their protocol are still high. In 2009, Yang et al. proposed an efficient three-party authenticated key exchange protocol based upon elliptic curve cryptography for mobile commerce environments. Unfortunately, both three-party authenticated key agreement protocols are insecure. In this paper, we propose a novel three-party authenticated key agreement protocol that requires neither public key cryptosystem nor password. Compared with the previous three-party authenticated key agreement protocols, the novel three-party authenticated key agreement protocol requires considerably fewer rounds, lower communication cost and smaller computation cost. The comparisons have shown that our three-party authenticated key agreement protocol is more practical than other three-party authenticated key agreement protocols. The proposed protocol is provably secure on the basis of the intractability of the computational Diffie–Hellman problems in the random oracle model. Copyright © 2012 John Wiley & Sons, Ltd.