원문정보
초록
영어
How to make people keep both security and privacy in communication networks has been a hot topic in recent years. Researchers proposed three party authenticated key agreement (3PAKA) protocols to answer this question, which allows two parties to agree a new secure session key with the help of a trusted server. Recently, Yang et al. proposed a provably secure 3PAKA protocol. However, this paper finds out Yang et al.’s protocol has a security weakness against password guessing attack and two lack properties in authentication for password updating phase and privacy preserving. Furthermore, we propose anew privacy preserving 3PAKA (P_3PAKA) protocol using smart cards to solve the security problems in Yang et al.’s protocol. It provides user anonymity and un-traceability by adopting dynamic identifier depending on each session’s nonce. Comparing with other typical 3PAKA protocols, P_3PAKA protocol is more secure while maintaining efficiency.
목차
1. Introduction
2. Yang, et al., 3PARK Protocol
2.1. Definitions and Notations
2.2. Registration Phase
2.3. Login Phase
2.4. Password Updating Phase
2.5. Key Agreenent Phase
3. Security Analysis on Yang et al.'s 3PAKA Protocol
3.1. Password Guessing Attack
3.2. Lack of Authentication for Password Updating
3.3. Lack of Privacy Preserving
4. P_3PAKA Protocol
4.1. Required Security Criteria
4.2. Registration Phase
4.3. Login Phase
4.4. Password Updating Phase
4.5. Key Agreement Phase
5. Security and Performance Analyses
5.1. Security Analysis
5.2. Performance Analysis
6. Conclusion
References