Novel Attacks and Novel Efficient Three-Party Authenticated Key Agreement Schemes for Resource-limited Devices

Novel Attacks and Novel Efficient Three-Party Authenticated Key Agreement Schemes for Resource-limited Devices

A three-party authenticated key agreement scheme (3PAKA) is a protocol that enables a pair of two registered clients to establish session keys via the help of a trusted server such that each client only pre-shares some secret with the server. As the resource-constrained devices are becoming more and more popular and deployed, it is important to design secure 3PAKA schemes that are efficient in terms of both the communication and the computation.
Among existent 3PAKA schemes, Yang et al.’s scheme significantly reduces the devices’ computational load by blinding the Diffie-Hellman values. However, we find a very powerful kind of attacks, which has never been reported the attackers only eavesdrop on the transmissions and can derive the secret keys and the session keys. We pinpoint the design pitfalls and propose our countermeasure.
Based on the Modified Computational Diffie-Hellman Problem (MCDHP), we propose a novel 3PAKA scheme that simultaneously improves the security, the communication, and the computation. The proposed scheme shows the best performance in terms of security, communications and computations, when we evaluate the related works under the same criteria. The protocol security checker Automated Validation of Internet Security Protocols and Applications (AVISPA) has verified the security properties of our scheme.