| With the rapid development of mobile communication technology and the gradual improvement of social informatization,wireless network technology has been widely used in many scenarios such as information processing and information exchange.Mobile network and intelligent mobile terminal devices have become an indispensable part of people's life and work.However,in the meantime,the data transmitted in the wireless mobile network is also facing the risk of information leakage,for the openness,mobility and unstable transmission channel of wireless mobile network.Hence,a secure communication channel is essential to ensure the privacy and security of information among the communication of mobile terminal devices.Key exchange(also known as key negotiation)protocols based on cryptography can meet the application requirements(e.g.identity authentication and secure communication)in the communication process.It can not only ensure the authenticity of the communication participants' identities,but also guarentee that communication participants can establish the session key online at any time for a secure communication.Since the key exchange protocol was proposed,it has evolved into many kinds,among which the three-party authentication multi-key exchange protocol based on password is easy-to-remember,easy-to-maintain and extensible.It can also greatly reduce the computation cost of the server and mobile client,for it can generate multiple session keys in only one session.This means that this type of protocols is with wide application and better service scalability,and the server can provide services for the client without significantly reducing its service performance.The multi-key exchange protocols(i.e.3MPAKE and THMEP)proposed by Li et al.and Tsai et al.is based on password and ECC,respectively.Both 3MPAKE and THMEP protocols are claimed owning high efficiency,security and strong scalability.However,we found that both of them can hardly resist the offline password attack.For solving this problem,we improved the agreement in the client registration phase,and designed a novel three party authentication key exchange protocol based on the 3MPAKE protocol.We also proved our proposal under the BPR security model,namely,our proposal can realize the mutual authentication between client and server and the obtained session keys are indistinguishable.In addition,this paper also analyzes the security features of our proposed protocol,which can resist resist current known attacks such as offline password guessing attack,impersonation attack,known key attack and unknown key sharing attack.Finally,we compared our proposal with three related protocols(proposed by other researchers in recent years)in term of security and performance.The comparison results demonstrate that our proposal can effectively achieve a tradeoff among security,communication cost and computation cost,and hence is with stronger practicability.To show the feasibility of our proposed protocol in real environment,this paper implements it in Windows and Android based on Bouncy Castle encryption component.The experimental results show that our proposal can support the relatively resourse-limited mobile devices because its computation time is in milliseconds and it does not involve intractable computation such as bilinear pairings and map-to-point hashing. |
PDF Full Text Request