SciELO - Scientific Electronic Library Online

 
vol.16 número1Effect of oxygen addition on the formation of anatase TiO2 nano-coatings obtained by spray pyrolysis techniqueEfficient agent-based negotiation by predicting opponent preferences using AHP índice de autoresíndice de materiabúsqueda de artículos
Home Pagelista alfabética de revistas  

Servicios Personalizados

Revista

Articulo

Indicadores

Links relacionados

  • No hay artículos similaresSimilares en SciELO

Compartir


Journal of applied research and technology

versión On-line ISSN 2448-6736versión impresa ISSN 1665-6423

J. appl. res. technol vol.16 no.1 Ciudad de México feb. 2018

 

Articles

An efficient 3D Diffie-Hellman based Two-Server password-only authenticated key exchange

Anitha Kumari Ka  * 

Sudha Sadasivam Gb 

aDepartment of IT, PSG College of Technology, India

bDepartment of CSE PSC College of Technology, India


Abstract:

In emerging technological world, security potentially remains as a highest challenge in the large-scale distributed systems, as it is suffering extensively with adversaria! attacks due to insufficient mutual authentication. In order to address this, a state-of-art tetrahedron (3D) based two-server Password Authenticated and Key Exchange (PAKE) protocol has been formulated with formal proof of security by incorporating the elementary properties of plañe geometry. The main intention of this work is, obtaining a password from the stored credentials must be infeasible when both the servers compromised together. At the outset to realize these goals, in this paper, the properties of the tetrahedron are utilized along with Diffie-Hellman (DH) key exchange algorithm to withstand against malicious attacks. A significant aspect of the proposed 3D PAKE protocol is, client side complexity has been reduced to a greater extent in terms of computation and communication. Both theoretically and practically, 3D PAKE protocol is the first demonstrable secure two-server PAKE protocol that breaks the assumptions of the Yang et al. and Yi et al. protocol that the two servers must not compromise together. Computational complexity, communication complexity, security key principies, best of all attacks happening dubiously are considered as the evaluation parameters to compare the performance of the proposed 3D PAKE protocol.

Keywords: 3D PAKE protocol; tetrahedron property analysis; Diffie-Hellman key exchange

1. INTRODUCTION

In this digital world, web services are accessed by the users consistently. Yet, these web services are suffering with poor authentication that in turn allows malicious users to impersonate the services. Thereby, framing an effective solution to reduce the attack surface is inevitable. Most of the web services rely upon digital certifícate for verification. On the contrary, when the certifícate authority is vulnerable to hazardous attacks or security breaches, the primary effect includes compromising of numerous certificates (Dennis, 2012). An optimal and effectual solution to address this issue is PAKE protocol. PAKE establishes a secret key between two communicating parties based upon the knowledge of sensitive information like, low-entropy password (Bellovin & Merritt, 1992). Relatively, password based authentication techniques is a flexible one to reduce the intricacies to a greater extent without demanding abundant space or device requirement. It is considered as one of the simplest and most convenient authentication mechanisms. In PAKE, an attacker or man-in-the-middle will not be able to guess a password without further interactions with communicating parties. This defensive property acts as a phenomenal aspect of PAKE. In most of the cases, the single server model is liable to invasive attacks, whereas the multi - server model is expensive and entails high communication bandwidth. With that note, two-server model is considered as a wise choice. 3D protocol assures that determining the key/obtaining a password from the stored information is impossible by the adversaries.

Mathematical research normally simplifies a complex problem in all academic disciplines. Using geometrical properties in a PAKE protocol is an appealing technique, as this plays an extensive role in real life from the most basic to the advanced part. An amazing fact is retrieving the original source from these properties is infeasible (Jack, 2008).The security model of the proposed protocol is based on the properties - circumcenter (ꞷ) and the angle between the medians (θ) of tetrahedron to protect the system against attacks. It is a proven fact, that the properties of a tetrahedron are undoubtedly more difficult to visualize and break (Choate, 1976). A profound analysis of the protocol acts as an evidence for the protocol's resistance against the attacks.

Introduction section addresses the motivation of choosing trigonometric properties in 3D PAKE protocol. Section 2 explores the related literature, section 3 elaborates the proposed methodology, section 4 converses the protocols' correctness and security analysis theoretically, section 5 carries out performance analysis and the section 6 presents the summary of the key contributions of 3D PAKE and possible research avenues.

2. RELATED WORK

In web services, Kerberos based framework generates tickets for binary authentication. One of the major limitations of Kerberos is that, it is vulnerable to password guessing attacks (Bellovin & Merritt, 1990). Further, Kerberos requires a trusted path to handle passwords and does not support multipart authentication. The flaws can be inherently resolved by using a formal PAKE protocol.

Initially a pioneering symmetric two-server PAKE is proposed by Katz, MacKenzie, Taban, and Gligor (2005). Computation and communication complexity is the highest barrier in adopting Katz protocol. Three-party encrypted key exchange scheme proposed by Lin, Sun, and Hwang (2000) is stringent against attacks; however, as a prerequisite, the client needs to obtain and verify the the public key of the server. Similarly, computational complexity is the limitation of the nPAKE+ scheme (Wan, Deng, Bao, & Preneel, 2007). A Gateway based Threshold Password-based Authenticated Key Exchange (GTPAKE) scheme is susceptible to undetectable on-line password guessing attack by a malicious gateway (Byun. Lee, & Lim, 2006; Chien, Wu, & Yeh, 2013). A threshold PAKE verifies the client based on the threshold valué (Abdalla, Chevassut, & Fouque, 2005; Mackenzie. Shrimpton, & Jakobsson, 2002). Even though, the protocol is secure against dictionary attacks, fixing the acceptable threshold valué is a complicated process. 3D password authentication system constituting of recognition, recall, tokens and biometrics as a single authentication system is proposed by Pooja, Shilpi, Sujata, & Vinita, (2012). Device requirement is a limitation of this approach. An efficient password based two-server authentication and pre-shared key exchange system using smart card is proposed by Chouksey & Pandey (2013). It is an ID-based remote user authentication protocol with a smart card that uses simple bitwise XOR operations and hash functions. Device requirement is the main shortcoming of this approach. Yang, Deng, and Bao (2006) proposed the practical two-server PAKE model. It is not robust against dictionary attacks caused by the active adversary and it is possible to compute the session key established between the User (U) and Service Server (SS).presented a two-server authentication and key exchange protocol that uses múltiple SS with a single Control Server (CS). This protocol is not efficient when compared with Yang et al. (2006) protocol in terms of computational cost. An enhancement of Yang et al. (2006) scheme is proposed byas Password-only Two-Server Authenticated Key Exchange (PTAKE) to remain secure against offline dictionary attack. Yet the formal security model has not been devised for PTAKE. An efficient two-server PAKE proposed by Yi, Ling, and Wang (2013) is a symmetric two-server PAKE protocol that performs the operations in parallel at both the servers. However, for transferring messages it relies upon a gateway that is expensive and entails high communication complexity. Also, Yi et al. (2013) model reveáis the credentials when both the servers compromised. As a nutshell, all existing two-server protocols disclose the information when both the servers are compromised by the intruder. Further, device requirement is a major concern in some of the protocols.

Kumari, Sadasivarn, and Akash (2016) proposed a 3D ECC PAKE protocol by employing the virtues of plañe geometry with ECC encryption technique to offer strong security against server spoofing attacks. Proposed protocol provides equivalent security analogous to Kumari et al. protocol where the strength is based upon the Decisional Diffie-Hellman (DDH) discrete logarithm technique and is proven to be secure. 3D PAKE protocol has been tested for a healthcare application (Kumari, Sadasivarn, & Rohini, 2016) and can be applied to similar E-medical applications (Rajan, 2015). Table 1 summarizes the merits and demerits of conventional two-server PAKE protocols.

Table 1 Comparative analysis of two-server PAKE protocols. 

Two-server PAKE protocol Merits Limitations
A practical password based two-server authentication and key exchange (Yang et al., 2006) -Secure against active outside adversary attacks

-Secure cannel in required for communication

-Back-end server is not robust against impersonation attacks by the active adversary

-Back-end server computes the session key established between client and front-end server

-Password is revealed when both the servers are compromised

Secure and efficient password-based authenticated key exchange protocol for two-server architecture (Lee & Lee, 2007)

-Secure against server spoofing attacks and stolen verification attacks

-Front-end servers do not store any information related to the user's password in the datábase Secure against omine dictionary attacks

-Computational complexity is slightly high

-Password is revealed when both the servers are compromised

An efficient password-only two-server authenticated key exchange system (Jin et al. 2007)

-Secure against offline dictionary attacks

-Session key computation is not possible by back-end server

-Computational cost is high

-Equal contribution is not provided by front-end and back-end servers

-Password is revealed when both the servers are compromised

An efficient password based two-server authentication and pre-shared key exchange system using smart cards (Chouksey fe Pandey, 2013)

-Secure against offline dictionary attacks, replay attacks, malicious server attacks and man-in-the-middle attacks

-Impersonation of the card reader is possible

-Password is revealed when both the servers are compromised

Dynamic identity based authentication protocol for two-server architecture (Sood, 2012) -Secure against the malicious server attacks, malicious user attacks, stolen smart card attacks, replay attacks and offline dictionary attacks

-Server recognizes expired nonce

-Password is revealed when both the servers are compromised

Two-server password-only authenticated key exchange (Katz et al., 2005)

-Rigorous proof of security

-Secure against offline dictionaryattacks

-Symmetric protocol

-Computational and communication complexity is very high

- Password is revealed when both the servers are compromised

Efficient two-server password-only authenticated key exchange (Yi et al., 2013)

-Secure against offline dictionary attacks

-Symmetric protocol

-Requirement of Gateway

-Password is revealed when both the servers are compromised

3. PROPOSED METHODOLOGY

3D PAKE protocol is coined based on tetrahedron properties and Diffie-Hellman key exchange mechanism. Existing two-server PAKE protocols assume that both the servers must not compromise together to protect the credentials against invasive attacks. The thought provoking process behind the 3D PAKE is to break the assumption and to offend offline dictionary attacks and assumption and to offend offline dictionary attacks and impersonation attacks caused by an inside/outside adversary. Yang et al. (2006) is modified in the proposed 3D PAKE, to avoid the impersonation of back-end server S2 as front-end server SI in obtaining the key and the password. The advantages of the proposed methodology are illustrated by considering communication complexity, computational complexity as the metrics. Diffie-Hellman key exchange algorithm process is explained below:

Algorithm:Diffie-Hellman Key Exchange

Step 1: Choose an integer group Z*

Step 2: Chooso a generator/base point 'g', such that 'g' is a quadratic residue of Zp by satisfying the condition 1< g <p-1. Generator

* selection algorithm is a follows.

Algorithm: Generator Selection

For eaoh g ϵZp*,

Check whether 'g' is a QR of Zp*

If satisfiod, Ɐx ϵ Zp *, Ǝ ´i´ such that x = g i mod p where x < p-1 and i > 0. Else, ´g´is a QNR of Zp *

Step 3: User1 randomly chooses an intoger 'a' in Zp* and cómputes x= ga, while user2 chooses an integer´'b' in Zp*

where a, b are considered as private keys and x, y as public keys

Step 4: User1 and user2 exchange 'x' and 'y'

Step 5: User 1 and user2 compute the secret key as k1 = ya= gab, where K1=k2

DH relies on the assumption that no efficient algorithm exists to ascertain the valúes of 'a', 'b' from gab, if 'a', 'b' and 'g' are chosen randomly and independently (Boneh, 1998). Mínimum length of prime number recommended for DH key exchange is 1024-bits to prevent the incidence of any harmful attacks. DH algorithm is secure against passive adversary's attacks. It is not possible by a passive adversary to obtain the secret key based on the observation of data exchanged between userl and user2. On the other hand, the active attack is possible in DH key exchange as it is a non-authenticated key exchange protocol. To avoid active attacks, the DH key agreement must be put into practice along with strong authentication mechanisms. PAKE protocol is found to be secure against man-in-the-middle attack using low entropy passwords. Thus, the proposed research work is framed with the aid of a PAKE protocol with DH mechanism. Incorporating trigonometric properties further enhance the security of the DH PAKE protocol in fighting against the incidence of all possible active attacks.

3.1 ARCHITECTURE

The 3D PAKE protocol is unconditionally secure, as the password cannot be obtained when both the servers compromise together. Entities used in the 3D PAKE protocol are client C, server SI and server S2. The protocol executes in three phases, namely, initialization, registration, authentication and key exchange. The notations used in the 3D PAKE protocol are:

Zp* - Integer Group 'G' under multiplication modulo 'p'; p - A largo prime number

QRp - Set of quadratic residues modulo 'p'

g1, g2' g3' g4 - Generators of group ZP * of satisfying the QR, condition (b) 2 = g i mod q i= 1,2,3,4, where b ϵ Zp *

x 1 x 2 -Prívate keys ϵ Zp *

y x y 2 - Public keys

b 1 , b 2 ,b 3 , a 1 a 2 , r, r 1 r 2 ϵ Zp *

P - Password

Hash()-Secure one-way hash function

b 4 = b 3 Θ Hash(P)

K/K'-Secret key

Θ-Angle between the medians of tetrahedron

ω - Circumoenter of the tetrahedron

γ - Adversary

for all

Ǝ there exists largo prime number

3.1.1 Initialization phase of 3D PAKE protocol

In the initialization phase, the public parameters {Z p *,p,g 1 ,g 2 ,g 3 Hash} are accepted and disseminated collaboratively by the entities client C, server SI and S2.

Security of the protocol is based on the generators, prime order and the hash function. The impressive ability is the randomness of the hash function and the generator's discrete logarithm problem. g 4 is a valué known only to SI to avoid man-in-the-middle and client impersonation attacks.

3.1.2 Registration phase of 3D PAKE protocol

The client C selects a password P and compute g2P. Further, the client computes b4as b4 = b3 Hash (P) and forwards the authentication information {Username, g2p, b3, b4} to server SI. The server SI build a tetrahedron from g4g2P by splitting the valué g4g2p into x 1 ,x 2 ,x 3 ,y 1 ,y 2 ,y 3 ,z 1 ,z 2 ,z 3 where g 4 is a value known to S1 to avoid impersonation attack. SI calculate the angle between the medians (ϑ) and circumcenter (ω). Further, it stores ϑ as g2θ along with b 3 and transmit username g2ω, b 4 to the server S2. S2 receives and store g2ω, along with b4. As a result, registration of client with server SI and S2 is successful. The operations involved in the registration phase are clearly illustrated in Figure 1.

Fig. 1 A detailed registration process of 3D PAKE protocol. 

3.1.3 Authentication Phase of 3D PAKE Protocol

The user induces the verification by sending the username and g2p to the server SI, where 'P' is clients' password. Server SI constructs the tetrahedron from g4g2p and ascertains angle between the medians g2θ (θ) and circumcenter (ω). The calculated angle between the medians g2θ is verified with the stored g2θ Further, SI forwards the request message {Username, g2ω} to the server S2.

Upon receiving the message, the server S2 verifies the received g2ωagainst the stored g2ω. If the verification is successful, S2 forwards the g2ωvalué to SI for verifying the authenticity of S2. On the other hand, the server SI computes a secret key and passes the parameter 'H' to the client. With the received key generation parameter, the client validates the server. Finally, the client and server SI generate a secret key as shown in Figure 2.

Fig. 2 A detailed authentication and key Exchange process of 3D PAKE protocol. 

4. SECURITY ANALYSIS

In most cases, the success of a cryptographic attack is based on finding weaknesses in the structure of the protocol. Based on the model and security definition, a particular scheme can be analyzed against attacks to be provable from the state of definition. Proof of correctness, proof of resistance of the protocol against passive attacks, active attacks, offline dictionary attacks and security compliance are discussed in this section.

4.1 PROOF OF CORRECTNESS OF 3D PAKE PROTOCOL

Statement: 3D PAKE protocol is correct if

K =K'.

Proof:

In server side, SI computes key K from A, S 2 and Ss, where A=g1a, S2=Ab2= g1ab2and Ss=Ab1S2=g1ab1g1ab2

= g1a (b1+b2)K= Hash (S s, 1)

In client side key K' is computed from B andSu, where B=g1(b1+b2)

Therefore, S' u = (B) a

=(g1b1+b2)a

=g1ab1+b2

Key K' = Hash (Su, 1)

As K = K', the protocol is proven for its correctness.

The random oracle model (Bellare & Rogaway, 1993) is used by the research community to evalúate the security schemes that are constructed using hash functions. In the random oracle model, the behaviour of a hash function is imitated by a deterministic and a proficient function that yields consistently distributed arbitrary valúes. The 3D PAKE protocol is secure under random oracle model, as the hash valué generated is random and irreversible.

4.2 3D PAKE PROTOCOL RESISTANCE TO PASSIVE ATTACKS

Theorem 1: Under the random oracle model, the proposed 3D PAKE protocol is defensive against passive attack with a collision-resistant hash function ' Hash'.

Proof:

Consider that an adversary γ monitors all the Communications between SI and C and between SI and S2. Let's contradictorily prove this, by taking into consideration that the messages exchanged between SI, S2 and client C are traced by γ. Even though γ is able to read the messages of SI and C; SI and S2, obtaining the password from g2p is infeasible, as it is a discrete logarithm problem and there exists no efficient algorithm for quantum computers to obtain a solution for discrete logarithm problem. In a similar sense, if γ obtains g2θ/g2ω (i-e-,) V 1 /V 2 from the messages M2/M3, it is impossible for the adversary to obtain θ /ω. In addition, obtaining a, b 1 , b 2 from A, B2, B, S 1 , S 2 is quite challenging. It is impossible to obtain the vertices of the triangle from the circumcenter ( ω ) and the angle between the medians (θ). A random one-way hash function is used for transmitting messages between the peers. Hence, 'Hash', b 4 and Su is said to be secure under the random oracle model. Thus, a passive attacker γ unable to obtain the password P and the secret keyK. Hence the proposed protocol is proven to be defensive against passive attack.

4.3 3D PAKE PROTOCOL RESISTANCE TO ACTIVE ATTACKS

Theorem 2: The proposed 3D PAKE protocol is defensive against active attack, if there is no existence of polynomial-time algorithm to break the Discrete Logarithm Problem (DLP).

Proof:

Assumption (i): Assume that an active adversary y impersonate as client C by compromising server S1/S2.

  1. Assume that an active adversary γ modifies g2p as g2p.Let's contradictorily prove this, by taking into consideration that an active adversary γ has compromised server S1/S2 to impersonate as client C, by replacing/modifying g2p transferred in message MI with arbitrary number g2p g2p. Since the challenger receives g2p instead of g2p , client verification fails at server side as per Equation (1). Verify calculated g2θ=stored g2 θin S1

    Verify calculated g2ω=stored g2 ωin S1 (1)
    where 'θ ' and 'ω ' are derived from g4g2P.

  2. Assume that adversary γ modifies the valué S u transferred in message M5 as Suv. Since, the challenger receives S uv instead of S u , establishment of key is liable to failure in server SI side as per Equation (2).

    Su=Hash(S1S2) (2)

  3. Further, imagine that the adversary γ is assuming A(g1a)) as A'g1a'transferred in message M5 for the key generation in server S1. Since, the challenger receives A' instead of A, verification of server is liable to failure on client side as per Equation (3).

    Hash Su''0H=?Hash(P) (3)

In server side K=Hash(Ss)

HashA'b1S2=Hash g1a'b1S2=Hash(g1a'b1b2)

In client side, K'=Hash Su'=Hash Ba=Hash(g1a'b1b2)

Therefore, K ≠K'.

Analysis:

Considering the case Ag1aas A'(g1a') asSu as Suv, and g2p g2P' the active adversary γ cannot succeed in generating the secret key K, such that K= K'.

Assumption (ii): Assume that an active adversary y impersonate as server SI by compromising server S2.

  1. Assume that an active adversary γ modifies g2Pas g2P'. Let's contradictorily prove this, by taking into consideration, that an active adversary γ has compromised the server S2 to impersonate as server SI by replacing/modifying the messages exchanged between the server and the client. Such an adversary may modify the valué g2Ptransferred in message MI with a random number. Authentication and key exchange process terminates as proved in Assumption (i): case (a) of Theorem 2. Challenger tries to construct the triangle from g4g2P and examines whether calculated g2θ=stored g2θ . As an effect, triangle construction is not possible by γ as the valué g 4 is not known to the adversary.

  2. The adversary γ tries to modify the valúes transferred in messages M4: B, M5: A, S u and M8: H. Challenger verifies whether Su=Hash (S1s2) Ss= Ab1S2 and H=Hash (SS'0)b3b4. Retrieving the valué b 3 is impossible by γ as the valué is stored in server SI. Modifications in messages M4, M5 or in M8, leads to termination of the key generation process as per Assumption (i): case (a) and (b) of Theorem 2.

Analysis:

Thus, by modifying the valúes in messages M4: B, M5: A,S u , M8: H and g2p as g2P', the active adversary γ can't prevail in generating the secret key K.

Assumption (iii): Assume that an active adversary y impersonate as server S2 by compromising server SI.

  1. Assume that an active adversary γ has compromised the server SI to impersonate as server S2 by replacing/modifying the messages exchanged between the server and the client. Such an adversary may modify the valué g2ω transferred in message M2 with a random number. Challenger verifies received g2ω with stored g2ω. As an effect, retrieving the stored g2ωvalué is impossible by γ, since, the valué is known only to server S2.

  2. The adversary γ may try to modify the values transferred in messages M6: A, Su, S 1 or M7: b 4 , S 2 . Challenger computes Su= Ab2 Su=Hash (S1S2). Retrieving valué b 4 is impossible by γ, since, the value is stored in server S2. Altering the valúes in messages M6/M7, terminates the key generation process as proved in Assumption (i): case (a) and (b) of Theorem 2.

    Analysis:

    Thus, by modifying the valúes of the messages M6: A, S ui ,S 1 , M7: b 4 ,S 2 or g2ω with a random number by the active adversary γ cannot succeed in generating the secret key K.

Remark 1:

Active impersonation of one server as another is possible in Yang et al. (2006) model. 3D PAKE protocol routs the drawback of Yang et al. protocol and proved it is secure against impersonation attacks on server SI and S2 as shown by Theorems 1 and 2. When both the servers are compromised by the intruder, it is infeasible to determine the password 'P' from the stored valúes, based on the properties of the tetrahedron. It is demonstrated that the proposed 3D protocol is strong and intractable, when compared to existing two-server PAKE protocols in the circumstance of the servers' datábase are controlled by the adversaries.

4.4 3D PAKE PROTOCOL RESISTANCE TO OFFLINE DICTIONARY ATTACKS

Theorem 3: The proposed 3D PAKE protocol is defensive against offline dictionary attack by providing two levéis of security.

Proof:

Assumption (i): Assume that an active adversary y breaks the 3D PAKE protocol under offline dictonary attack.

  1. Assurance of primary level of security by β. Let´s contradictorily prove this, by taking into consideration, when the adversary . γ attains Access to the database of both the servers by dictonary attack, the adversary obtain g2θ g2ωvalues.

  2. However, deriving θ and ω from g2θ and g2ωrespectively is NP hard. Hence, it cannot be resolved in polynomial time. Thus, primary level of security is guaranteed.

  3. Assurance of the second level of security by β. If the adversary γ manages to solve DLP, then θ and ω valúes are attained by the adversary. However, finding the vértices of the triangle θ and ω are derived from g4g2P Henceforth, second level of security is assured.

The protocol has been tested with Sqlmap, Wireshark, Havij, Vega, Websecurify, Webcruiser, SSLSmart, WSAttacker and WSDigger to affirm the strength of the protocol. In addition, 3D PAKE complies with known key security, forward secrecy, key control, key confirmation, zero-knowledge proof, explicit key authentication, key freshness, impersonation resilience and reciprocity principies. Also, it is sturdy against low-encryption-exponent attack, known and chosen cipher text attack, known and chosen plaintext attack, sniffer attack, replay attack, man in the middle attack and rainbow table attack. Table 2 summarizes the security standards of the proposed protocol and it proves that the proposed protocol is rigid.

Table. 2 Functionality comparison of 3D PAKE protocol with Yang et al. and Yi et al. protocol. 

Functionality (Yang et al., 2006) Protocol (Yi et al., 2013) Protocol 3D PAK protocol
Known key security Yes Yes Yes
Forward secrecy Yes Yes Yes
Key control Yes Yes Yes
Key confirmation Yes Yes Yes
Zero-knowledge proof Yes Yes Yes
Explicit key authentication Yes Yes Yes
Key freshness Yes Yes Yes
Reciprocity Yes Yes Yes
Impersonation resilience Yes No No
Low-encryption-exponent attack Possible Possible Possible
Known and chosen ciphertext attack Possible Not Possible Not Possible
Known and chosen plaintext attack Possible Not Possible Not Possible
Sniffer attack Possible Not Possible Not Possible
Replay attack - - Restricted
Man in the middle attack Not Possible Not Possible Not Possible
Impersonation attack by inside Possible Not Possible Not Possible
adversary
Offline dictionary attacks on servers Possible Possible Not Possible
datábase to disclose the password
Online dictionary attack - - Restricted
Known-key distinguishing attack Not Possible Not Possible Not Possible
Chosen-key distinguishing attack Not Possible Not Possible Not Possible
Interleaving attack Not Possible Not Possible Not Possible
Lowe's attack Not Possible Not Possible Not Possible
Cross-site scripting attack - - Restricted
SQL injection attack - - Restricted
Side channel attack _ _ Restricted but
Rainbow table attack - - Restricted

5. PERFORMANCE ANALYSIS

The data set used to test the protocol comprises of 100000 passwords. Table 3 shows the experimental results of 3D PAKE Protocol tested for a healthcare application. Password transformation relies upon tetrahedron parameters ω and θ. The valué of ϑ and θ shows the prominence of heuristic information and their impacts. Key length adopted in 3D PAKE is 3072-bits for proper regulation and to prevent illegitímate access.

Table 3 Test cases of the proposed 3D PAKE protocol 

S. No Username Password Theta (θ) Omega (ω) [x,y,z] Run Time (ns) Session Key (bits)
1 Mary23 yaguacire95 0.541823456 [7.4550984849506285,- 0.0339898996708528, -3.668694444818968] 5.01567823E8 554c5e325b2ca99c5e8e5549 bcb5aclbbad0671c3dd5ed84 dace0b47aa00191b0dl62c6c3 0eb594c5de404e6a5dlcdb88 4fec30fdcbd3c7a36da60f45f7 ef58d
2 David re1ns+@ll 0.353009486 [3.0106024072279522, 5.21056267E8 7.9681927783161415, 3.6914056168652216] 5.21056267E8 3222145f'3D8aa569f47f9d8d0 87a3f70ffff965607b2cf14581 936dlb34810622bff80794688 4d2432fcbb33a21a9bee7514c 2add81471554708b90e80cd6 08a
3 Dev tenant+atwill 0.416137519 [-934.4125473274593, -572.3536119949651, 50.00000000000001] 4.53459167E8 68c7f40efl22548eb61885052 88058cc4957cf89027alf9bf3 debleabe9c81fa860dbb09c6ef 59404d96d576d66070c326a63 b4cddl471a0140191804bfí2f21
4 antony3 rebecca 1.552935703 [15.672995055568377, 4.56201638E8 0.0817512361079066, 52.295621909730245] 4.56201638E8 b030bc87675e46b4084ed62a4 eldl88dlfde30bí'8a5d9e7ae2e3 f9c8fl5cca016d21dc4b0779f 79531c93D2clb7d9a709cdf8c3 57e6d58e0a0da3571a.921a767
5 joshua un!ver$a1!+y 0.584438919 [-5163.067772650183, 4.35381735E8 1989.9957515875855, -266.4610155800105] 4.35381735E8 02ea6eab7a895fea9d407066 ff6f9bb7a226f7a9fcd598085 cb987cflf7e9098d317eblla 1118ecí4c60c9bd4306a06b 1 5ea41T907acd70945247231ef 9b6bc3

5.1 COMMUNICATION AND COMPUTATIONAL COMPLEXITY OF 3D PAKE PROTOCOL

The performance of the proposed 3D PAKE protocol is analyzed by comparison with the existing two-server PAKE protocols. Number of group elements in communication are measured in terms of 'L' and the number of hash valúes in communication is measured in terms of '1'. The communication complexity includes number of group elements in communication, the number of hash valúes in communication and the number of rounds taken by the protocol for successful completion.

Communication complexity of 3D PAKE is 9L + 41 and computational complexity is 32, which is very near to that of existing protocols as presented in Table 4. Slight increase in computation is due to the construction of the tetrahedron. It is noticed that the client side complexity is considerably reduced. Furthermore, as the proposed protocol is asymmetric, there is a notable difference in the server side because of the communication between the servers SI and S2. However, this computational complexity can be negotiated as the server S2 is hidden and protected from security vulnerabilities. Nevertheless, it routs the postulation made by other protocols and augments the security.

Tabla 4 Communication and computational complexity analysis of 3D PAKE protocol 

Participants Yang et al (2006) Protocol [ASYMMETRIC] Yi et al. (2013) Protocol [ASYMMETRIC] Jin et al. (2007) Protocol [ASYMMETRIC] Katz et al. (2005) Protocol [ASYMMETRIC] 3D PAKE Protocol [ASYMMETRIC]
Client: Communication (bits) 2L+2l 3L+4l 6L+2l 15 L 3L+2l
Client: Communication (rounds) 4 4 3 3 4
Client: Computation 7 21 12 34 9
Server SI: Communication (bits) 6L+3l 6L+3l 11L+3l 14L 9L+4l
Server SI: Computation 8 5 6 3 8
Server S2: Communication (bits) 15 12 19 27 19
Server S2: Communication (rounds) 4L+1l 6L+3l 5L+1l 14L 6L+2l
Server S2: Computation 6 12 8 27 4
Comm: 9 (6L+31) Client - SI - S2 Comm: 11 (7L+41) Comm: 14 (11L+31) Client - SI - S2 Comm: 43 Client-G-S1 Client-G-S2 Comm: 13 (9L+41) Client - SI - S2
Comp:28 Client-SI-S2 Comm: Worst case:45 Best case:33 Client-SI Client-S2 Comp:39 Client-SI-S2 Comp: Worst case:93 Best case:66 Client-G-SI Client G-S2 Comp: 32 Client-SI-S2
Rounds: 8 Rounds:6 Client-Sl Client-S2 Rounds:6 Client-S1-S2 Rounds:9 Client-G-Sl Client-G-S2 Rounds:8 Client-S1-S2

For a clear understanding, valúes are graphically presented in Figure 3. From Figure 3, it can be inferred that 3D PAKE provides a fair communication complexity. For a broad computational cost analysis, the number of transmissions, hash computations, modular/scalar multiplications, XOR operations and modular exponentiations are examined. The proposed 3D PAKE protocol computation wise performs in a fair manner when compared to Yang et al. (2006), Yi et al. (2013), and Jin et al. (2007) protocols as shown in Table 5.

Fig. 3 Complexity analysis of 3D PAKE protocol 

Table. 5 Comparativo cost analysis of 3D PAKE protocol. 

Cost Computation Parameters Yang et al. (2006) Protocol Yi et al. (2013) Protocol Jin et al. (2007) Protocol 3D PAKE Protocol
No. of transmissions 8 6 6 8
No. of hash computations 7 15 8 8
No. of modular/scalar multiplications 5 3 7 6
No. of modular exponentiations 16 16 24 15
No. of XOR operations 0 11 0 3
No. of authentication parameters 1 1 1 2

Thus, the proposed 3D PAKE performs judiciously computation wise. To the best of our cognizance, a foolproof two-server 3D PAKE protocol is proposed based on tetrahedron properties and proved its resistance against attacks.

6. CONCLUSION

A formal design and evaluation of a state-of-art tetrahedron (3D) based two-server PAKE protocol is presented in this paper with definite proof of security. With the assistance of ω and ϑ parameters, offline dictionary attacks oceurring on the server's datábase are proclaimed as a challenge as rightly pointed and proved in section 4.4; thereby, obtaining the password is infeasible when both the servers are compromised. This assures the robustness of the protocol against dictionary attack in 3D. It is also observed, that the 3D PAKE protocol is performing reasonably well in communication and computation, as discussed in section 5.1. As a future avenue of research, the proposed 3D PAKE protocol security can be reinforced constantly by adding additional parameters / shapes with formal proof of security.

CONFLICT OF INTEREST

The autors have no conflicts of interest to declare.

REFERENCES

Abdalla, M., Chevassut, O., Fouque, P. A., & Pointcheval, D. (2005). A simple threshold authenticated key exchange from short secrets. Lechare Notes in Computer Science. 3788, 566-584. [ Links ]

Bellare, M., & Rogaway, P. (1993). Random oracles are practica!: A paradigm for designing efficient protocols. lst ACM Conference on Computer and Communications Security, pp. 62-73. [ Links ]

Bellovin, S. M., & Merritt, M. (1990). Limitations of the Kerberos authentication system. ACM SIGCOMM Computer Communication Review, 20(5), 119-132. [ Links ]

Bellovin, S. M., & Merritt, M. (1992). Encrypted key exchange: Password-based protocols secure against dictionary attacks. IEEE Proceedings of the Symposium on Security and Privacy, (pp. 72-84). IEEE. [ Links ]

Boneh, D. (1998). The decisión diffie-hellman problem. Lecture Notes in Computer Science, 1423, pp. 48-63. [ Links ]

Byun, J. W., Lee, D. H., & Lim, J. I. (2006). Security analysis and improvement of a gateway-oriented password-based authenticated key exchange protocol. IEEE Communications Letters, 10(9), 683-685. [ Links ]

Chien, H. Y., Wu, T. C, & Yeh, M. K. (2013). Provably secure gateway-oriented password-based authenticated key exchange protocol resistant to password guessing attacks. Journal of Information Science and Engineering, 29(2), 249-265. [ Links ]

Choate J. (1976). Tetrahedral Treats, Available from: http://www.zebragraph.com/Geometers_Corner_files /tet rahedral treats.pdfLinks ]

Chouksey, A., & Yogadhar, P. (2013). An efficient password based two-server authentication and pre-shared key exchange system using smart cards. International Journal of Computer Science and Information Technologies, 4(1), 117-120. [ Links ]

Dermis F. (2012). Final Report on Diginotar Hack Shows Total Compromise of CA Servers, Available from: https://threatpost.com/final-report-diginotar-hack-shows-total-compromise-ca-servers103112/77170/Links ]

Jack, D. (2008). Construction of a Triangle from Circumcenter. (2008) Orthocenter and Incenter, Available from: Available from: https://www.cut-the-knot.org/triangle/O-H-I.shtmlLinks ]

Jin, H., Wong, D. S., & Xu, Y. (2007). An efficient password-only two-server authenticated key exchange system. Lecture Notes in Computer Science, (pp. 44-56). [ Links ]

Katz, J., MacKenzie, P., Taban, C, Gligor, V. (2005) Two-server password-only authenticated key exchange. Lecture Notes in Computer Science, 3531, pp. 1-16. [ Links ]

Kumari, K. A., Sadasivarn, G. S., & Akash, S. A. (2016). A Secure Android Application with Integration of Wearables for Healthcare Monitoring System Using 3D ECCDH PAKE Protocol. Journal of Medical Imaging and Health Informatics, 6(6), 1548-1551. [ Links ]

Kumari, K. A., Sadasivarn, G. S., & Rohini, L. (2016). An Efficient 3D Elliptic Curve Diffie-Hellman (ECDH) Based Two-Server Password-Only Authenticated Key Exchange Protocol with Provable Security. IEEE Journal of Research, 62(6), 762-773. [ Links ]

Lee, J. H, & Lee, D. H. (2007). Secure and efficient password-based authenticated key exchange protocol for two-server architecture. International Conference on Convergence Information Technology, (pp. 2102-2107). IEEE. [ Links ]

Lin, C. L., Sun, H. M., & Hwang, T. (2000). Three-party encrypted key exchange: attacks and a solution. ACM SIGOPS Operating Systems Review, 34(4), 12-20. [ Links ]

MacKenzie, P., Shrimpton, T., & Jakobsson, M. (2002). Threshold password-authenticated key exchange. Lecture Notes in Computer Science, 2442, 385-400. [ Links ]

Pooja, D., Shilpi, G., Sujata, S., & Vinita, G. (2012). Secured authentication: 3d password. International Journal of Engineering and Management Sciences, 3(2), 242-245. [ Links ]

Rajan, S. (2015). Review and investigations on future research directions of mobile based telecare system for cardiac surveillance. Journal of applied research and technology, 13(4), 454-460. [ Links ]

Sood, S. K. (2012). Dynamic identity based authentication protocol for two-server architecture. Journal of Information Security, 3, 326. [ Links ]

Wan, Z., Deng, R. H., Bao, F., & Preneel, B. (2007). nPAKE+: A hierarchical group password-authenticated key exchange protocol using different passwords. Lecture Notes in Computer Science, 4861, 31-43. [ Links ]

Yang, Y., Deng, R. H., & Bao, F. (2006). A practica! password-based two-server authentication and key exchange system. IEEE Transactions on Dependahle and Secure Computing, 3(2), 105-114. [ Links ]

Yi, X., Ling, S., & Wang, H. (2013). Efficient two-server password-only authenticated key exchange. IEEE transactions on Parallel and Distributed systems, 24(9), 1773-1782. [ Links ]

*Corresponding author. E-mail address:anitha.psgsoft@gmail.com(Anitha Kumari K.) Peer Review under the responsibility of Universidad Nacional Autónoma de México. http://

Creative Commons License Este es un artículo publicado en acceso abierto bajo una licencia Creative Commons