pKAS: A Secure Password-Based Key Agreement Scheme for the Edge Cloud

Liu, Ping; Shirazi, Syed Hamad; Liu, Wei; Xie, Yong

doi:https://doi.org/10.1155/2021/6571700

Security and Communication Networks

On this page

Abstract Introduction Related Works Preliminaries System Model Conclusion Data Availability Conflicts of Interest Acknowledgments References Copyright Related Articles

Special Issue

Secure Deployment of Commercial Services in Mobile Edge Computing 2021

View this Special Issue

Research Article | Open Access

Volume 2021 | Article ID 6571700 | https://doi.org/10.1155/2021/6571700

pKAS: A Secure Password-Based Key Agreement Scheme for the Edge Cloud

Ping Liu,¹Syed Hamad Shirazi,²Wei Liu,¹and Yong Xie¹

Academic Editor: Xiaolong Xu

Received05 Sept 2021

Accepted05 Oct 2021

Published18 Oct 2021

Abstract

For the simplicity and feasibility, password-based authentication and key agreement scheme has gradually become a popular way to protect network security. In order to achieve mutual authentication between users and edge cloud servers during data collection, password-based key agreement scheme has attracted much attention from researchers and users. However, security and simplicity are a contradiction, which is one of the biggest difficulties in designing a password-based key agreement scheme. Aimed to provide secure and efficient key agreement schemes for data collecting in edge cloud, we propose an efficient and secure key agreement in this paper. Our proposed scheme is proved by rigorous security proof, and the proposed scheme can be protected from various attacks. By comparing with other similar password-based key agreement schemes, our proposed scheme has lower computational and communication costs and has higher security.

1. Introduction

With the dawn of the Internet of everything, Internet of things (IoT) has become to obtain the leading strategic position in research and development in the world. Even though various countries in the world pay attention to the development of the IoT, the influx of diverse traffic and the need of diversified application scenario has not only put forward new challenge for the centralized cloud computing architecture nowadays but also drove the emergence of the cloud computing paradigm [1, 2].

In the era of Internet of Things, mobile devices are no longer simple mobile phones, tablets, etc., but include more abundant augmented/virtual reality devices, intelligent medical device, and moving vehicle. The application scenario also transfers from voice/video communication and other services to virtual space experience, intelligent manufacturing, and the Internet of vehicles [3, 4]. In cloud-based services, data transmission speed will be affected by network traffic, and heavy traffic will lead to long transmission time, thus increasing power consumption cost. Therefore, the adoption of mobile edge computing (MEC) can meet the needs of IoT devices.

As shown in Figure 1, the collection and processing of data is a very important part of the Internet of Things. However, all collected data will be transmitted to the cloud server and then rely on the server’s computing power for data processing and analysis. This will cause the server to be heavily loaded and prone to failure or downtime. At the same time, the increase in the amount of data will also increase the cost of the storage server. In addition, because the network is limited by the network bandwidth and speed, the network bandwidth is put under pressure when a large amount of monitoring data is transmitted, and the data may have large transmission delays and packet loss during transmission. Edge computing data provides format conversion, caching, processing, analysis, and transmission services, and the load of cloud servers improves the efficiency of data processing. The edge cloud includes IoT gateways and collectors. These devices together form an edge node network and provide lightweight computing power for the edge layer of the system.

In the MEC-based Internet of Things, massive amounts of data are generated by a large number of sensors and various heterogeneous devices, and all storage devices are provided by different third-party vendors. Due to the distributed nature of MEC, data are stored in different network edges, which will increase the risk of data being attacked. For example, unauthorized users or opponents may modify or abuse the data uploaded in the storage, which will lead to data leakage and other problems. In order to solve these problems, this paper proposes identity verification based on password-based key agreement. This scheme can ensure both sides’ identity authentication and data security.

In order to protect the data in the edge cloud from being tampered with, the administrator of the edge cloud server needs to authenticate with it when operating the server, so the sever can determine whether the administrator has been faked. To improve the security and verifiability of messages, Zheng [5] proposed a signcryption scheme, which can simultaneously sign and encrypt.

The key agreement protocol is the most commonly used method for two or more parties to communicate. Features of the protocol ensure that the data to be communicated are confidential, secure, and complete [6–10]. The protocol is to establish a session key jointly by two or more entities. The result of key agreement will be affected by any participant, and no trusted third party is required in the process. The session key is obtained by calculating the parameters generated by the participants. In order to enable both parties to authenticate each other, an authentication key agreement is proposed, and the protocol established a session key [11–13].

In 2005, the Diffie–Hellman key exchange in the encryption assumption protocol system is a secure and scalable authentication key exchange agreement, which performs key control and management during transmission [14–16]. In 2009, the elliptic curve cryptosystem (ECC) authentication scheme based on no pairing and few certificates was presented. The scheme was based on mobile devices communication and ID authentication with key agreement protocol. Furthermore, the proposed scheme is also to overcome more attacks [13, 17–20]. Many scholars believed that large prime numbers is difficult for hardware implementation of the elliptic curve cryptosystem, while the binary field was known as suitable [21, 22] in 2010–2012. In order to ensure the confidentiality and integrity of the sent and received messages, the authentication key agreement protocol must include a strong encryption algorithm. The key agreement protocol based on elliptic curve cryptography provides an important development for confidentiality, integrity, and user anonymity.

There are two types of key agreement protocols according to different authentication methods: password-based key agreement protocols and public-key-based key agreement protocols. The password-based authentication key agreement protocol was first proposed by Bellovin and Merritt [23]. In this protocol, both parties share a password in advance, which is used to authenticate each other’s identity during communication and negotiate a short-term session key. Public key-based key agreement can negotiate a session key through signature or public key verification. In this paper, password-based key agreement protocol is studied [15].

1.1. Motivations and Contributions

The proposed pKAS can ensure the security of the message and the authentication of the user identity when two parties communicate. We list our contributions as follows: First, we put forward a secure password-based key agreement pKAS based on ECC for mutual authentication between the user and edge server. The proposed pKAS only needs to deliver the message twice, which greatly saves communication bandwidth. And, in this scheme, we use signcryption, signature verification, and hash operation etc., to ensure the confidentiality and integrity of the message, as well as the anonymity of the identity. Second, we conduct strict security analysis on the proposed pKAS and compare it with other related schemes. The results show that the presented pKAS can resist various attacks. Third, by comparing communication and calculation costs, the proposed pKAS has lower cost and is more secure than recent similar schemes.

1.2. Organization of the Paper

The structure of the paper is as follows. Sections 2 and 3 present the related works and the preliminaries. The system model and security requirements of the scheme proposed in this paper are shown in Section 4. Section 5 presents the proposed password-based key agreement scheme. Section 6 presents the performance and security analysis. Section 7 describes conclusion, future work, conflicts of interest, and data availability respectively.

With the development of Internet technology, security in communications has become more and more significant. Therefore, how to identify remote users has become one of the most significant issues in the public network. In order to figure out the problem, many schemes have been presented. Lamport [24] first proposed the password-based scheme to ensure remote parties authentication scheme. Subsequently, many password-based key agreement schemes were proposed in [25–29].

In 2009, Xu et al. [25] presented an improved remote user authentication and key agreement scheme based on passwords and smart cards, and they certificated that their scheme is secure. Sood et al. [26] found that Xu et al.’s scheme is ineffective against password guessing attacks and impersonation attacks. Subsequently, Sood et al. put forward an improved authentication scheme. However, in 2012, Chen et al. [27] analyzed and pointed out that the scheme of Sood et al. only provided a single-party authentication function, and the legitimacy of the remote server was not authenticated. As a consequence, an improved key agreement scheme with stronger security was presented by Chen et al.\enleadertwodots, and the scheme achieved remote parties’ authentication. Furthermore, they stated that their scheme could resist kinds of attacks. In those authentication schemes proposed by Sood et al., Chen et al., and many scholars [30–32], users must interact with the remote server to transmit information and repeat the login process and authentication process instead of completing the password change process on the client when he/she wants to change the password. In addition, these solutions will not find the wrong password entered during the login process. The wrong password can only be found in the final authentication process after a series of calculations and communications. Obviously, these schemes were inefficient and user-unfriendly, and failed to verify wrong password. Recently, Li et al. [28] analyzed that Chen et al.’s scheme could not ensure forward security and does not achieve perfect user anonymity. In addition, they proposed a scheme based on password and smart card, and the scheme can enhance remote user authentication and key agreement.

The message transmitted between the sender and the receiver may be eavesdropped by the adversary through public channels. The identity of users should be kept confidential during message transmission. Otherwise, the adversary will track the user by collecting the user’s identity information. Some interesting bilinear pairing-based and ECC-based key agreement protocols were proposed in recent years [33–36]. Irshad et al. [33] presented the scheme which used bilinear pairing operations in the interaction between mobile devices and servers. A method that can use mobile devices to access the server was proposed by Tsai and Lo [35], but later proved that the scheme cannot resist impersonation attacks and man-in-the-middle attacks. It is a pity that Xiong et al. [37] believe that Irshad et al.’s scheme is very computationally expensive for mobile devices. The protocol based on ECC is more efficacious because point addition or multiplication in elliptic curves is more efficient than modular exponents. In addition, the elliptic curve encryption protocol which is based on the difficulty of solving the elliptic curve discrete logarithm problem (ECDLP) is more secure. In 2017, a lightweight password-base key agreement protocol was proposed by Mahmood et al. [34]. But later, the program was verified to have some security issues, such as no anonymity, no resistance to replay attacks, and no guarantee of data confidentiality. Recently, a key agreement scheme based on ECC was presented by Kaur et al. [36], and they stated their scheme can overcome many kinds of attacks. Nonetheless, we strictly analyzed and found the scheme of Kaur et al. proposed suffered from no resistance forgery attack and insider attack.

3. Preliminaries

3.1. One-Way Hash Function

Let message be a message that requires a hash value. The length of is a variable, while is the fixed length. Given , it is easy to obtain . However, given , it is infeasible to obtain .

3.2. Elliptic Curve Cryptosystem (ECC)

In 1985, the elliptic curve was used for data encryption by Miller firstly. Later, Koblitz based on the elliptic curve discrete logarithm problem (ECDLP) built a new encryption system, which is called the elliptic curve cryptosystem (ECC). ECC has lower computational overhead than other public key cryptographies such as RSA. Since then, ECC has been widely used in cryptographic protocols and security schemes. The following describes the basic knowledge of ECC and computational difficulties in ECC.

Elliptic curve cryptography is a public key cryptography method based on elliptic curve mathematics. The commonly used expression of elliptic curve in finite field is: (, and ), all coefficients are elements in a finite field (where is a large prime number). Let denotes the point set {, and are both integers} on the elliptic curve defined by the equation and the infinity point O.

The addition on is defined as follows:

For any point in , .

Let be the two points in . is defined as follows: draw a straight line passing through and the elliptic curve to intersect point , then .

Let Q be a point in , and the multiples of are defined as follows: draw a tangent to the elliptic curve at point , and set the tangent to intersect the elliptic curve at point ; then, . Similarly, ( times), where , .

3.3. Complexity Assumptions

The security foundation of ECC is an elliptic curve discrete logarithm problem (ECDLP), which can be defined as follows.

ECDLP: assume two random points and in , , where . It is easy to compute if knows and , while it is infeasible to compute if knows and .

4. System Model and Security Model

4.1. System Model

On analysis of the requirements of communication between the user and edge server, there are two types of roles related in our system, such as users communicating with server, a trust authority (TA) can be regarded as a completely trusted administrator and cannot be compromised by any adversary. With a view to user authentication and key agreement, a user (Assumed be ) must be registered in the TA, and then he/she can perform mutual authentication and key agreement with edge cloud server other users (such as ) only using the password and smart card.

The network model of our system can be illustrated in Figure 2. Before the users communicate with the edge server, the users must register with the TA through a secure channel and store the corresponding registration information on her/his smart cards. After successful registration, users can perform mutual authentication and key negotiation through edge server and implement operations such as secure data management on the edge cloud.

4.2. Security Requirements

Before analyzing security requirements, let us assume adversary’s capabilities based on the application. An adversary generally contains the following capabilities:(i)The open channel can be controlled by , that is to say, the messages through the open channel can be deleted, intercepted, modified, and resent(ii) can traverse the password space in polynomial time, that is, if it has known any other secret information, can guess the password by brute force attack(iii) can obtain the user’s password through a malicious terminal and can also extract data that are stored in smart card

On the capacities of the adversary , the security requirements of password-based key agreement scheme should include forward secrecy and must be resistant to know attacks, such as offline password guessing attack, replay attack, user impersonation attack, server spoofing attack, and parallel attack. Furthermore, the scheme must be mutual authentication and anonymity.

5. The Proposed Scheme (pKAS)

In this section, a key agreement scheme based on password (called pKAS for short) by using ECC was proposed. There are no bilinear paring operations in pKAS. Overall, pKAS has four phases: system initial phase, registration phase, login and key agreement phase, and offline password change phase. For simplicity, we list the symbols used in this paper and their corresponding meanings in Table 1.

Next, the following sections present the four phases of the proposed scheme.

5.1. System Initialization Phase

Trust authority (TA) is responsible for the system initialization phase. In this phase, TA selects a big prime ; then, in finite field, constructs a nonsingular ecliptic curve and chooses base points on and generates a finite cycle additive group of order with .

5.2. Registration Phase

Users, edge cloud sever, and TA complete the registration phase together. Assume the current user ’s identity be , the registration is completed as follows: Step R1: sets his password , then chooses a random number , and computes , , . At last, sends to TA in a channel that an adversary cannot eavesdrop on. Step R2: when TA receives , it will store in the server.

5.3. Login and Key Agreement Phase

We assume there are two users, user and edge cloud sever in this phase. They login by using their ID and password, then authenticate, and consult with session key each other. Step A1: inputs his/her and , then smart cart computes , and checks whether holds or not. If it does not, the session is terminated. Step A2: randomly chooses , computes , , , where is current times-tamp, . At last, sends to . Step A3: after receiving , checks whether , if not, terminates the session, else computes , and checks whether holds or not. If not, terminates the session. chooses and computes , , , . At last, sends to . Step A4: after receiving from , checks whether current timestamp meets or not, if not, terminates the session, else computes , and checks whether holds or not. If not, terminates the session, else accepts this session.

At last, and have agreed an identical session key . Figure 3 presents the flowchart of login and key agreement phase.

5.4. Offline Password Change Phase

In order to obtain a better user experience, while meeting the high requirements of security and efficiency, the user can complete this phase locally in the proposed scheme as follows: Step C1: in order to verify the user’s identity, the user must enter , in the smart card. Step C2: the smart card computes and checks if and are equal. If not, the system will terminate the session. Else, it means the correctness of and is , and it can go to the next step. Step C3: user inputs new password and computes .

6. Security and Performance Analysis

Security analysis and proof of our scheme is presented in this section. As well as the proposed pKAS is proven to be able to resist all kinds of attacks. Besides, we analyze and compare the communication calculation and bandwidth consumption of similar schemes.

6.1. Security Analysis

In this section, the details of security analysis are described as following.

Proposition 1. The proposed pKAS scheme can be secure against offline password guessing attack.

Proof. Assume an adversary has got ’s smart card and obtained the data stored in the card. he/she can launch password guessing attack by the following steps: Step D1: guesses from password dictionary space and from identity diction space Step D2: retrieves and and computes Step D3: checks whether holds or not Step D4: repeats the step D1 to D3 until holdsThat is, can guess correct and . However, is still not sure they are the same identity and password. Then, has to execute online guessing attack to test the correctness both. However, we use to prevent online guessing attack. As a result, the proposed pKAS can be secure against offline password guessing attack.

Proposition 2. The proposed pKAS scheme can be secure against online password guessing attack.

Proof. In order to eliminate the threat of online password guessing attack, is adopted in the proposed scheme. As analysis of Proposition 1, the proposed pASK can use to prevent online guessing attack. Therefore, the proposed pKAS scheme can be secure against online password guessing attack.

Proposition 3. The proposed pKAS scheme can provide anonymous interactions among the users and edge cloud sever , and no adversary can obtain both identity information during login and key agreement phase.

Proof. In the login and key agreement phase of pKAS, user ’s real identity is hidden in message . If an adversary can reveal the from the messages, he/she should solve the ECDLP problem because include ECDLP in their construction. Therefore, the proposed pKAS can provide anonymous interactions during user login and key agreement.

Proposition 4. The proposed pKAS scheme can provide forward secrecy during the session key agreement.

Proof. Assume an adversary has obtained the smart card and user’s password and identity. However, cannot retrieve the previously existing session key without knowing because should solve the ECDLP problem. Hence, the proposed pKAS scheme can give strong forward secrecy.

Proposition 5. The proposed pKAS scheme can be secure against forgery attack.

Proof. In the proposed scheme, can check that message has been forgery by computing , , and checking holds or not. authenticates by computing , and checking holds or not. When modifies the message during the conversation, the tampered message cannot be verified. As a consequence, the proposed pKAS scheme can be secure against forgery attack.

Proposition 6. The proposed pKAS scheme can provide mutual authentication.

Proof. In the presented scheme, and verify message and by checking equation , hold or not, respectively. If it holds, the scheme achieves mutual authentication based on Proposition 5 that no adversary can successfully implement a forgery attack. Therefore, the presented pKAS scheme can give mutual authentication.

Proposition 7. The proposed pKAS can be secure against replay attack.

Proof. In the proposed pKAS scheme, we use timestamps and random numbers to prevent replay attack. Messages and include timestamps and , respectively, which is a classic way to stop replay attacks. Random numbers are also used to prevent relay attack because users and server can check the validity of random number by verification algorithm each time and adversary still cannot construct valid session key. Hence, the presented pKAS can be secure against replay attack.

Proposition 8. The proposed pKAS can be secure against impersonation attack.

Proof. Let can get ’s smart card and know the data in the card by some way. However, has to possess and into smart card to generate a legal message . Without the two factors ( and ), cannot compute a correct to pass the verification of smart card that cannot proceed to the next step to impersonate to communicate with other. Therefore, the proposed pKAS can security resist impersonation attack.

Proposition 9. The proposed pKAS can be secure against parallel attack.

Proof. Parallel attack usually occurs when an adversary constructs a new conversation to impersonate a legal user by reusing historical messages that he/she intercepted in a public channel. However, should know the parameters of messages or he/she cannot send a correct access request and gain a session key. However, cannot obtain the random number that is chosen by users. As a result, the proposed pKAS can be secure against parallel attack.

Proposition 10. The proposed pKAS can be secure against insider attack.

Proof. As shown in the user registration phase, user send to , where . Without knowing , the server cannot impersonate . Therefore, the proposed pKAS can be secure against insider attack.

Proposition 11. The proposed pKAS scheme can achieve user untraceability.

Proof. In the proposed scheme, user ’s real identity real identity are hidden in message . Only when an adversary can solve the ECDLP problem, can reveal from the messages that are included by ECDLP in their construction. As a consequence, the proposed pKAS can achieve user untraceability.

Proposition 12. The proposed pKAS scheme can achieve key agreement.

Proof. computes his/her session key as , in the step A3. computes his/her session key as , in step A4. Because , and can compute an identical session key . Therefore, the proposed pKAS scheme can achieve key agreement.

Proposition 13. The proposed pKAS scheme can achieve offline password change.

Proof. As shown in introduction of the proposed scheme, offline password change phase is provided. Each user can achieve password change locally. If user inputs correct and , the correctness of and is , i.e., user has a high probability of completing password local change. As a consequence, the proposed pKAS scheme can achieve offline password change.

6.2. Performance Analysis

In this section, we compare our scheme with similar schemes in terms of security performance, communication consumption, and computing consumption. The results indicate that pKAS is more secure and effective than other similar schemes. In addition, the presented pKAS has lower communication and computation costs.

6.2.1. Comparison of Security Features

We define , , , , , , , , , , , and are the functionality of “be secure against off-line password guessing attack,” “be secure against online password guessing attack,” “provide anonymous interactions,” “provide forward secrecy,” “be secure against forgery attack,” “provide mutual authentication,” “be secure against replay attack,” “be secure against impersonation attack,” “be secure against parallel attack,” “be secure against insider attack,” “achieve user untraceability,” “achieve key agreement,” and “achieve off-line password change,” respectively. In Table 2, we compare the security features of pKAS with related scheme, such as Irshad et al. [33], Tsai and Lo [35], and Kaur et al. [36].

6.2.2. Comparison of the Computation Cost

It is more convenient to define , , , , and are the running time (in ms) of a single bilinear pairing operation, modular exponentiation operation, elliptic curve point multiplication, point addition, and hash operation, respectively. In Table 3, we list the computing time of the server and the mobile terminal separately. The cost in Table 3 is based on [36]. We use simulation Alibaba’s cloud server, and its configuration is Intel(R) Xeon(R) CPU E5-26300@2.30 GHz, 1 GB RAM and Ubuntu 14.04. In addition, the smartphone we use is configured with 2 GHz ARM CPU armeabi-v7a, 300 MiB RAM and Android 4.4 to simulate the mobile terminal.

According to the time computation by each operation in Table 3, we compared the time in [33, 35, 36], and pKAS schemes, as shown in Table 4.

6.2.3. Comparison of the Communication Cost

The comparison results in Table 4 are based on assumptions such as result of hash function to be 160 bits, random number to be 128 bits, identifier to be 64 bits, time stamp to be 32 bits, and encryption/decryption and ECC point to be 320 bits. Table 5 shows a comparison of the communication cost between pKAS and other schemes [33, 35]

In summary, the presented pKAS which consumes lower communication and calculations than [33, 35]. Though the cost of [36] is lower than pKAS, the scheme cannot be secure against forgery attacks and insider attack, and its bandwidth consumption is relatively large. Furthermore, pKAS is more secure than [33, 35, 36]. So, pKAS is more suitable for user and server to verify each other.

7. Conclusion and Future Work

Aiming at the practical problems encountered in the key agreement between the user and server in the edge cloud computing environment, we propose a new password-based key agreement scheme. We use ECDLP to construct user anonymity and forward secrecy. By comparing security, communication, and calculation costs, the proposed pKAS has better security and lower cost. Furthermore, pKSA also meets all 12 security requirements.

Although pAKS is more secure and efficient than similar schemes, the lightweight key agreement scheme, such as no point multiply operation, is more favored. It is very challenging to design a secure and lightweight scheme. This will be the direction of our next research.

Data Availability

The data supporting the results of this study can be obtained from the corresponding author.

Conflicts of Interest

P. Liu is currentlty a lecturer at the Department of Computer Technology and Application, Qinghai University, Xining. Her research interest includes network protocol and protocol security (e-mail: 247750940@qq.com). Syed Hamad Shirazi is currentlty an Assistant Professor at the Department of Information Technology, Hazara University, Baffa, Pakistan. His research interest includes image processing and image security (syedhamad@hu.edu.pk). W. Liu is currently an assistant at the Department of Computer Technology and Application, Qinghai University, Xining. Her research interest includes network protocol and protocol security (e-mail: 1007759705@qq.com). Y. Xie is currently a Professor at the Department of Computer Technology and Application, Qinghai University, Xining. His research interest includes network protocol and protocol security (e-mail: mark.y.xie@qq.com).

Acknowledgments

This study was supported in part by the Science and Technology Foundation of Qinghai under grant no. 2019-ZJ-7065, the National Natural Science Foundation of China under grant no. 61572370, and Course Construction of Qinghai University under grant no. SZ19014.

References

K. Kaur, S. Garg, G. S. Aujla, N. Kumar, J. J. P. C. Rodrigues, and M. Guizani, “Edge computing in the industrial internet of things environment: software-defined-networks-based edge-cloud interplay,” IEEE Communications Magazine, vol. 56, no. 2, pp. 44–51, 2018.
View at: Publisher Site | Google Scholar
X. Liang, X. Wan, X. Du, X. Chen, G. Mohsen, and C. Dai, “Security in mobile edge caching with reinforcement learning,” IEEE Wireless Communications, vol. 25, no. 3, pp. 116–122, 2018.
View at: Google Scholar
X. Xu, Z. Fang, L. Qi, X. Zhang, Q. He, and X. Zhou, “TripRes,” ACM Transactions on Multimedia Computing, Communications, and Applications, vol. 17, no. 2, pp. 1–21, 2021.
View at: Publisher Site | Google Scholar
X. Xu, Q. Wu, L. Qi, W. Dou, S. B. Tsai, and M. Z. A. Bhuiyan, “Trust-aware service offloading for video surveillance in edge computing enabled internet of vehicles,” IEEE Transactions on Intelligent Transportation Systems, vol. 22, no. 3, pp. 1787–1796, 2020.
View at: Google Scholar
Y. Zheng, “Digital signcryption or how to achieve cost (signature & encryption) ≪ cost (signature) + cost (encryption),” in Proceedings of the Annual International Cryptology Conference, pp. 165–179, Springer, Santa Barbara, California, USA, August 1997.
View at: Publisher Site | Google Scholar
E. J. Yoon, S. B. Choi, and K. Y. Yoo, “A secure and efficiency id-based authenticated key agreement scheme based on elliptic curve cryptosystem for mobile devices,” International journal of innovative computing, information & control: IJICIC, vol. 8, no. 4, pp. 2637–2653, 2012.
View at: Google Scholar
D. Mishra, A. K. Das, and S. Mukhopadhyay, “A secure and efficient ecc-based user anonymity-preserving session initiation authentication protocol using smart card,” Peer-to-Peer Networking and Applications, vol. 9, no. 1, pp. 171–192, 2016.
View at: Publisher Site | Google Scholar
M. F. Sabzinejad and M. A. Ahmadian, “An id-based key agreement protocol based on ecc among users of separate networks,” in Proceedings of the ISCISC International ISC Conference on Information Security and Cryptology, Tabriz, Iran, September 2012.
View at: Publisher Site | Google Scholar
S. H. Islam and G. P. Biswas, “A more efficient and secure id-based remote mutual authentication with key agreement scheme for mobile devices on elliptic curve cryptosystem,” Journal of Systems and Software, vol. 84, no. 11, pp. 1892–1898, 2011.
View at: Publisher Site | Google Scholar
X. Jia, D. He, N. Kumar, and K. Choo, “A provably secure and efficient identity-based anonymous authentication scheme for mobile edge computing,” IEEE Systems Journal, vol. 14, no. 1, pp. 1–12, 2019.
View at: Google Scholar
M. Abdalla, P. A. Fouque, and D. Pointcheval, “Password-based authenticated key exchange in the three-party setting,” in Proceedings of the International Workshop on Public Key Cryptography, pp. 65–84, Springer, Les Diablerets, Switzerland, January 2005.
View at: Publisher Site | Google Scholar
M. Bellare, D. Pointcheval, and P. Rogaway, “Authenticated key exchange secure against dictionary attacks,” in Proceedings of the International Conference on the Theory and Applications of Cryptographic Techniques, pp. 139–155, Springer, Kyoto, Japan, December 2000.
View at: Publisher Site | Google Scholar
E. J. Yoon and K. Y. Yoo, “Robust id-based remote mutual authentication with key agreement scheme for mobile devices on ecc,” in Proceedings of the 2009 International Conference on Computational Science and Engineering, vol. 2, pp. 633–640, IEEE, Vancouver, BC, Canada, August 2009.
View at: Publisher Site | Google Scholar
L. Harn, W.-J. Hsin, and M. Mehta, “Authenticated diffie-hellman key agreement protocol using a single cryptographic assumption,” IEE Proceedings - Communications, vol. 152, no. 4, pp. 404–410, 2005.
View at: Publisher Site | Google Scholar
Y.-M. Tseng, “Efficient authenticated key agreement protocols resistant to a denial-of-service attack,” International Journal of Network Management, vol. 15, no. 3, pp. 193–202, 2005.
View at: Publisher Site | Google Scholar
E. J. Yoon and K. Y. Yoo, “New efficient simple authenticated key agreement protocol,” in Proceedings of the Computing and Combinatorics, 11th Annual International Conference, COCOON, Kunming, China, August 2005.
View at: Publisher Site | Google Scholar
M. Geng and F. Zhang, “Provably Secure Certificateless Two-Party Authenticated Key Agreement Protocol Without Pairing,” in Proceedings of the International Conference on Computational Intelligence & Security, León, Spain, November 2010.
View at: Google Scholar
M. Hou and Q. Xu, “A two-party certificateless authenticated key agreement protocol without pairing,” in Proceedings of the The 2nd IEEE International Conference on Computer Science and Information Technology, pp. 412–416, Beijing, China, August 2009.
View at: Publisher Site | Google Scholar
J. H. Yang and C. C. Chang, “An id-based remote mutual authentication with key agreement scheme for mobile devices on elliptic curve cryptosystem,” Computers & Security, vol. 28, no. 3-4, pp. 138–143, 2009.
View at: Publisher Site | Google Scholar
H. Hou and S. Liu, “Cpk-based authentication and key agreement protocols with anonymity for wireless network,” in Proceedings of the International Conference on Multimedia Information Networking & Security, Jeju Island, Korea, December 2009.
View at: Publisher Site | Google Scholar
A. Weimerskirch, S. Douglas, and S. C. Shantz, “Generic gf(2m) arithmetic in software and its application to ecc,” in Proceedings of the Information Security and Privacy, 8th Australasian Conference, ACISP 2003, Wollongong, Australia, July 2003.
View at: Publisher Site | Google Scholar
S. U. Nimbhorkar and L. G. Malik, “Exploration of schemes for authenticated key agreement protocol based on elliptic curve cryptosystem,” in Proceedings of the 2013 6th International Conference on Emerging Trends in Engineering and Technology (ICETET), Nagpur, India, December 2013.
View at: Publisher Site | Google Scholar
S. M. Bellovin and M. Merritt, “Encrypted key exchange: password-based protocols secure against dictionary attacks,” in Proceedings of the IEEE Symposium on Security & Privacy, Oakland, CA, USA, May 1992.
View at: Google Scholar
L. Lamport, “Password authentication with insecure communication,” Communications of the ACM, vol. 24, 1981.
View at: Publisher Site | Google Scholar
J. Xu, W. T. Zhu, and D. G. Feng, “An improved smart card based password authentication scheme with provable security,” Computer Standards & Interfaces, vol. 31, no. 4, pp. 723–728, 2009.
View at: Publisher Site | Google Scholar
S. K. Sood, A. K. Sarje, and K. Singh, “An improvement of xu et al.’s authentication scheme using smart cards,” in Proceedings of the ACM bangalore annual conferenceCOMPUTE 2010, Banglore, India, January 2011.
View at: Google Scholar
B. L. Chen, W. C. Kuo, and L. C. Wuu, “Robust smart-card-based remote user password authentication scheme,” International Journal of Communication Systems, vol. 27, no. 2, 2014.
View at: Publisher Site | Google Scholar
X. Li, J. Niu, M. K. Khurram, and J. Liao, “An enhanced smart card based remote user password authentication scheme,” Journal of Network and Computer Applications, vol. 36, no. 5, pp. 1365–1371, 2013.
View at: Publisher Site | Google Scholar
W. B. Hsieh and J. S. Leu, “Exploiting hash functions to intensify the remote user authentication scheme,” Computers & Security, vol. 31, no. 6, pp. 791–798, 2012.
View at: Publisher Site | Google Scholar
H. B. Tang, X. S. Liu, and L. Jiang, “A robust and efficient timestamp-based remote user authentication scheme with smart card lost attack resistance,” International Journal on Network Security, vol. 15, no. 6, pp. 446–454, 2013.
View at: Google Scholar
A. K. Awasthi, K. Srivastava, and R. C. Mittal, “An improved timestamp-based remote user authentication scheme,” Computers & Electrical Engineering, vol. 37, no. 6, pp. 869–874, 2011.
View at: Publisher Site | Google Scholar
E. J. Yoon, K. Y. Yoo, and K. S. Ha, “A user friendly authentication scheme with anonymity for wireless communications,” Computers & Electrical Engineering, vol. 37, no. 3, pp. 356–364, 2011.
View at: Publisher Site | Google Scholar
A. Irshad, M. Sher, H. F. Ahmad, B. A. Alzahrani, and R. Kumar, “An improved multi-server authentication scheme for distributed mobile cloud computing services,” Ksii Transactions on Internet & Information Systems, vol. 10, no. 12, pp. 5529–5552, 2016.
View at: Google Scholar
K. Mahmood, S. A. Chaudhry, H. Naqvi, S. Kumari, X. Li, and A. K. Sangaiah, “An elliptic curve cryptography based lightweight authentication scheme for smart grid communication,” Future Generation Computer Systems, vol. 81, pp. 557–565, 2018.
View at: Publisher Site | Google Scholar
J. L. Tsai and N. W. Lo, “A privacy-aware authentication scheme for distributed mobile cloud computing services,” IEEE Systems Journal, vol. 9, no. 3, pp. 805–815, 2017.
View at: Google Scholar
K. Kaur, S. Garg, G. Kaddoum, M. Guizani, and D. Jayakody, “A lightweight and privacy-preserving authentication protocol for mobile edge computing,” in Proceedings of the 2019 IEEE Global Communications Conference (GLOBECOM), IEEE, Waikoloa, HI, USA, December 2020.
View at: Google Scholar
L. Xiong, D. Peng, T. Peng, and H. Liang, “An enhanced privacy-aware authentication scheme for distributed mobile cloud computing services,” KSII Transactions on Internet and Information Systems, vol. 11, no. 12, pp. 6169–6187, 2017.
View at: Google Scholar

Copyright

Copyright © 2021 Ping Liu et al. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

PDF Download Citation

Download other formats

Order printed copies

Security and Communication Networks

Secure Deployment of Commercial Services in Mobile Edge Computing 2021

pKAS: A Secure Password-Based Key Agreement Scheme for the Edge Cloud

Abstract

1. Introduction

1.1. Motivations and Contributions

1.2. Organization of the Paper

2. Related Works

3. Preliminaries

3.1. One-Way Hash Function

3.2. Elliptic Curve Cryptosystem (ECC)

3.3. Complexity Assumptions

4. System Model and Security Model

4.1. System Model

4.2. Security Requirements

5. The Proposed Scheme (pKAS)

5.1. System Initialization Phase

5.2. Registration Phase

5.3. Login and Key Agreement Phase

5.4. Offline Password Change Phase

6. Security and Performance Analysis

6.1. Security Analysis

6.2. Performance Analysis

6.2.1. Comparison of Security Features

6.2.2. Comparison of the Computation Cost

6.2.3. Comparison of the Communication Cost

7. Conclusion and Future Work

Data Availability

Conflicts of Interest

Acknowledgments

References

Copyright