nueva página del texto (beta)
Inglés (pdf)
Artículo en XML
Referencias del artículo
Traducción automática
Enviar artículo por email
Citado por SciELO 
Similares en
SciELO 
Permalink
1. INTRODUCTION
In this digital world, web services are accessed by the users consistently. Yet, these web services are suffering with poor authentication that in turn allows malicious users to impersonate the services. Thereby, framing an effective solution to reduce the attack surface is inevitable. Most of the web services rely upon digital certifícate for verification. On the contrary, when the certifícate authority is vulnerable to hazardous attacks or security breaches, the primary effect includes compromising of numerous certificates (Dennis, 2012). An optimal and effectual solution to address this issue is PAKE protocol. PAKE establishes a secret key between two communicating parties based upon the knowledge of sensitive information like, low-entropy password (Bellovin & Merritt, 1992). Relatively, password based authentication techniques is a flexible one to reduce the intricacies to a greater extent without demanding abundant space or device requirement. It is considered as one of the simplest and most convenient authentication mechanisms. In PAKE, an attacker or man-in-the-middle will not be able to guess a password without further interactions with communicating parties. This defensive property acts as a phenomenal aspect of PAKE. In most of the cases, the single server model is liable to invasive attacks, whereas the multi - server model is expensive and entails high communication bandwidth. With that note, two-server model is considered as a wise choice. 3D protocol assures that determining the key/obtaining a password from the stored information is impossible by the adversaries.
Mathematical research normally simplifies a complex problem in all academic disciplines. Using geometrical properties in a PAKE protocol is an appealing technique, as this plays an extensive role in real life from the most basic to the advanced part. An amazing fact is retrieving the original source from these properties is infeasible (Jack, 2008).The security model of the proposed protocol is based on the properties - circumcenter (ꞷ) and the angle between the medians (θ) of tetrahedron to protect the system against attacks. It is a proven fact, that the properties of a tetrahedron are undoubtedly more difficult to visualize and break (Choate, 1976). A profound analysis of the protocol acts as an evidence for the protocol's resistance against the attacks.
Introduction section addresses the motivation of choosing trigonometric properties in 3D PAKE protocol. Section 2 explores the related literature, section 3 elaborates the proposed methodology, section 4 converses the protocols' correctness and security analysis theoretically, section 5 carries out performance analysis and the section 6 presents the summary of the key contributions of 3D PAKE and possible research avenues.
2. RELATED WORK
In web services, Kerberos based framework generates tickets for binary authentication. One of the major limitations of Kerberos is that, it is vulnerable to password guessing attacks (Bellovin & Merritt, 1990). Further, Kerberos requires a trusted path to handle passwords and does not support multipart authentication. The flaws can be inherently resolved by using a formal PAKE protocol.
Initially a pioneering symmetric two-server PAKE is proposed by Katz, MacKenzie, Taban, and Gligor (2005). Computation and communication complexity is the highest barrier in adopting Katz protocol. Three-party encrypted key exchange scheme proposed by Lin, Sun, and Hwang (2000) is stringent against attacks; however, as a prerequisite, the client needs to obtain and verify the the public key of the server. Similarly, computational complexity is the limitation of the nPAKE+ scheme (Wan, Deng, Bao, & Preneel, 2007). A Gateway based Threshold Password-based Authenticated Key Exchange (GTPAKE) scheme is susceptible to undetectable on-line password guessing attack by a malicious gateway (Byun. Lee, & Lim, 2006; Chien, Wu, & Yeh, 2013). A threshold PAKE verifies the client based on the threshold valué (Abdalla, Chevassut, & Fouque, 2005; Mackenzie. Shrimpton, & Jakobsson, 2002). Even though, the protocol is secure against dictionary attacks, fixing the acceptable threshold valué is a complicated process. 3D password authentication system constituting of recognition, recall, tokens and biometrics as a single authentication system is proposed by Pooja, Shilpi, Sujata, & Vinita, (2012). Device requirement is a limitation of this approach. An efficient password based two-server authentication and pre-shared key exchange system using smart card is proposed by Chouksey & Pandey (2013). It is an ID-based remote user authentication protocol with a smart card that uses simple bitwise XOR operations and hash functions. Device requirement is the main shortcoming of this approach. Yang, Deng, and Bao (2006) proposed the practical two-server PAKE model. It is not robust against dictionary attacks caused by the active adversary and it is possible to compute the session key established between the User (U) and Service Server (SS).presented a two-server authentication and key exchange protocol that uses múltiple SS with a single Control Server (CS). This protocol is not efficient when compared with Yang et al. (2006) protocol in terms of computational cost. An enhancement of Yang et al. (2006) scheme is proposed byas Password-only Two-Server Authenticated Key Exchange (PTAKE) to remain secure against offline dictionary attack. Yet the formal security model has not been devised for PTAKE. An efficient two-server PAKE proposed by Yi, Ling, and Wang (2013) is a symmetric two-server PAKE protocol that performs the operations in parallel at both the servers. However, for transferring messages it relies upon a gateway that is expensive and entails high communication complexity. Also, Yi et al. (2013) model reveáis the credentials when both the servers compromised. As a nutshell, all existing two-server protocols disclose the information when both the servers are compromised by the intruder. Further, device requirement is a major concern in some of the protocols.
Kumari, Sadasivarn, and Akash (2016) proposed a 3D ECC PAKE protocol by employing the virtues of plañe geometry with ECC encryption technique to offer strong security against server spoofing attacks. Proposed protocol provides equivalent security analogous to Kumari et al. protocol where the strength is based upon the Decisional Diffie-Hellman (DDH) discrete logarithm technique and is proven to be secure. 3D PAKE protocol has been tested for a healthcare application (Kumari, Sadasivarn, & Rohini, 2016) and can be applied to similar E-medical applications (Rajan, 2015). Table 1 summarizes the merits and demerits of conventional two-server PAKE protocols.
Table 1 Comparative analysis of two-server PAKE protocols.
| Two-server PAKE protocol | Merits | Limitations |
|---|---|---|
| A practical password based two-server authentication and key exchange (Yang et al., 2006) | -Secure against active outside adversary attacks |
-Secure cannel in required for communication -Back-end server is not robust against impersonation attacks by the active adversary -Back-end server computes the session key established between client and front-end server -Password is revealed when both the servers are compromised |
| Secure and efficient password-based authenticated key exchange protocol for two-server architecture (Lee & Lee, 2007) |
-Secure against server spoofing attacks and stolen verification attacks -Front-end servers do not store any information related to the user's password in the datábase Secure against omine dictionary attacks |
-Computational complexity is slightly high -Password is revealed when both the servers are compromised |
| An efficient password-only two-server authenticated key exchange system (Jin et al. 2007) |
-Secure against offline dictionary attacks -Session key computation is not possible by back-end server |
-Computational cost is high -Equal contribution is not provided by front-end and back-end servers -Password is revealed when both the servers are compromised |
| An efficient password based two-server authentication and pre-shared key exchange system using smart cards (Chouksey fe Pandey, 2013) |
-Secure against offline dictionary attacks, replay attacks, malicious server attacks and man-in-the-middle attacks |
-Impersonation of the card reader is possible -Password is revealed when both the servers are compromised |
| Dynamic identity based authentication protocol for two-server architecture (Sood, 2012) | -Secure against the malicious server attacks, malicious user attacks, stolen smart card attacks, replay attacks and offline dictionary attacks |
-Server recognizes expired nonce -Password is revealed when both the servers are compromised |
| Two-server password-only authenticated key exchange (Katz et al., 2005) |
-Rigorous proof of security -Secure against offline dictionaryattacks -Symmetric protocol |
-Computational and communication complexity is very high - Password is revealed when both the servers are compromised |
| Efficient two-server password-only authenticated key exchange (Yi et al., 2013) |
-Secure against offline dictionary attacks -Symmetric protocol |
-Requirement of Gateway -Password is revealed when both the servers are compromised |
3. PROPOSED METHODOLOGY
3D PAKE protocol is coined based on tetrahedron properties and Diffie-Hellman key exchange mechanism. Existing two-server PAKE protocols assume that both the servers must not compromise together to protect the credentials against invasive attacks. The thought provoking process behind the 3D PAKE is to break the assumption and to offend offline dictionary attacks and assumption and to offend offline dictionary attacks and impersonation attacks caused by an inside/outside adversary. Yang et al. (2006) is modified in the proposed 3D PAKE, to avoid the impersonation of back-end server S2 as front-end server SI in obtaining the key and the password. The advantages of the proposed methodology are illustrated by considering communication complexity, computational complexity as the metrics. Diffie-Hellman key exchange algorithm process is explained below:
|
Algorithm:Diffie-Hellman Key Exchange Step 1: Choose an integer group Z* Step 2: Chooso a generator/base point 'g', such that 'g' is a quadratic residue of Zp by satisfying the condition 1< g <p-1. Generator * selection algorithm is a follows. Algorithm: Generator Selection For eaoh g ϵZp*, Check whether 'g' is a QR of Zp* If satisfiod, Ɐx ϵ Zp *, Ǝ ´i´ such that x = g i mod p where x < p-1 and i > 0. Else, ´g´is a QNR of Zp * Step 3: User1 randomly chooses an intoger 'a' in Zp* and cómputes x= ga, while user2 chooses an integer´'b' in Zp* where a, b are considered as private keys and x, y as public keys Step 4: User1 and user2 exchange 'x' and 'y' Step 5: User 1 and user2 compute the secret key as k1 = ya= gab, where K1=k2 |
DH relies on the assumption that no efficient algorithm exists to ascertain the valúes of 'a', 'b' from gab, if 'a', 'b' and 'g' are chosen randomly and independently (Boneh, 1998). Mínimum length of prime number recommended for DH key exchange is 1024-bits to prevent the incidence of any harmful attacks. DH algorithm is secure against passive adversary's attacks. It is not possible by a passive adversary to obtain the secret key based on the observation of data exchanged between userl and user2. On the other hand, the active attack is possible in DH key exchange as it is a non-authenticated key exchange protocol. To avoid active attacks, the DH key agreement must be put into practice along with strong authentication mechanisms. PAKE protocol is found to be secure against man-in-the-middle attack using low entropy passwords. Thus, the proposed research work is framed with the aid of a PAKE protocol with DH mechanism. Incorporating trigonometric properties further enhance the security of the DH PAKE protocol in fighting against the incidence of all possible active attacks.
3.1 ARCHITECTURE
The 3D PAKE protocol is unconditionally secure, as the password cannot be obtained when both the servers compromise together. Entities used in the 3D PAKE protocol are client C, server SI and server S2. The protocol executes in three phases, namely, initialization, registration, authentication and key exchange. The notations used in the 3D PAKE protocol are:
|
Zp* - Integer Group 'G' under multiplication modulo 'p'; p - A largo prime number QRp - Set of quadratic residues modulo 'p' g1, g2' g3' g4 - Generators of group ZP * of satisfying the QR, condition (b) 2 = g i mod q i= 1,2,3,4, where b ϵ Zp * x 1 x 2 -Prívate keys ϵ Zp * y x y 2 - Public keys b 1 , b 2 ,b 3 , a 1 a 2 , r, r 1 r 2 ϵ Zp * P - Password Hash()-Secure one-way hash function b 4 = b 3 Θ Hash(P) K/K'-Secret key Θ-Angle between the medians of tetrahedron ω - Circumoenter of the tetrahedron γ - Adversary Ɐ for all Ǝ there exists largo prime number |
3.1.1 Initialization phase of 3D PAKE protocol
In the initialization phase, the public parameters {Z p *,p,g 1 ,g 2 ,g 3 Hash} are accepted and disseminated collaboratively by the entities client C, server SI and S2.
Security of the protocol is based on the generators, prime order and the hash function. The impressive ability is the randomness of the hash function and the generator's discrete logarithm problem. g 4 is a valué known only to SI to avoid man-in-the-middle and client impersonation attacks.
3.1.2 Registration phase of 3D PAKE protocol
The client C selects a password P and compute
3.1.3 Authentication Phase of 3D PAKE Protocol
The user induces the verification by sending the username and
Upon receiving the message, the server S2 verifies the received
4. SECURITY ANALYSIS
In most cases, the success of a cryptographic attack is based on finding weaknesses in the structure of the protocol. Based on the model and security definition, a particular scheme can be analyzed against attacks to be provable from the state of definition. Proof of correctness, proof of resistance of the protocol against passive attacks, active attacks, offline dictionary attacks and security compliance are discussed in this section.
4.1 PROOF OF CORRECTNESS OF 3D PAKE PROTOCOL
Statement: 3D PAKE protocol is correct if
K =K'.
Proof:
In server side, SI computes key K from A, S
2
and Ss, where
=
In client side key K' is computed from B andSu, where
Therefore, S' u = (B) a
Key K' = Hash (Su, 1)
As K = K', the protocol is proven for its correctness.
The random oracle model (Bellare & Rogaway, 1993) is used by the research community to evalúate the security schemes that are constructed using hash functions. In the random oracle model, the behaviour of a hash function is imitated by a deterministic and a proficient function that yields consistently distributed arbitrary valúes. The 3D PAKE protocol is secure under random oracle model, as the hash valué generated is random and irreversible.
4.2 3D PAKE PROTOCOL RESISTANCE TO PASSIVE ATTACKS
Theorem 1: Under the random oracle model, the proposed 3D PAKE protocol is defensive against passive attack with a collision-resistant hash function ' Hash'.
Proof:
Consider that an adversary γ monitors all the Communications between SI and C and
between SI and S2. Let's contradictorily prove this, by taking into
consideration that the messages exchanged between SI, S2 and client C are traced
by γ. Even though γ is able to read the messages of SI and C; SI and S2,
obtaining the password from
4.3 3D PAKE PROTOCOL RESISTANCE TO ACTIVE ATTACKS
Theorem 2: The proposed 3D PAKE protocol is defensive against active attack, if there is no existence of polynomial-time algorithm to break the Discrete Logarithm Problem (DLP).
Proof:
Assumption (i): Assume that an active adversary y impersonate as client C by compromising server S1/S2.
Assume that an active adversary γ modifies
where 'θ ' and 'ω ' are derived fromAssume that adversary γ modifies the valué S u transferred in message M5 as Suv. Since, the challenger receives S uv instead of S u , establishment of key is liable to failure in server SI side as per Equation (2).
Further, imagine that the adversary γ is assuming
In server side
In client side,
Therefore, K ≠K'.
Analysis:
Considering the case
Assumption (ii): Assume that an active adversary y impersonate as server SI by compromising server S2.
Assume that an active adversary γ modifies
The adversary γ tries to modify the valúes transferred in messages M4: B, M5: A, S u and M8: H. Challenger verifies whether
Analysis:
Thus, by modifying the valúes in messages M4: B, M5: A,S
u
, M8: H and
Assumption (iii): Assume that an active adversary y impersonate as server S2 by compromising server SI.
Assume that an active adversary γ has compromised the server SI to impersonate as server S2 by replacing/modifying the messages exchanged between the server and the client. Such an adversary may modify the valué
-
The adversary γ may try to modify the values transferred in messages M6: A, Su, S 1 or M7: b 4 , S 2 . Challenger computes
Analysis:
Thus, by modifying the valúes of the messages M6: A, S ui ,S 1 , M7: b 4 ,S 2 or
Remark 1:
Active impersonation of one server as another is possible in Yang et al. (2006) model. 3D PAKE protocol routs the drawback of Yang et al. protocol and proved it is secure against impersonation attacks on server SI and S2 as shown by Theorems 1 and 2. When both the servers are compromised by the intruder, it is infeasible to determine the password 'P' from the stored valúes, based on the properties of the tetrahedron. It is demonstrated that the proposed 3D protocol is strong and intractable, when compared to existing two-server PAKE protocols in the circumstance of the servers' datábase are controlled by the adversaries.
4.4 3D PAKE PROTOCOL RESISTANCE TO OFFLINE DICTIONARY ATTACKS
Theorem 3: The proposed 3D PAKE protocol is defensive against offline dictionary attack by providing two levéis of security.
Proof:
Assumption (i): Assume that an active adversary y breaks the 3D PAKE protocol under offline dictonary attack.
Assurance of primary level of security by β. Let´s contradictorily prove this, by taking into consideration, when the adversary . γ attains Access to the database of both the servers by dictonary attack, the adversary obtain
However, deriving θ and ω from
Assurance of the second level of security by β. If the adversary γ manages to solve DLP, then θ and ω valúes are attained by the adversary. However, finding the vértices of the triangle θ and ω are derived from
The protocol has been tested with Sqlmap, Wireshark, Havij, Vega, Websecurify, Webcruiser, SSLSmart, WSAttacker and WSDigger to affirm the strength of the protocol. In addition, 3D PAKE complies with known key security, forward secrecy, key control, key confirmation, zero-knowledge proof, explicit key authentication, key freshness, impersonation resilience and reciprocity principies. Also, it is sturdy against low-encryption-exponent attack, known and chosen cipher text attack, known and chosen plaintext attack, sniffer attack, replay attack, man in the middle attack and rainbow table attack. Table 2 summarizes the security standards of the proposed protocol and it proves that the proposed protocol is rigid.
Table. 2 Functionality comparison of 3D PAKE protocol with Yang et al. and Yi et al. protocol.
| Functionality | (Yang et al., 2006) Protocol | (Yi et al., 2013) Protocol | 3D PAK protocol |
|---|---|---|---|
| Known key security | Yes | Yes | Yes |
| Forward secrecy | Yes | Yes | Yes |
| Key control | Yes | Yes | Yes |
| Key confirmation | Yes | Yes | Yes |
| Zero-knowledge proof | Yes | Yes | Yes |
| Explicit key authentication | Yes | Yes | Yes |
| Key freshness | Yes | Yes | Yes |
| Reciprocity | Yes | Yes | Yes |
| Impersonation resilience | Yes | No | No |
| Low-encryption-exponent attack | Possible | Possible | Possible |
| Known and chosen ciphertext attack | Possible | Not Possible | Not Possible |
| Known and chosen plaintext attack | Possible | Not Possible | Not Possible |
| Sniffer attack | Possible | Not Possible | Not Possible |
| Replay attack | - | - | Restricted |
| Man in the middle attack | Not Possible | Not Possible | Not Possible |
| Impersonation attack by inside | Possible | Not Possible | Not Possible |
| adversary | |||
| Offline dictionary attacks on servers | Possible | Possible | Not Possible |
| datábase to disclose the password | |||
| Online dictionary attack | - | - | Restricted |
| Known-key distinguishing attack | Not Possible | Not Possible | Not Possible |
| Chosen-key distinguishing attack | Not Possible | Not Possible | Not Possible |
| Interleaving attack | Not Possible | Not Possible | Not Possible |
| Lowe's attack | Not Possible | Not Possible | Not Possible |
| Cross-site scripting attack | - | - | Restricted |
| SQL injection attack | - | - | Restricted |
| Side channel attack | _ | _ | Restricted but |
| Rainbow table attack | - | - | Restricted |
5. PERFORMANCE ANALYSIS
The data set used to test the protocol comprises of 100000 passwords. Table 3 shows the experimental results of 3D PAKE Protocol tested for a healthcare application. Password transformation relies upon tetrahedron parameters ω and θ. The valué of ϑ and θ shows the prominence of heuristic information and their impacts. Key length adopted in 3D PAKE is 3072-bits for proper regulation and to prevent illegitímate access.
Table 3 Test cases of the proposed 3D PAKE protocol
| S. No | Username | Password | Theta (θ) | Omega (ω) [x,y,z] | Run Time (ns) | Session Key (bits) |
|---|---|---|---|---|---|---|
| 1 | Mary23 | yaguacire95 | 0.541823456 | [7.4550984849506285,- 0.0339898996708528, -3.668694444818968] | 5.01567823E8 | 554c5e325b2ca99c5e8e5549 bcb5aclbbad0671c3dd5ed84 dace0b47aa00191b0dl62c6c3 0eb594c5de404e6a5dlcdb88 4fec30fdcbd3c7a36da60f45f7 ef58d |
| 2 | David | re1ns+@ll | 0.353009486 | [3.0106024072279522, 5.21056267E8 7.9681927783161415, 3.6914056168652216] | 5.21056267E8 | 3222145f'3D8aa569f47f9d8d0 87a3f70ffff965607b2cf14581 936dlb34810622bff80794688 4d2432fcbb33a21a9bee7514c 2add81471554708b90e80cd6 08a |
| 3 | Dev | tenant+atwill | 0.416137519 | [-934.4125473274593, -572.3536119949651, 50.00000000000001] | 4.53459167E8 | 68c7f40efl22548eb61885052 88058cc4957cf89027alf9bf3 debleabe9c81fa860dbb09c6ef 59404d96d576d66070c326a63 b4cddl471a0140191804bfí2f21 |
| 4 | antony3 | rebecca | 1.552935703 | [15.672995055568377, 4.56201638E8 0.0817512361079066, 52.295621909730245] | 4.56201638E8 | b030bc87675e46b4084ed62a4 eldl88dlfde30bí'8a5d9e7ae2e3 f9c8fl5cca016d21dc4b0779f 79531c93D2clb7d9a709cdf8c3 57e6d58e0a0da3571a.921a767 |
| 5 | joshua | un!ver$a1!+y | 0.584438919 | [-5163.067772650183, 4.35381735E8 1989.9957515875855, -266.4610155800105] | 4.35381735E8 | 02ea6eab7a895fea9d407066 ff6f9bb7a226f7a9fcd598085 cb987cflf7e9098d317eblla 1118ecí4c60c9bd4306a06b 1 5ea41T907acd70945247231ef 9b6bc3 |
5.1 COMMUNICATION AND COMPUTATIONAL COMPLEXITY OF 3D PAKE PROTOCOL
The performance of the proposed 3D PAKE protocol is analyzed by comparison with the existing two-server PAKE protocols. Number of group elements in communication are measured in terms of 'L' and the number of hash valúes in communication is measured in terms of '1'. The communication complexity includes number of group elements in communication, the number of hash valúes in communication and the number of rounds taken by the protocol for successful completion.
Communication complexity of 3D PAKE is 9L + 41 and computational complexity is 32, which is very near to that of existing protocols as presented in Table 4. Slight increase in computation is due to the construction of the tetrahedron. It is noticed that the client side complexity is considerably reduced. Furthermore, as the proposed protocol is asymmetric, there is a notable difference in the server side because of the communication between the servers SI and S2. However, this computational complexity can be negotiated as the server S2 is hidden and protected from security vulnerabilities. Nevertheless, it routs the postulation made by other protocols and augments the security.
Tabla 4 Communication and computational complexity analysis of 3D PAKE protocol
| Participants | Yang et al (2006) Protocol [ASYMMETRIC] | Yi et al. (2013) Protocol [ASYMMETRIC] | Jin et al. (2007) Protocol [ASYMMETRIC] | Katz et al. (2005) Protocol [ASYMMETRIC] | 3D PAKE Protocol [ASYMMETRIC] |
|---|---|---|---|---|---|
| Client: Communication (bits) | 2L+2l | 3L+4l | 6L+2l | 15 L | 3L+2l |
| Client: Communication (rounds) | 4 | 4 | 3 | 3 | 4 |
| Client: Computation | 7 | 21 | 12 | 34 | 9 |
| Server SI: Communication (bits) | 6L+3l | 6L+3l | 11L+3l | 14L | 9L+4l |
| Server SI: Computation | 8 | 5 | 6 | 3 | 8 |
| Server S2: Communication (bits) | 15 | 12 | 19 | 27 | 19 |
| Server S2: Communication (rounds) | 4L+1l | 6L+3l | 5L+1l | 14L | 6L+2l |
| Server S2: Computation | 6 | 12 | 8 | 27 | 4 |
| Comm: 9 (6L+31) Client - SI - S2 | Comm: 11 (7L+41) | Comm: 14 (11L+31) Client - SI - S2 | Comm: 43 Client-G-S1 Client-G-S2 | Comm: 13 (9L+41) Client - SI - S2 | |
| Comp:28 Client-SI-S2 | Comm: Worst case:45 Best case:33 Client-SI Client-S2 | Comp:39 Client-SI-S2 | Comp: Worst case:93 Best case:66 Client-G-SI Client G-S2 | Comp: 32 Client-SI-S2 | |
| Rounds: 8 | Rounds:6 Client-Sl Client-S2 | Rounds:6 Client-S1-S2 | Rounds:9 Client-G-Sl Client-G-S2 | Rounds:8 Client-S1-S2 |
For a clear understanding, valúes are graphically presented in Figure 3. From Figure 3, it can be inferred that 3D PAKE provides a fair communication complexity. For a broad computational cost analysis, the number of transmissions, hash computations, modular/scalar multiplications, XOR operations and modular exponentiations are examined. The proposed 3D PAKE protocol computation wise performs in a fair manner when compared to Yang et al. (2006), Yi et al. (2013), and Jin et al. (2007) protocols as shown in Table 5.
Table. 5 Comparativo cost analysis of 3D PAKE protocol.
| Cost Computation Parameters | Yang et al. (2006) Protocol | Yi et al. (2013) Protocol | Jin et al. (2007) Protocol | 3D PAKE Protocol |
|---|---|---|---|---|
| No. of transmissions | 8 | 6 | 6 | 8 |
| No. of hash computations | 7 | 15 | 8 | 8 |
| No. of modular/scalar multiplications | 5 | 3 | 7 | 6 |
| No. of modular exponentiations | 16 | 16 | 24 | 15 |
| No. of XOR operations | 0 | 11 | 0 | 3 |
| No. of authentication parameters | 1 | 1 | 1 | 2 |
Thus, the proposed 3D PAKE performs judiciously computation wise. To the best of our cognizance, a foolproof two-server 3D PAKE protocol is proposed based on tetrahedron properties and proved its resistance against attacks.
6. CONCLUSION
A formal design and evaluation of a state-of-art tetrahedron (3D) based two-server PAKE protocol is presented in this paper with definite proof of security. With the assistance of ω and ϑ parameters, offline dictionary attacks oceurring on the server's datábase are proclaimed as a challenge as rightly pointed and proved in section 4.4; thereby, obtaining the password is infeasible when both the servers are compromised. This assures the robustness of the protocol against dictionary attack in 3D. It is also observed, that the 3D PAKE protocol is performing reasonably well in communication and computation, as discussed in section 5.1. As a future avenue of research, the proposed 3D PAKE protocol security can be reinforced constantly by adding additional parameters / shapes with formal proof of security.
CONFLICT OF INTEREST
The autors have no conflicts of interest to declare.
