Computer Science ›› 2017, Vol. 44 ›› Issue (1): 155-158.doi: 10.11896/j.issn.1002-137X.2017.01.030

Previous Articles     Next Articles

Cross-domain PKI-based Key Agreement Protocol

WEI Zhen-yu, LU Xiang and SHI Ting-jun   

  • Online:2018-11-13 Published:2018-11-13

Abstract: It has been proven that security risks exist in most of the password-based cross-domain authentication and key agreement protocols or Kerberos protocol.It is necessary to propose a more effective protocol to ensure the communi-cating security in the area of finance and aerospace,which require high level communicating security.This paper proposed a cross-domain PKI-based key agreement protocol.This protocol can efficiently solve the key exposure problem in which the password guessing and man-in-the-middle attack is enabled.This problem is resulted from using share-key encryption and decryption to assure the security of data transmission or Kerberos weak passwords.To solve this pro-blem,this protocol adopts the public key algorithm and uses the Diffie-Hellman protocol to create the session key.Meanwhile,this protocol makes users get rid of repetitive configuration of the cross-domain server public key information,which reduces the complexity of the configuration and the key management between users and servers.Besides,this protocol improves the ability to identify authenticity and the information confidentiality,and is immune to multiple attacking ways.This protocol also has forward security and good expansibility.

Key words: Key agreement,Share key,Diffie-Hellman protocol,Confidentiality

[1] MANNAN M,OORSCHOT P C V.A Protocol for Secure Public Instant Messaging [M].Financial Cryptography and Data Security,2006:20-35.
[2] CAO T,QUAN T,ZHANG B,et al.Crypt analysis of Some Client-to-Client Password-Authenticated Key Exchange Protocols[C]∥2010 3rd IEEE International Conference on Proceedings of the Broadband Network and Multimedia Technology (IC-BNMT).2010:654-658.
[3] YAO Y,WANG X,SUN X.A Cross Heterogeneous DomainAuthentication Model Based on PKI[C]∥International Symposium on Proceedings of the Parallel Architectures,Algorithms and Programming.2011:325-329.
[4] ZHANG Jiao,ZHANG Yu-jun,ZHANG Han-wen,et al.A Fast Inter-Domain Authentication Method Combining Trust Mechanism in Mobil IPv6 Networks[J] .Journal of Computer Research and Development,2008:45(6):951-959.(in Chinese) 张娇,张玉军,张瀚文,等.结合信任机制的移动IPv6网络快速跨域认证方法[J].计算机研究与发展,2008,45(6):951-959.
[5] BYUN J W,JEONG I R,LEE D H,et al.Password-Authenticated Key Exchange between Clients with Different Passwords [C]∥Information and Communications Security,International Conference,ICICS 2002.Singapore,2002:134-146
[6] KIM J,KIM S,KWAK J,et al.Cryptanalysis and Improvement of Password Authenticated Key Exchange Scheme between C-lients with Different Passwords[C]∥Computational Science and Its Applications,ICCSA 2004.Springer Berlin Heidelberg,2004:895-902.
[7] YOON E J,YOO K Y, et al.A secure password-authenticated key exchange between clients with different passwords[C]∥Proceedings of the 2006 International Conference on Advanced Web and Network Technologies,and Applications.Springer-Verlag,2006:659-663.
[8] LIU Xiu-mei,ZHOU Fu-cai,CHANG Gui-ran.A Verifier-Based Key Exchange Protocol in Cross-Realm Setting[C]∥International Conference on Networks Security, Wireless Communications and Trusted Computing.2009:5560-5563.
[9] FENG D G,XU J.A New Client-to-Client Password-Authen-ticated Key Agreement Protocol[C]∥Coding and Cryptology,Second International Workshop,IWCC 2009.2009:63-76
[10] YONEYAMA K.Cross-Realm Password-Based Server AidedKey Exchange [C]∥Proceedings of the 11th International Conference on Information Security Applications.2010:322-336.
[11] XU J,ZHU W T,JIN W T.A Generic Framework For Con-structing Cross-Realm C2c-Paka Protocols Based on The Smart Card [J].Concurrency and Computation:Practice and Experience,2010,23(12):1386-1398.
[12] CHUANG P J,LIAO Y P.Efficient and Secure Cross-RealmClient-to-Client Password-Authenticated Key Exchange[C]∥Proceedings of the 2014 IEEE 28th International Conference on Advanced Information Networking and Applications.2012:701-708.
[13] CHEN L,LIM H W,YANG G.Cross-domain password-based authenticated key exchange revisited[C]∥Proceedings of the INFOCOM,2013 Proceedings IEEE.2012:1052-1060.
[14] YIN Yin,BAO L.Secure Cross-Realm C2C-PAKE Protocol[M].Information Security and Privacy,2006:392-406.
[15] BYUN J W,LEE D H,LIM J I.EC2C-PAKA:An efficientclient-to-client password-authenticated key agreement [J].Information Sciences:an International Journal,2007,177(19):3995-3401.

No related articles found!
Full text



No Suggested Reading articles found!