Informatica

In 2001, Tseng, Jan, and Chien proposed an improved version of Peyravian–Zunic’s password authentication scheme based on the Diffie–Hellman scheme. Later, Yang, Chang, and Hwang demonstrated that Tseng–Jan–Chien’s scheme is vulnerable to a modification attack, and then described an improved scheme. In this paper, we show that Yang–Chang–Hwang’s scheme is still vulnerable to a denial-of-service attack and a stolen-verifier attack. In addition, we also propose an improved scheme with better security.

Secure communication between set-top boxes (STBs) and smart cards is directly related to the benefit of the service providers and the legal rights of users, while key exchange is the essential part of a secure communication. In 2004, Jiang et al. proposed a key exchange protocol for STBs and smart cards based upon Schnorr's digital signature protocol and a one-way hash function. This paper, however, demonstrates that Jiang et al.'s protocol is vulnerable to an impersonation attack and does not provide perfect forward secrecy. In addition, in order to isolate such problems, we present a new secure key exchange protocol based on a one-way hash function and Diffie–Hellman key exchange algorithm.

A key exchange (or agreement) protocol is designed to allow two entities establishing a session key to encrypt the communication data over an open network. In 1990, Gunther proposed an identity-based key exchange protocol based on the difficulty of computing a discrete logarithm problem. Afterwards, several improved protocols were proposed to reduce the number of communication steps and the communicational cost required by Gunther's protocol. This paper presents an efficient identity-based key exchange protocol based on the difficulty of computing a discrete logarithm problem. As compared with the previously proposed protocols, it has better performance in terms of the computational cost and the communication steps. The proposed key exchange protocol provides implicit key authentication as well as the desired security attributes of an authenticated key exchange protocol.