ACCENTS Transactions on Information Security, Vol 2(7) ISSN (Online): 2455-7196 http://dx.doi.org/10.19101/TIS.2017.27002 62 An ID-based authenticated three-party key exchange protocol Susmita Mandal * , Sujata Mohanty and Banshidhar Majhi Department of Computer Science and Engineering, National Institute of Technology, Rourkela, Odisha ©2017 ACCENTS 1.Introduction Key exchange protocols enable two parties to communicate securely over an untrusted network by exchanging a shared secret among them. Authentication and privacy are the two primary objectives of network security where privacy ensures that transmitted messages cannot eavesdrop. On the other hand, authentication assures that no unauthorized user can gain access maliciously. These two goals can be achieved simultaneously, using authenticated key exchange scheme where two or more parties can share a common secret to transmit a message securely in an open network. Bellovin and Merritt [1] proposed a primitive two- party password-based authentication key exchange (2PAKE) protocol where each entity can authenticate one another via a public network for sharing a session key. On the basis of their protocol, several 2PAKE protocols [2-4] are proposed in the literature. However, the 2PAKE protocols are mostly suitable for client-server architectures, as they need to pre- share a common secret for mutual authentication and session key agreement. This restriction results in storage of huge amount of secret for communicating with a group of participants. *Author for correspondence To overcome this problem, 3PAKE schemes are proposed where every user shares a single secret with a trusted server by eliminating the necessity of holding a huge amount of secrets to communicating with different group members. The first efficient three-party authenticated key exchange protocol based on PKC was proposed by Chen et al. [5]. The scheme proposes low round complexity to achieve mutual authentication. Yang and Chang [6] found, Chen's protocol suffer from the stolen-verifier attack and require more computation cost as it generates and verifies Schnorr’s [7] digital signature based on modular exponentiation. Then, Yang et al. proposed an improved 3PAKE protocol based on elliptic curve cryptography (ECC) without any pre-shared secrets. Later, Yang et al. proposed an improved 3PAKE protocol based on elliptic curve cryptography (ECC)without any pre-shared secrets between client and server resulting in lower computation costs and low communication loads. In 2009,2010, Pu et al. and Tan found that Yang's scheme is vulnerable to unknown key-share attack, man-in-the-middle attack, impersonation, and parallel session attack [8, 9]. In the same paper, Tan et al. proposed a modified 3PAKE using the ECC but recently, Nose [10] proved that Tan’s protocol suffers from impersonation and the man-in-the-middle attack. Abundant work has been done in 3PAKErelevant to password-based authentication, traditional public key cryptosystem (PKC) and without server's public key Research Article Abstract For secure communication in an open and distributed network, three-party authenticated key exchange (3PAKE) protocol establishes a secure session key between two users with the help of a trusted server to ensure transaction confidentiality and efficiency. Existing schemes fail to achieve privacy to user's identity also unable to ensure undeniability of a service request. Therefore, we propose an authenticated three-party key exchange scheme based on the elliptic curve computational diffie-hellman assumption (ECDH). The proposed scheme not only achieves anonymity, non- repudiation but also reduces the overall computational cost. The scheme is validated in automated validation of internet security protocols and applications (AVISPA) tool and is proved secure in the random oracle model. The scheme has huge applications in real life scenarios, namely, mobile-commerce; secure message transmission, and e-voting. Keywords Anonymity, Non-repudiation, ID-based, Elliptic curve cryptography, AVISPA tool.