A Fast and Secure Elliptic Curve Based Authenticated Key Agreement Protocol For Low Power Mobile Communications Pierre E. ABI-CHAR, Abdallah MHAMED UMR CNRS 5157 GET/Institut National des T· el· ecommunications 9 rue C. Fourier - 91011 Evry CEDEX - France {pierre.abichar; abdallah.mhamed}@int-edu.eu Bachar EL-HASSAN Libanese University Faculty of Engineering Tripoli - Lebanon bachar elhassan@ul.edu.lb Abstract The increasing progress in wireless mobile communica- tion has attracted an important amount of attention on the security issue. To provide secure communication for mo- bile devices, authenticated key agreement protocol is an im- portant primitive for establishing session key. So far, sev- eral protocols have been proposed to provide robust mu- tual authentication and key establishment for wireless lo- cal area network (WLAN). In this paper we present a fast and Secure Authenticated Key Agreement (EC-SAKA) pro- tocol based on Elliptic Curve Cryptography. Our proposed protocol provides secure mutual authentication, key estab- lishment and key conrmation over an untrusted network. The new protocol achieves many of the required security and performance properties. It can resist dictionary attacks mounted by either passive or active networks intruders. It can resist Man-In-The Middle attack. It also offers perfect forward secrecy which protects past sessions and passwords against future compromise. In addition, it can resist known- key and resilience to server attack. Our proposed protocol uses ElGamal signature techniques (ECEGS). We show that our protocol meets the above security attributes under the assumption that the elliptic curve discrete logarithm prob- lem is secure. Our proposed protocol offers signicantly im- proved performance in computational and communication load over comparably many authenticated key agreement protocols such as B-SPEKE, SRP, AMP, PAK-RY, PAK-X, SKA, LR-AKE and EC-SRP. 1 Introduction In key agreement protocol two or more distributed en- tities need to share some key in secret, called session key. This session key can then be used to achieve some cryp- tographic goal such as condential communication chan- nel between entities or data integrity. There are two kinds of key establishment protocols: Key transport protocols in which a key is created by one entity and securely transmit- ted to the second entity, and Key agreement protocols in which both parties contribute information which jointly es- tablish the shared key [14]. A key agreement protocol is said to provide implicit key authentication if entity A is as- sured that no other entity aside from a specically identi- ed second entity B can possibly learn the value of a par- ticular secret key. A key agreement protocol which pro- vides implicit key authentication to both entities is called an authenticated key agreement protocol. If both implicit key authentication and key conrmation are provided, then the key establishment protocol is said to provide explicit key authentication. A key agreement protocol which pro- vides explicit key authentication to both entities is called an authenticated key agreement with key conrmation [14]. The security of Elliptic Curve cryptography relies on the discrete logarithm problem over the points on an elliptic curve. The best known methods to solve the Elliptic Curve Discrete Logarithm Problem (ECDLP) are Pollard approach and Pohlig-Hellman method. They are fully exponential while the best known methods to solve the Integer Factor- ization Problem (IFP) and the Discrete Logarithm Problem (DLP), on which most of the non-ECC cryptosystems rely, are sub-exponential. In fact, ECC can signicantly reduce the computation and storage overhead. In this paper we present a fast and secure three-pass au- thenticated key establishment protocol for low power mo- bile wireless devices that provides secure mutual authenti- cation and key agreement with key conrmation. The EC- SAKA (Secure Authenticated Key Agreement) is based on the Elliptic Curve Cryptographgy [19], on the EC ElGamal Signature Scheme (ECEGS), on SKA (Simple Key Agree- ment) protocol [17] and on the assumption that the ECC discrete logarithm problem is secure [19]. Our proposed protocol achieves many of desirable security requirements The 2007 International Conference on Next Generation Mobile Applications, Services and Technologies (NGMAST 2007) 0-7695-2878-3/07 $25.00 © 2007