Yixin Jiang and Chuang Lin. Minghui Shi and Xuemin Sherman Shen*

Transcription

1 198 Int J Securty Networks Vol 1 Nos 3/ A self-encrypton authentcaton protocol for teleconference servces Yxn Jang huang Ln Departent of oputer Scence Technology Tsnghua Unversty Beng hna E-al: yxang@csnet1cstsnghuaeducn E-al: cln@csnet1cstsnghuaeducn Mnghu Sh Xuen Sheran Shen* Departent of Electrcal oputer Engneerng Unversty of Waterloo Waterloo Ontaro anada E-al: sh@bbcruwaterlooca E-al: xshen@bbcruwaterlooca *orrespondng author Abstract: A novel authentcaton protocol for teleconference servce s proposed The an features of the proposed protocol nclude dentty anonyty one-te Pseudony Identty (PID renewal locaton ntracablty Identty anonyty s acheved concealng the real dentty of a oble conferee n a prearranged PID One-te PID Renewal echans n whch the oble conferee s PID s frequently updated councatng wth the network centre s ntroduced to offer locaton ntracablty It s shown that the securty has been sgnfcantly enhanced whle the coputaton coplexty s slar to the exstng ones appeared n the lterature Keywords: authentcaton; teleconference servces; protocol; anonyty Reference to ths paper should be ade as follows: Jang Y Ln Sh M Shen XS (2006 A self-encrypton authentcaton protocol for teleconference servces Int J Securty Networks Vol 1 Nos 3/4 pp Bographcal notes: Yxn Jang receved hs MS n oputer Scence fro Huazhong Unversty of Scence Technology n 2002 He s currently pursng hs PhD at the Departent of oputer Scence Technology Tsnghua Unversty Beng hna Hs current research nterests nclude network securty huang Ln s a Professor of oputer Scence at the Tsnghua Unversty Beng hna He receved hs BS PhD n oputer Scence fro Tsnghua Unversty Her current research focuses on perforance evaluaton Petr nets teporal logcs network securty Mnghu Sh receved a BS n 1996 fro Shangha Jao Tong Unversty hna an MS n 2002 fro the Unversty of Waterloo Ontaro anada both n electrcal engneerng He s currently workng towards a PhD at the Unversty of Waterloo Hs current research nterests nclude wreless LAN/cellular network ntegraton network securty Xuen Sheran Shen s a Professor of Electrcal oputer Engneerng at the Unversty of Waterloo Ontaro anada He receved hs PhD n control fro Rutgers Unversty USA Hs research nterests nclude wreless/nternet nterworkng rado resource oblty anageent voce over oble IP WLAN/WMAX WAP UWB wreless councatons wreless ad hoc sensor networks wreless network securty stochastc process optal control flterng 1 Introducton Moble teleconference s a synchronous collaboraton sesson n whch conferees at reote locatons cooperate wth an nteractve procedure for exaple a board eetng a task force or a scentfc syposu through wreless councatons When a conference char holds a oble teleconference all conferees are requred to connect to a centre node called a Network enter ( va wreless access network The receves essages opyrght 2006 Inderscence Enterprses Ltd

2 Self-encrypton authentcaton protocol 199 fro conferees processes the n an approprate way then sends the results to conferees Prvacy s very portant to oble teleconference A secure conference servce protocol for dgtal oble networks has proposed Hwang Yang (1995 The protocol can establsh a sesson key for a vald user to hold a teleconference A odfed secure teleconference protocol whch allows an actve partcpant to on or ext on-gong conference has been presented Hwang (1999 Both user authentcaton sesson key dstrbuton are sultaneously ncluded n the conference protocol The sesson key dstrbuton uses a publc key cryptosyste to splfy the councaton between conferees However the conferee s oble devce s requred to use two cryptosystes whch s not frendly to the low coputaton power requreent A splfed echans called self-encrypton was gven Hwang hang (2003 whch not only decreases the coputaton coplexty n Hwang (1999 but also retans sple councatons for the secure teleconference servce The self-encrypton echans uses the plantext as a long-ter secret key to encrypt the correspondng cpher-text The long-ter secret key s = f(id for ts th oble user T s antaned where f s a secret one-way hash functon ID denotes the dentty of the oble user The self-encrypton echans operates as follows: Step 1 A charan T 1 ntates a conference then: 1 chooses two ro nubers r 11 r 12 2 uses the long-ter secret key s1( = f(id 1 to { t s r r ID ID } encrypt sends essage {ID 1 Es ( t 1 1 s1 r11 r 12 ID 2 ID } to the trusted Here ID ( = 1 2 represents the conferees dentty t 1 denotes the testap s 1 s generated such as s = f(id where f s a secret one-way functon held Step 2 On recevng essage fro T 1 decrypts the encrypted data usng the long-ter secret key s 1 then verfes whether s 1 s equal to f (ID 1 the testap t 1 s wthn soe reasonable range copared wth ts current te If both are true calls other oble conferees ID ( = 2 3 Step 3 Every partcpant T for = 2 3 does the sae as charan T 1 does that s: 1 chooses two ro nubers r 1 r 2 2 uses the long-ter secret key s( = f(id to encrypt ( t s r1 r 2 3 sends the essage {ID Es ( t 1 2} s r r to Step 4 When recevng the essage fro T decrypts the encrypted data then verfes the authentcty of s the testap t If both are true selects two non-zero ro nubers K c r 0 calculates PI PA ( PI = K + lc r r r (1 c ( 0 1 PA = E K ID (2 where K c denotes the sesson key of the conference lc ( r0 r1 r denotes the least coon ultple functon Fnally broadcasts tuple ( QyR PA to T ( = 2 3 Here Q y R are coputed PI = Q2 y + R Step 5 Each partcpant T obtans conference key K as y K = ( Q2 + Rod( r (3 where the sesson key r s coputed as r = r1+ r2 They verfy the valdty of K c checkng whether PA s equal to E K (ID Note that the self-encrypton echans provdes an plct authentcaton (Steps 2 4 Once recevng essage fro T decrypts the encrypted data usng the long-ter secret key s If the decrypted secret key s s equal to f (ID the dentty of conferee T s true However the self-encrypton echans cannot provde dentty anonyty an ntruder can easly obtan ID nterceptng the essages If the secret oneway functon f s sped the ntruder could copute all the long-ter shared keys s the cryptographc syste would be prosed The dsclosure of a user s dentty wll allow unauthorsed enttes to track hs ovng hstory current locaton whch entals the volaton of hs prvacy Hence the dentty anonyty s one of the portant factors that should be consdered n oble teleconference On the other h the echans of ssung the sesson key to a new partcpant durng a conference ay cause that a partcpant who leaves rght after the new partcpant onng the conference s stll able to eavesdrop the conversaton even when the sesson key s refreshed (Ng 2001 In ths paper we propose a sple authentcaton protocol wth anonyty property for oble teleconference servces based on the Secret Splttng prncple (Schneer 1996 Secret splttng s a type of nforaton-hdden technque n whch a essage s dvded nto several coponents The orgnal essage can be reconstructed f only f the nuber of coponents gathered s equal or greater than the preset threshold In the proposed protocol the real dentty of a oble conferee s decoposed nto a Pseudony Identty (PID used for transsson a ro nuber N whch s known only so that an ntruder s unable to reconstruct the real dentty fro PID wthout the knowledge of N In addton to prevent the oblty of a partcular oble conferee fro beng traced the PID s renewed frequently usng proposed One-te PID Renewal echans The conversaton prvacy s also guaranteed when partcpants on or leave the on-gong teleconference eetng properly renewng re-dstrbutng the conference sesson key

3 200 Y Jang et al The rest of ths paper s organsed as follows In Secton 2 the authentcaton protocol wth anonyty for teleconference servces s proposed In Sectons 3 4 the securty the perforance analyss are presented respectvely followed the concluson n Secton 5 2 The proposed authentcaton protocol wth anonyty property The proposed authentcaton protocol uses a sple secret splttng echans to provde the dentty anonyty prevent unauthorsed enttes fro tracng a partcular oble user s roang hstory hs current locaton The securty strength does not reply on the secrecy of the one-way functon so publc one-way hash functons are used n the proposed protocol We stll retan the self-encrypton echans n the proposed schee that s the also antans a long-ter secret key s = f(id for hs conferee T usng a one-way functon f By extractng the real dentty ID of user T fro PID we can further copute the shared key s whch s used to encrypt the exchanged essages However we provde dentty anonyty echans usng a Pseudony Identty PID for a oble user T nstead of hs real dentty ID The Pseudony Identty PID s prearranged dstrbuted n advance And the oble user T stores PID whch s only known to hself 21 Mutual Authentcaton Protocol (MAP When a user T regsters wth he subts hs dentty ID to whose dentty s ID generates an -bts ro nuber N keeps t secret In order to prevent the exclusve search attack should be suffcently large for exaple 128 bts or longer coputes a Pseudony Identty PID for T as: PID = hn ( ID ID ID (4 where denotes btwse XOR operaton h s a publc strong one-way hash functon Then delvers PID to T through a secure channel records the appng relaton of PID N(PID N n dstrbuted database servers By ths secret-splttng echans we can conceal the real dentty ID n PID provde dentty anonyty for T whle keepng the algorth sple In the followng we descrbe the proposed authentcaton protocol accordng to the order of essage exchange also dscuss the securty goals whch can be acheved durng the executon of each protocol essage (see Fgure 1 Step 1 The conference charan T 1 : 1 chooses a ro nuber r 1 2 coputes the long-ter key s 1 s = f(id uses key s 1 to encrypt ( t s r ID ID sends essage {PID 1 Es ( t 1 1 s1 r 1 ID 2 ID } to Here PID ( = 12 represents the PID of T Step 2 On recevng the essage fro T 1 retreves the correspondng N 1 of oble conferee T 1 searchng the PID N appng table derves the real dentty of oble conferee T 1 coputng ( ID = PID h N ID ID ( Hence can retreve correspondng shared key s 1 decrypt Es ( t 1 1 s1 r 1 ID 2 ID Then verfes the authentcty of the secret key s 1 the testap t 1 If both are true calls the other oble user ID( = 23 Note that all of the shared keys s ( = 12 are precoputed Fgure 1 The proposed schee wth anonyty property for secure teleconference

4 Self-encrypton authentcaton protocol 201 Step 3 The partcpant T for = 2 3 does the sae as charan T1 n Step 1 onferee T: 1 chooses a ro r 2 coputes the long-ter secret key s as s = f(id 3 uses secret key s to encrypt { t s r } 4 sends the essage {PID Es ( t } s r to Step 4 On recevng the essage fro T retreves the correspondng N of T searchng the PID N appng table extracts the dentty ID of T ( ID = PID h N ID ID (6 Then can retreve correspondng shared key s further decrypt Es ( t s r Next checks the authentcty of secret key s testap t If t s true selects two non-zero ro nubers K c r 0 further calculates PI PA ( PI = K + lc r r r (7 c ( 0 1 PA = E K ID (8 where K c s the sesson key lc ( r0 r1 r denotes the least coon ultple functon Fnally broadcasts tuple ( QyR PA to all T ( = 23 where Q y R are coputed PI = Q2 y + R for savng transsson bwdth Step 5 Each partcpant T obtans y K = ( Q2 + Rod( r (9 Then T verfes the valdty of K c checkng whether PA s equal to E (ID 22 Dynac partcpant echans To assure the freshness of sesson key K c when a partcpant wants to ext an n-process teleconference ust change the sesson key K c re-copute PI Meber on: when a partcpant T +1 ons a conference that s already n-process the procedures of obtanng K c for T +1 are the sae as n steps 3 5 except that sends Q y R to conferee T +1 where PI = K y c + r+ s+ = Q + R Meber qut: when a partcpant T leaves a conference that s already n-process the renewng procedures for sesson key K c are descrbed as follows Step 1 selects a new sesson key K further calculates PI PA as follows PA ( ID = K K E (10 ( PI = K + lc r r r r r (11 where r = + r t t denotes the current te Then broadcasts four-tuple ( t Q y R to T where paraeters Q y R PI satsfy the equaton PI = Q 2 y + R Step 2 The reanng conferee T ( obtans the y new sesson key K = ( 2 + od( + Q R r t verfes the authentcty of sesson key K checkng whether PA s equal to E ( ID 23 Pseudony Identty Renewal Protocol Though n prevous MAP schee we provde an dentty anonyty echans usng a Pseudony Identty PID for a oble conferee T nstead of hs real dentty ID there are stll soe securty ssues to be consder For exaple even when the oble conferee T never reveals hs dentty ID to partes other than he does reveal hs long-ter Pseudony Identty PID durng utual authentcaton n MAP Therefore llegal partes can stll track a conferee s locaton hs long-ter PID although they have no way to extract the real dentty ID The goal of Pseudony Identty Renewal Protocol (PIRP protocol s to renew a new PID for a oble conferee We ntroduce a new echans called One-te Pseudony Identty Renewal Ths new feature allows oble conferee to renew hs PID frequently reduces the rsk that he uses a coprosed PID to councate wth Suppose that a oble conferee T s requred to renew hs Pseudony Identty PID 1 wth for the th te he can obtan the new PID accordng to the steps shown n Fgure 2 Fgure 2 The pseudony dentty renewal protocol Msg 1: T : PID 1 EK ( t ID PID 1 r Msg 2: T : EK ( t PID 1 r r Msg 3: T : EK (PID As shown n Fgure 2 the new Pseudony Identty PID s calculated as follows 1 PID = PID r r = 12 n (12 Evdently t wll vary n each pseudony dentty renewal because of the two ro nuber r r Note that PID 0 of oble conferee T s set as the orgnal Pseudony Identty PID n MAP phase that s PID0 = PID In the followng we descrbe ths sub-protocol accordng to the order of essage exchanges n Fgure 2 Step 1 The conferee T does the followng: 1 choose a new ro nuber r K

5 202 Y Jang et al 2 use the conferee key K c generated n prevous MAP protocol to encrypt text { t ID PID r } 1 3 send the essage {PID E ( t ID PID r } to 1 K 1 Step 2 On recevng the essage 1 fro T uses the conference sesson key K c to decrypt the essage EK ( t ID PID 1 r checks whether PID 1 n EK ( t ID PID 1 r s the sae as the PID 1 reserved n prevous renewal sesson If t s false ternates the executon Otherwse the Pseudony Identty PID 1 of oble conferee T s authentcated Subsequently does the followng: 1 generate a ro r 2 set PID = PID 1 r r as the new Pseudony Identty keepng t secretly 3 send essage EK ( t PID 1 r r back to conferee T Step 3 onferee T decrypts EK ( t PID 1 r r wth conference key K c If the decrypted ro r n EK ( t PID 1 r r s equal to ts orgnal ro r then T can copute the new Pseudony Identty PID as PID = PID 1 r r Then conferee T sends E K (PID to to verfy the new PID Step 4 If DK ( E (PID PID K = then records the new PID for oble conferee T So far has fnshed the authentcaton process wth T obtaned a new PID for T Snce the two ro r r are generated oble conferee T respectvely PID = PID 1 r r plays a role of one-te PID when T access We call ths new echans as One-te Pseudony Identty Renewal Next we shall analyse the securty of ths protocol The perforance coparson between our protocol the one n Hwang hang (2003 schee wll be descrbed n the later secton 3 Securty analyss Generally there are fve basc securty requreents for secure teleconference servces (Hwang 1999: 1 Prvacy of partcpant s locaton nforaton durng the councaton so that t s requste to provde the dentty anonyty ntracablty echans 2 Preventon of replay attackng so that ntruders are not able to obtan senstve data relayng a prevously ntercepted essage 3 Prvacy of conference conversaton content 4 Preventon of fraud ensurng that oble conferees are authentc that s there s a utual authentcaton echans between a oble conferee 5 Secure dynac partcpaton so that any actve partcpant can on or leave a teleconference whle assurng the freshness of conference sesson key Next we analyse the securty of our proposed protocol to see whether these securty requreents have been satsfed 31 Identty anonyty ntracablty analyss The securty requreent for concealng partcpants locaton nforaton s acheved ntroducng a sple dentty anonyty echans Ths feature akes an ntruder unable to trace a partcular oble user s locaton nterceptng the conversaton Our schee provdes dentty anonyty n all procedures replacng conferees real dentty wth a PID ase 1 In MAP phase the real dentty ID of T s replaced wth PID ( = hn ( ID ID ID Snce only knows the secret nuber N hn ( ID nobody except can obtan real ID fro PID coputng ID = PID hn ( ID ID t s possble for a tracker to extract the real dentty ID fro the transtted essages then trace the locaton of a oble targeted user Snce each conferee s PID s coputed usng unque N the legtate conferee T cannot copute another conferee T k s ID k nterceptng PID k personate T k ase 2 In PIRP phase the dentty anonyty s guaranteed the slar echans That s the conferee T substtutes the Pseudony Identty PID wth hs real dentty ID where the Pseudony Identty PID s coputed as PID = PID r r 1 The dentty ntracablty s also assured When a conferee T partcpates a teleconference hs Pseudony Identty PID = PID 1 r r wll be renewed frequently because of the varance of ro nuber r r The dynacs of ro r r guarantees the freshness of the Pseudony Identty PID n dfferent sesson phases Although locaton-awareness servces applcatons wll becoe ore popular n the future; the portance of protectng nforaton about partcpants locatons would not be decreasng accordngly especally consderng such

6 Self-encrypton authentcaton protocol 203 confdental applcatons n ltary envronent It sees that the dentty anonyty ay contradct wth the locaton-awareness servces applcatons Actually ntroducng soe other echanss such as the key escrow or recovery schee (Abe Ka 2002; Gonzáles Neto et al 2002 we can stll provde the locaton-awareness servces as well as safeguard the prvacy of a partcpant s locaton nforaton wth the ad of dentty anonyty echans 32 Preventon of relayng attackng A replayng attack s a ethod that an ntruder stores stale ntercepted essages retransts the at a later te An effcent easure aganst a replayng attack s to ntroduce testap t lfete L nto the transtted essages set an expected legal te nterval t for transsson delay All transtted essages n each step of our schee contan testaps Accordng to the testap t t the recever can effcently verfy the valdty of these essages checkng f t t < t s true where t s the testap of a essage whle t s current te when t s receved If ths nequalty holds the essage s vald Otherwse regards ths essage as a replayng essage By ths echans a replayng attack can be avoded 33 Prvacy of conferee conversaton content Evdently the prvacy of conferee conversaton content n our schee s guaranteed Once the vald partcpants hold the sesson key K c the conversaton of the conference content wll be encrypted K c Hence any ntruder cannot know the conversaton content wthout knowng the sesson key K c To obtan conference sesson key K c an ntruder ust frst obtan the prvate ro r then use t to calculate K c as n Equaton (9 However n our schee the ro r ( = 12 s only generated secretly conferee T Nobody except T hself knows the ro r Therefore even though all of the essages {PID 1 Es ( t 1 1 s1 r 1 ID 2 ID } { QyR PA} n Fgure 1 can be ntercepted the ntruder cannot obtan r ( = 12 furtherore copute conferee y sesson key K = ( Q2 + Rod( r snce t s portant for h to get the secret key s( s = f(id unless he knows the real dentty ID of the conferee T Hence the ntruder s prohbted fro stealng the sesson key K c eavesdroppng any councaton content 34 Preventon of fraud In order to prevent fraud the conferees should be authentcated wth each other Ths requres that our schee provde utual authentcaton echans between each conferee Frstly assue that we consder the followng personaton attack scenaros n MAP protocol Ths securty requreent can be acheved verfyng the correctness of the conferee s dentty ID hs secret key s ase 1 An ntruder has no way to personate to cheat conferee T Snce the shared key s s only known to conferee T an ntruder cannot send conferee T the vald response { QyR PA} whch s generated Once each partcpant T receves the essage { QyR PA} n Fgure 1 he can y copute K = ( Q2 + Rod( r then verfes the valdty of K c checkng whether PA s equal to E (ID K ase 2 An ntruder cannot personate T to cheat snce he cannot know the real dentty of T If the ntruder uses a phony dentty ID the correspondng spurous PID can be dentfed snce can obtan the ID coputng ID = PID hn ( ID ID And then can detect the spurous ID Gven that ID s kept secretly n our protocol nobody except T hself can know hs real dentty Therefore our MAP protocol can effcently prevent an ntruder fro personatng attacks because of the atory utual authentcaton echans between oble conferee T Slarly n PIRP protocol the denttes of conferees T are also copulsorly authentcated each other Suppose that we consder the followng personaton attack scenaros n ths protocol ase 1 An ntruder has no way to personate to cheat conferee T snce he does not possess the prevous Pseudony Identty PID 1 Hence t s possble for an ntruder to send the authentc essage {PID E ( t ID PID r } to 1 K 1 ase 2 An ntruder also has no way to personate conferee T ( = 12 to cheat Snce the shared conference sesson key K c s unknown to anyone only except conferee T ( = 12 the ntruder possbly sends the authentc essage EK ( t PID 1 r r to conferee T Moreover M s requred to send back the essage E K (PID to for utual plct key authentcaton 35 Dynac partcpant echans Our proposed protocol eets the requreent of secure dynac partcpaton snce the key dstrbuton echans n our schee can update the sesson key K c

7 204 Y Jang et al when a eber ons or leaves the n-process conference As descrbed n Secton 2 can assure the freshness of conference sesson key K c changng the sesson key K c re-coputng PI then re-dstrbutng the requste updatng essages to correspondng conferees 4 Perforance analyss The portable devces usually have low power coputaton capacty so t s practcal to pleent certan coplex cryptography algorths whch requre hgh coputaton coplexty n portable devces There are two perforance factors to be consdered n wreless envronent Frstly the low coputatonal power of oble devces should be a concern whch eans a securty protocol requrng heavy coputaton on the oble devce s not feasble (Ng Mtchell 2004; Sh 2003; Wong han 2001 Secondly snce the bwdth s lower the channel error s hgher n wreless networks than that n wred networks the securty protocols should be desgned to nse the essage sze the nuber of essage exchanges The perforance coparson between our protocol the one n Hwang hang (2003 schee s shown n Table 1 We anly copare the nuber of hash operatons exponentaton operatons syetrc encrypton/decrypton operatons the nuber of transssons (essage exchanges n the two protocols Table 1 oparson te Exponental operaton Perforance coparson T Hwang hang protocol 1 (step 5 1 (step 4 Our protocol 1 (step 5 1 (step 4 Hash operaton T 1 (step 1 Syetrc encrypton Syetrc decrypton Transsson essages Identty anonyty Locaton ntracablty T T 1 (step 1 or 5 (steps (steps 1 or 5 (steps 2 5 T 2 + 3( ( 1 Yes Yes Note that the rows n shadow show the dfferences between the Though one Hash operaton (coputng the long-ter shared secret key s s added n our schee we obtan the followng extra securty features: 1 The dentty anonyty ntracablty echans are offered so that t s dffcult for an ntruder to trace the locaton of a target conferee 2 The one-way hash functon f can be publc n our schee 3 The securty when a partcpant ons an n-process teleconference s further strengthened 5 oncluson future work In ths paper we propose a novel authentcaton protocol wth anonyty property for teleconference servces to resolve the securty ssues n prevous teleconference protocols Two new echanss are ntroduced n our protocols: dentty anonyty one-te pseudony dentty renewal For offerng anonyty we conceal the real dentty of a oble conferee n a prearranged PID utlsng the secret-splttng prncple In order to provde locaton ntracablty one-te pseudony dentty renewal echans s ntroduced We utlse teratve algorth to update PID frequently thus reduce the rsk that a conferee uses a coprosed PID to councate wth The perforance coparsons show that though we acheve such new securty features the coplexty of our protocols s slar to the one n the lterature the coputaton requreent for oble devce s qute low Acknowledgeent Ths relatve work was supported n part the NSF of hna under contracts No ; the Proects of Developent Plan of the State Hgh Technology Research under contract No 2003B Intel IXA Unversty Research Plan References Abe M Ka M (2002 A key escrow schee wth te-lted ontorng for one-way councaton The oputer Journal Vol 45 No 6 pp Gonzáles Neto JM Vswanathan K Boyd lark A Dawson E (2002 Key recovery for the coercal envronent Internatonal Journal of Inforaton Securty Vol 1 No 3 pp Hwang KF hang (2003 A self-encrypton echans for authentcaton of roang teleconference servces IEEE Transactons on Wreless ouncatons Vol 2 pp Hwang MS (1999 Dynac partcpaton n a secure conference schee for oble councatons IEEE Transactons on Vehcular Technology Vol 48 pp Hwang MS Yang WP (1995 onference key dstrbuton schees for secure dgtal oble councatons IEEE Journal on Selected Areas n ouncatons Vol 13 pp Ng SL (2001 oents on Dynac partcpaton n a secure conference schee for oble councatons IEEE Transactons on Vehcular Technology Vol 50 pp

8 Self-encrypton authentcaton protocol 205 Ng SL Mtchell (2004 oents on utual authentcaton key exchange protocols for low power wreless councatons IEEE ouncatons Letters Vol 8 pp Schneer B (1996 Appled ryptography: Protocols Algorth Source ode 2nd edton John Wely & Sons Inc pp70 72 Sh K (2003 ryptanalyss of utual authentcaton key exchange for low power wreless councatons IEEE ouncatons Letters Vol 7 pp Wong DS han AH (2001 Mutual authentcaton key exchange for low power wreless councatons Proceedngs of IEEE Mltary ouncatons onference MILOM 2001 Vol 1 pp39 43