Security weaknesses of authenticated key agreement protocols
Highlights
► Tanʼs, Limʼs and Hölblʼs protocols are vulnerable to impersonation and mitm attack. ► Chen et al.ʼs protocol cannot withstand the key-compromise impersonation attack. ► Hölbl et al.ʼs protocol allows an adversary to compute the private key of any user. ► Hölbl et al.ʼs protocol allows an adversary to compute the shared secret key. ► Hölbl et al.ʼs protocol is vulnerable to the insider attack.
References (19)
- et al.
A round- and computation-efficient three-party authenticated key exchange protocol
J. Syst. Softw.
(2008) - et al.
Two improved two-party identity-based authenticated key agreement protocols
Comput. Stand. Interf.
(2009) - et al.
Two proposed identity-based three-party authenticated key agreement protocols from pairings
Comput. & Security
(2010) - et al.
An efficient three-party authenticated key exchange protocol using elliptic curve cryptography for mobile-commerce environments
J. Syst. Softw.
(2009) - Steven M. Bellovin, Michael Merritt, Encrypted key exchange: Password-based protocols secure against dictionary...
- et al.
Key agreement protocols and their security analysis
- Y. Chen, J.S. Chou, C.H. Huang, Comment on four two-party authentication protocols, Cryptology ePrint Archive, report...
- et al.
New directions in cryptography
IEEE Trans. Inform. Theory
(1976) - M. Hölbl, Development of identity-based authenticated key agreement protocols, PhD thesis, Faculty of Electrical...
Cited by (15)
An improved three party authenticated key exchange protocol using hash function and elliptic curve cryptography for mobile-commerce environments
2017, Journal of King Saud University - Computer and Information SciencesCitation Excerpt :In 2010, Tan (2010a) independently pointed out that Yang and Chang’s protocol is still susceptible to impersonation-of-initiator attack, impersonation-of-responder attack and parallel attack, and further proposed an improved 3PAKE protocol based on ECC. In 2011, Nose et al. (2011) demonstrated that Tan’s 3PAKE protocol still suffers from the impersonation-of- initiator attack, impersonation-of-responder attack and man-in-the-middle attack. Nose et al. also claimed that these three attacks can be mounted on Yang and Chang’s protocol (Yang and Chang, 2009), and Pu et al.’s protocol (Pu et al., 2009).
New identity-based three-party authenticated key agreement protocol with provable security
2013, Journal of Network and Computer ApplicationsCitation Excerpt :Most recently, Hölbl et al. (2010) proposed two most efficient ID-based three-party authenticated key agreement protocols up to now. Unfortunately, Nose (2011) showed that the first protocol does not offer known session key security and the second protocol is vulnerable to the insider attack. Until now, all ID-based three-party authenticated key agreement protocols are broken.
Improvement of a security enhanced one-time two-factor authentication and key agreement scheme
2012, Scientia IranicaCitation Excerpt :Therefore, the major challenges in designing two-factor mutual authentication and key agreement schemes are how to resist both off-line password guessing attacks and smart card lost attacks. Considering the existing one-time two-factor mutual authentication schemes, many are insecure [7]. In 2002, Yeh et al. [8] and Chien et al. [9] proposed a one-time two-factor scheme, respectively.
Provably secure and efficient certificateless authenticated tripartite key agreement protocol
2012, Mathematical and Computer ModellingThree-party password-based authenticated key exchange protocol based on the computational Diffie-Hellman assumption
2018, International Journal of Communication Networks and Distributed SystemsEfficient Authenticated Key Exchange Protocols for Large-Scale Mobile Communication Networks
2018, Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST