Security weaknesses of authenticated key agreement protocols

https://doi.org/10.1016/j.ipl.2011.04.007Get rights and content

Abstract

In this paper, we analyze the protocols of Tan, Lim et al., Chen et al. and five protocols of Hölbl et al. After the analysis, we found that Tan et al.ʼs, Lim et al.ʼs and two protocols of Hölbl et al. are insecure against the impersonation attack and the man-in-the-middle attack, Chen et al.ʼs protocol cannot withstand the key-compromise impersonation attack, one protocol of Hölbl et al. is vulnerable to the insider attack, one allows an adversary to compute the private key of any user and one protocol allows her to compute the shared secret key.

Highlights

► Tanʼs, Limʼs and Hölblʼs protocols are vulnerable to impersonation and mitm attack. ► Chen et al.ʼs protocol cannot withstand the key-compromise impersonation attack. ► Hölbl et al.ʼs protocol allows an adversary to compute the private key of any user. ► Hölbl et al.ʼs protocol allows an adversary to compute the shared secret key. ► Hölbl et al.ʼs protocol is vulnerable to the insider attack.

References (19)

There are more references available in the full text version of this article.

Cited by (15)

  • An improved three party authenticated key exchange protocol using hash function and elliptic curve cryptography for mobile-commerce environments

    2017, Journal of King Saud University - Computer and Information Sciences
    Citation Excerpt :

    In 2010, Tan (2010a) independently pointed out that Yang and Chang’s protocol is still susceptible to impersonation-of-initiator attack, impersonation-of-responder attack and parallel attack, and further proposed an improved 3PAKE protocol based on ECC. In 2011, Nose et al. (2011) demonstrated that Tan’s 3PAKE protocol still suffers from the impersonation-of- initiator attack, impersonation-of-responder attack and man-in-the-middle attack. Nose et al. also claimed that these three attacks can be mounted on Yang and Chang’s protocol (Yang and Chang, 2009), and Pu et al.’s protocol (Pu et al., 2009).

  • New identity-based three-party authenticated key agreement protocol with provable security

    2013, Journal of Network and Computer Applications
    Citation Excerpt :

    Most recently, Hölbl et al. (2010) proposed two most efficient ID-based three-party authenticated key agreement protocols up to now. Unfortunately, Nose (2011) showed that the first protocol does not offer known session key security and the second protocol is vulnerable to the insider attack. Until now, all ID-based three-party authenticated key agreement protocols are broken.

  • Improvement of a security enhanced one-time two-factor authentication and key agreement scheme

    2012, Scientia Iranica
    Citation Excerpt :

    Therefore, the major challenges in designing two-factor mutual authentication and key agreement schemes are how to resist both off-line password guessing attacks and smart card lost attacks. Considering the existing one-time two-factor mutual authentication schemes, many are insecure [7]. In 2002, Yeh et al. [8] and Chien et al. [9] proposed a one-time two-factor scheme, respectively.

  • Three-party password-based authenticated key exchange protocol based on the computational Diffie-Hellman assumption

    2018, International Journal of Communication Networks and Distributed Systems
  • Efficient Authenticated Key Exchange Protocols for Large-Scale Mobile Communication Networks

    2018, Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST
View all citing articles on Scopus
View full text