Abstract
Yang and Chang (2009) proposed a three-party authenticated key exchange protocol for securing communications in mobile-commerce environments. Their protocol reduces computation and communication costs by employing elliptic curve cryptosystems. However, Tan (2010) pointed out that Yang and Chang (2009)’s protocol cannot withstand impersonation and parallel attacks, and further proposed an enhanced protocol to resist these attacks. This paper demonstrates that Tan (2010)’s approach still suffers from impersonation attacks, and presents an efficient and secure three-party authenticated key exchange protocol to overcome shown weaknesses.
Similar content being viewed by others
References
Cagalj, M., Capkun, S., Hubaux, J.P., 2006. Key agreement in peer-to-peer wireless networks. Proc. IEEE, 94(2): 467–478. [doi:10.1109/JPROC.2005.862475]
Canetti, R., Krawczyk, H., 2001. Analysis of Key-Exchange Protocols and Their Use for Building Secure Channels. Proc. Advances in Cryptology, p.453–474. [doi:10.1007/3-540-44987-6_28]
Chen, T.H., Lee, W.B., Chen, H.B., 2008. A round- and computation-efficient three-party authenticated key exchange protocol. J. Syst. Softw., 81(9):1581–1590. [doi:10.1016/j.jss.2007.11.720]
Diffie, W., Hellman, M., 1976. New directions in cryptography. IEEE Trans. Inf. Theory, 22(6):644–654. [doi:10.1109/TIT.1976.1055638]
Guo, H., Li, Z., Mu, Y., Zhang, X., 2008. Cryptanalysis of simple three party key exchange protocol. Comput. Secur., 27(1–2):16–21. [doi:10.1016/j.cose.2008.03.001]
Hölbl, M., Welzer, T., Brumen, B., 2010. Two proposed identity-based three-party authenticated key agreement protocols from pairings. Comput. Secur., 29(2):244–252. [doi:10.1016/j.cose.2009.08.006]
Knuth, D.E., 1981. The Art of Computer Programming, Volume II: Seminumerical Algorithms (2nd Ed.). Addison-Wesley, Reading, MA.
Koblitz, N., 1987. Elliptic curve cryptosystem. Math. Comput., 48(177):203–209. [doi:10.1090/S0025-5718-1987-0866109-5]
Lee, C.C., Chang, Y.F., 2008. On security of a practical three-party key exchange protocol with round efficiency. Inf. Technol. Control, 37(4):333–335.
Lee, S.W., Kim, H.S., Yoo, K.Y., 2005. Efficient verifier-based key agreement protocol for three parties without server’s public key. Appl. Math. Comput., 167(2):996–1003. [doi:10.1016/j.amc.2004.06.129]
Lu, R., Cao, Z., 2007. Simple three-party key exchange protocol. Comput. Secur., 26(1):94–97. [doi:10.1016/j.cose.2006.08.005]
Menezes, A.J., Orschot, P.C., Vanstone, S.A., 1996. Handbook of Applied Cryptography. CRC Press. [doi:10.1201/9781439821916]
Miller, V.S., 1986. Use of Elliptic Curves in Cryptography. Proc. Advances in Cryptology, p.417–426. [doi:10.1007/3-540-39799-X-31]
Padmavathy, R., 2010. Improved three party EKE protocol. Inf. Technol. Control, 39(3):220–226.
Schnorr, C.P., 1989. Efficient Identification and Signatures for Smart Cards. Proc. CRYPTO, p.239–252. [doi:10.1007/0-387-34805-0-22]
Tan, Z., 2010. An enhanced three-party authentication key exchange protocol for mobile commerce environments. J. Commun., 5(5):436–443. [doi:10.4304/jcm.5.5.436-443]
Tsaur, W.J., Chou, C.H., 2005. Efficient algorithms for speeding up the computations of elliptic curve cryptosystems. Appl. Math. Comput., 168(2):1045–1064. [doi:10.1016/j.amc.2004.10.010]
Yang, J.H., Chang, C.C., 2009. An efficient three-party authenticated key exchange protocol using elliptic curve cryptography for mobile-commerce environments. J. Syst. Software, 82(9):1497–1502. [doi:10.1016/j.jss.2009.03.075]
Yoon, E.J., Yoo, K.Y., 2008. Improving the novel three-party encrypted key exchange protocol. Comput. Stand. Interf., 30(5):309–314. [doi:10.1016/j.csi.2007.08.018]
Author information
Authors and Affiliations
Corresponding author
Additional information
Project (Nos. 101-2218-E-011-001, 100-2218-E-259-004-MY2, and 101-2219-E-011-004) partially supported by the Taiwan Information Security Center (TWISC), National Science Council (NSC), Taiwan
Rights and permissions
About this article
Cite this article
Chou, Ch., Tsai, Ky., Wu, Tc. et al. Efficient and secure three-party authenticated key exchange protocol for mobile environments. J. Zhejiang Univ. - Sci. C 14, 347–355 (2013). https://doi.org/10.1631/jzus.C1200273
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1631/jzus.C1200273