Previous [ 1] [ 2] [ 3] [ 4] [ 5] [ 6] [ 7] [ 8] [ 9] [ 10] [ 11] [ 12] [ 13] [ 14] [ 15] [ 16] [ 17] [ 18]


Journal of Information Science and Engineering, Vol. 27 No. 4, pp. 1329-1343 (July 2011)

Cryptanalysis and Enhancements of Three-Party Authenticated Key Exchange Protocol using ECC*

1Department of Networks Engineering
2Department of Electronics
Information Engineering University
Zhengzhou, Henan 450002 P.R. China
3State Key Laboratory of Information Security
Graduate University of Chinese Academy of Science
Beijing, 100049 P.R. China

Quite recently, Yang et al. presented an efficient three-party authenticated key exchange protocol based upon elliptic curve cryptography (ECC) for mobile-commerce environments. In this paper, we demonstrate that Yang et al.'s three-party authenticated protocol is potentially vulnerable to an unknown key-share attack and impersonation attack. Thereafter, we suggest a secure and efficient three-party authenticated key exchange protocol for mobile-commerce environments. Our improved protocol has the following advantages over Yang et al.'s protocol: (1) our scheme combines two factors to strengthen its authentication mechanism; (2) our scheme simply utilizes each user's unique identity to accomplish authentication, eliminating maintenance of a lot of users' keys; (3) our scheme carries the rigorous proof of the security. Furthermore, our scheme is more efficient than Yang et al.'s scheme. Therefore, the end result is more suited to be a candidate for implementation in mobile-commerce environments.

Keywords: unknown key-share attack, impersonation attack, three-party, authenticated key exchange, mobile-commerce, elliptic curve cryptography

Full Text () Retrieve PDF document (201107_09.pdf)

Received November 25, 2009; revised March 1, 2010; accepted July 19, 2010.
Communicated by Tzong-Chen Wu.
* Part of this paper has been presented at the International Conference on Research Challenges in Computer Science (ICRCCS), 2009, Shanghai, China and was sponsored by IITA Association.