Previous [ 1] [ 2] [ 3] [ 4] [ 5] [ 6] [ 7] [ 8] [ 9] [ 10] [ 11] [ 12] [ 13] [ 14] [ 15] [ 16] [ 17] [ 18]

@

Journal of Information Science and Engineering, Vol. 27 No. 4, pp. 1329-1343 (July 2011)

Cryptanalysis and Enhancements of Three-Party Authenticated Key Exchange Protocol using ECC*

SHUHUA WU1,3, YUEFEI ZHU1 AND QIONG PU2,3
1Department of Networks Engineering
2Department of Electronics
Information Engineering University
Zhengzhou, Henan 450002 P.R. China
E-mail: wushuhua726@sina.com.cn
3State Key Laboratory of Information Security
Graduate University of Chinese Academy of Science
Beijing, 100049 P.R. China

Quite recently, Yang et al. presented an efficient three-party authenticated key exchange protocol based upon elliptic curve cryptography (ECC) for mobile-commerce environments. In this paper, we demonstrate that Yang et al.'s three-party authenticated protocol is potentially vulnerable to an unknown key-share attack and impersonation attack. Thereafter, we suggest a secure and efficient three-party authenticated key exchange protocol for mobile-commerce environments. Our improved protocol has the following advantages over Yang et al.'s protocol: (1) our scheme combines two factors to strengthen its authentication mechanism; (2) our scheme simply utilizes each user's unique identity to accomplish authentication, eliminating maintenance of a lot of users' keys; (3) our scheme carries the rigorous proof of the security. Furthermore, our scheme is more efficient than Yang et al.'s scheme. Therefore, the end result is more suited to be a candidate for implementation in mobile-commerce environments.

Keywords: unknown key-share attack, impersonation attack, three-party, authenticated key exchange, mobile-commerce, elliptic curve cryptography

Full Text () Retrieve PDF document (201107_09.pdf)

Received November 25, 2009; revised March 1, 2010; accepted July 19, 2010.
Communicated by Tzong-Chen Wu.
* Part of this paper has been presented at the International Conference on Research Challenges in Computer Science (ICRCCS), 2009, Shanghai, China and was sponsored by IITA Association.