| Previous | [ 1] | [ 2] | [ 3] | [ 4] | [ 5] | [ 6] | [ 7] | [ 8] | [ 9] | [ 10] | [ 11] | [ 12] | [ 13] | [ 14] | [ 15] | [ 16] | [ 17] | [ 18] |
¡@
SHUHUA WU1,3, YUEFEI ZHU1 AND QIONG PU2,3
1Department of Networks Engineering
2Department of Electronics
Information Engineering University
Zhengzhou, He¡¦nan 450002 P.R. China
E-mail: wushuhua726@sina.com.cn
3State Key Laboratory of Information Security
Graduate University of Chinese Academy of Science
Beijing, 100049 P.R. China
Quite recently, Yang et al. presented an efficient three-party authenticated key exchange
protocol based upon elliptic curve cryptography (ECC) for mobile-commerce environments.
In this paper, we demonstrate that Yang et al.'s three-party authenticated
protocol is potentially vulnerable to an unknown key-share attack and impersonation attack.
Thereafter, we suggest a secure and efficient three-party authenticated key exchange
protocol for mobile-commerce environments. Our improved protocol has the following
advantages over Yang et al.'s protocol: (1) our scheme combines two factors to strengthen
its authentication mechanism; (2) our scheme simply utilizes each user's unique identity
to accomplish authentication, eliminating maintenance of a lot of users' keys; (3) our
scheme carries the rigorous proof of the security. Furthermore, our scheme is more efficient
than Yang et al.'s scheme. Therefore, the end result is more suited to be a candidate
for implementation in mobile-commerce environments.
Received November 25, 2009; revised March 1, 2010; accepted July 19, 2010.
Communicated by Tzong-Chen Wu.
* Part of this paper has been presented at the International Conference on Research Challenges in Computer
Science (ICRCCS), 2009, Shanghai, China and was sponsored by IITA Association.