Authenticated key agreement protocol is a fundamental building block for ensuring private communications between two or more parties over an insecure network. Certificateless public key cryptography (CL-PKC) combines the advantage of the identity-based public key cryptography (ID-PKC) and the traditional PKI. In the recent work, Wang et al. proposed an efficient two-party certificateless authenticated key agreement protocol from pairings used to protect the Web client/server communication. However, we found the scheme cannot withstand key compromise impersonation attack, and also, is vulnerable to one form of the man-in-the-middle attack -- key replicating attack, thus it doesn't possess some desirable security attributes,such as key compromise impersonation resilience and key integrity. We analyze the key replicating attack against the protocol in the BR93 security model in detail, and demonstrate that the protocol is not secure if the adversary was allowed to send a reveal query to reveal non-partner players who had accepted the same session key.
[1]
Mihir Bellare,et al.
Entity Authentication and Key Distribution
,
1993,
CRYPTO.
[2]
Kenneth G. Paterson,et al.
CBE from CL-PKE: A Generic Construction and Efficient Schemes
,
2005,
Public Key Cryptography.
[3]
Kenneth G. Paterson,et al.
Certificateless Public Key Cryptography
,
2003
.
[4]
Mihir Bellare,et al.
Provably secure session key distribution: the three party case
,
1995,
STOC '95.
[5]
Wang Shengbao,et al.
Efficient certificateless authenticated key agreement protocol from pairings
,
2006,
Wuhan University Journal of Natural Sciences.
[6]
Maurizio Adriano Strangio.
On the Resilience of Key Agreement Protocols to Key Compromise Impersonation
,
2006,
EuroPKI.
[7]
Alfred Menezes,et al.
Key Agreement Protocols and Their Security Analysis
,
1997,
IMACC.
[8]
Chik How Tan,et al.
Certificateless Authenticated Two-Party Key Agreement Protocols
,
2006,
ASIAN.