Security weaknesses of authenticated key agreement protocols

In this paper, we analyze the protocols of Tan, Lim et al., Chen et al. and five protocols of Holbl et al. After the analysis, we found that Tan et [email protected]?s, Lim et [email protected]?s and two protocols of Holbl et al. are insecure against the impersonation attack and the man-in-the-middle attack, Chen et [email protected]?s protocol cannot withstand the key-compromise impersonation attack, one protocol of Holbl et al. is vulnerable to the insider attack, one allows an adversary to compute the private key of any user and one protocol allows her to compute the shared secret key.

[1]  Michael Darnell Proceedings of the 6th IMA International Conference on Cryptography and Coding , 1997 .

[2]  Zuowen Tan An Enhanced Three-Party Authentication Key Exchange Protocol for Mobile Commerce Environments , 2010, J. Commun..

[3]  Sanggon Lee,et al.  Cryptanalysis of Improved One-round Lin-Li's Tripartite Key Agreement Protocol , 2008, 2008 10th International Conference on Advanced Communication Technology.

[4]  Chu-Hsing Lin,et al.  Secure one-round tripartite authenticated key agreement protocol from Weil pairing , 2005, 19th International Conference on Advanced Information Networking and Applications (AINA'05) Volume 1 (AINA papers).

[5]  Marko Hölbl,et al.  Two proposed identity-based three-party authenticated key agreement protocols from pairings , 2010, Comput. Secur..

[6]  Youngho Park,et al.  An Enhanced One-Round Pairing-Based Tripartite Authenticated Key Agreement Protocol , 2007, ICCSA.

[7]  Marko Hölbl,et al.  Two improved two-party identity-based authenticated key agreement protocols , 2009, Comput. Stand. Interfaces.

[8]  Alfred Menezes,et al.  Key Agreement Protocols and Their Security Analysis , 1997, IMACC.

[9]  Wei-Bin Lee,et al.  A round- and computation-efficient three-party authenticated key exchange protocol , 2008, J. Syst. Softw..

[10]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[11]  Xiuying Zhao,et al.  Cryptanalysis of a Three-Party Authenticated Key Exchange Protocol Using Elliptic Curve Cryptography , 2009, 2009 International Conference on Research Challenges in Computer Science.

[12]  Antoine Joux A One Round Protocol for Tripartite Diffie-Hellman , 2000, ANTS.

[13]  Kyung-Ah Shim,et al.  Efficient one round tripartite authenticated key agreement protocol from Weil pairing , 2003 .

[14]  Gene Tsudik,et al.  Refinement and extension of encrypted key exchange , 1995, OPSR.

[15]  Chin-Chen Chang,et al.  An efficient three-party authenticated key exchange protocol using elliptic curve cryptography for mobile-commerce environments , 2009, J. Syst. Softw..

[16]  Yalin Chen,et al.  Comment on four two-party authentication protocols , 2010, IACR Cryptol. ePrint Arch..

[17]  Steven M. Bellovin,et al.  Encrypted key exchange: password-based protocols secure against dictionary attacks , 1992, Proceedings 1992 IEEE Computer Society Symposium on Research in Security and Privacy.

[18]  Alfred Menezes,et al.  Handbook of Applied Cryptography , 2018 .

[19]  Adi Shamir,et al.  Identity-Based Cryptosystems and Signature Schemes , 1984, CRYPTO.