Similar articles

Abstract: Yang and Chang (2009) proposed a three-party authenticated key exchange protocol for securing communications in mobile-commerce environments. Their protocol reduces computation and communication costs by employing elliptic curve cryptosystems. However, Tan (2010) pointed out that Yang and Chang (2009)’s protocol cannot withstand impersonation and parallel attacks, and further proposed an enhanced protocol to resist these attacks. This paper demonstrates that Tan (2010)’s approach still suffers from impersonation attacks, and presents an efficient and secure three-party authenticated key exchange protocol to overcome shown weaknesses.

[1]Cagalj, M., Capkun, S., Hubaux, J.P., 2006. Key agreement in peer-to-peer wireless networks. Proc. IEEE, 94(2):467-478.

[2]Canetti, R., Krawczyk, H., 2001. Analysis of Key-Exchange Protocols and Their Use for Building Secure Channels. Proc. Advances in Cryptology, p.453-474.

[3]Chen, T.H., Lee, W.B., Chen, H.B., 2008. A round- and computation-efficient three-party authenticated key exchange protocol. J. Syst. Softw., 81(9):1581-1590.

[4]Diffie, W., Hellman, M., 1976. New directions in cryptography. IEEE Trans. Inf. Theory, 22(6):644-654.

[5]Guo, H., Li, Z., Mu, Y., Zhang, X., 2008. Cryptanalysis of simple three party key exchange protocol. Comput. Secur., 27(1-2):16-21.

[6]Hölbl, M., Welzer, T., Brumen, B., 2010. Two proposed identity-based three-party authenticated key agreement protocols from pairings. Comput. Secur., 29(2):244-252.

[7]Knuth, D.E., 1981. The Art of Computer Programming, Volume II: Seminumerical Algorithms (2nd Ed.). Addison-Wesley, Reading, MA.

[8]Koblitz, N., 1987. Elliptic curve cryptosystem. Math. Comput., 48(177):203-209.

[9]Lee, C.C., Chang, Y.F., 2008. On security of a practical three-party key exchange protocol with round efficiency. Inf. Technol. Control, 37(4):333-335.

[10]Lee, S.W., Kim, H.S., Yoo, K.Y., 2005. Efficient verifier-based key agreement protocol for three parties without server’s public key. Appl. Math. Comput., 167(2):996-1003.

[11]Lu, R., Cao, Z., 2007. Simple three-party key exchange protocol. Comput. Secur., 26(1):94-97.

[12]Menezes, A.J., Orschot, P.C., Vanstone, S.A., 1996. Handbook of Applied Cryptography. CRC Press.

[13]Miller, V.S., 1986. Use of Elliptic Curves in Cryptography. Proc. Advances in Cryptology, p.417-426.

[14]Padmavathy, R., 2010. Improved three party EKE protocol. Inf. Technol. Control, 39(3):220-226.

[15]Schnorr, C.P., 1989. Efficient Identification and Signatures for Smart Cards. Proc. CRYPTO, p.239-252.

[16]Tan, Z., 2010. An enhanced three-party authentication key exchange protocol for mobile commerce environments. J. Commun., 5(5):436-443.

[17]Tsaur, W.J., Chou, C.H., 2005. Efficient algorithms for speeding up the computations of elliptic curve cryptosystems. Appl. Math. Comput., 168(2):1045-1064.

[18]Yang, J.H., Chang, C.C., 2009. An efficient three-party authenticated key exchange protocol using elliptic curve cryptography for mobile-commerce environments. J. Syst. Software, 82(9):1497-1502.

[19]Yoon, E.J., Yoo, K.Y., 2008. Improving the novel three-party encrypted key exchange protocol. Comput. Stand. Interf., 30(5):309-314.