Cryptanalysis and improvement of two certificateless three-party authenticated key agreement protocols
Haiyan Sun, Qiaoyan Wen, Hua Zhang, Zhengping Jin, Wenmin Li
TL;DR
This paper critically analyzes two certificateless three-party authenticated key agreement protocols, revealing security flaws and proposing improvements to enhance their resistance against various attacks.
Contribution
It identifies security weaknesses in existing protocols and introduces improved versions with stronger security guarantees.
Findings
One protocol lacks forward security and key compromise impersonation resistance.
The other protocol cannot resist key compromise impersonation attacks.
Improved protocols successfully address the identified security weaknesses.
Abstract
Recently, two certificateless three-party authenticated key agreement protocols were proposed, and both protocols were claimed they can meet the desirable security properties including forward security, key compromise impersonation resistance and so on. Through cryptanalysis, we show that one neither meets forward security and key compromise impersonation resistance nor resists an attack by an adversary who knows all users' secret values, and the other cannot resist key compromise impersonation attack. Finally, we propose improved protocols to make up two original protocols' security weaknesses, respectively. Further security analysis shows that our improved protocols can remove such security weaknesses.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsAdvanced Authentication Protocols Security · Cryptography and Data Security · Security in Wireless Sensor Networks