Cryptanalysis of authentication and key establishment protocol in Mobile Edge Computing Environment

TL;DR

This paper critically analyzes a proposed MEC authentication protocol, revealing significant vulnerabilities such as key computation, impersonation, and traceability attacks, which compromise user privacy and security.

Contribution

The paper provides the first cryptanalysis of Wu et al.'s MEC authentication scheme, exposing critical security flaws and demonstrating how they can lead to user impersonation and secret exposure.

Findings

The scheme is vulnerable to key computation attacks.

Mobile user impersonation is possible due to scheme flaws.

Long-term secrets can be exposed, enabling malicious server impersonation.

Abstract

Recently, in the area of Mobile Edge Computing (MEC) applications, Wu et al. proposed an authentication and key establishment scheme and claimed their protocol is secure. Nevertheless, cryptanalysis shows the scheme fails to provide robustness against key computation attack, mobile user impersonation attack and traceability attack. Vulnerabilities in their scheme lead to the exposure of mobile users' long term secret to mobile edge server provided both parties complete a successful session. This enables any malicious edge servers, who had communicated with the user earlier, to compute current session keys between the user and other legitimate servers. Also, since long term secret is exposed, such malicious servers can impersonate the user. We present a cryptanalysis of the scheme.