On the security of certificateless authenticated key agreement protocol

Authenticated key agreement protocol is a fundamental building block for ensuring private communications between two or more parties over an insecure network. Certificateless public key cryptography (CL-PKC) combines the advantage of the identity-based public key cryptography (ID-PKC) and the traditional PKI. In the recent work, Wang et al. proposed an efficient two-party certificateless authenticated key agreement protocol from pairings used to protect the Web client/server communication. However, we found the scheme cannot withstand key compromise impersonation attack, and also, is vulnerable to one form of the man-in-the-middle attack -- key replicating attack, thus it doesn´t possess some desirable security attributes,such as key compromise impersonation resilience and key integrity. We analyze the key replicating attack against the protocol in the BR93 security model in detail, and demonstrate that the protocol is not secure if the adversary was allowed to send a reveal query to reveal non-partner players who had accepted the same session key.