Title :
On the security of certificateless authenticated key agreement protocol
Author :
Hou Meng-Bo ; Xu Qiu-liang
Author_Institution :
Sch. of Comput. Sci. & Technol., Shandong Univ., Jinan, China
Abstract :
Authenticated key agreement protocol is a fundamental building block for ensuring private communications between two or more parties over an insecure network. Certificateless public key cryptography (CL-PKC) combines the advantage of the identity-based public key cryptography (ID-PKC) and the traditional PKI. In the recent work, Wang et al. proposed an efficient two-party certificateless authenticated key agreement protocol from pairings used to protect the Web client/server communication. However, we found the scheme cannot withstand key compromise impersonation attack, and also, is vulnerable to one form of the man-in-the-middle attack -- key replicating attack, thus it doesn´t possess some desirable security attributes,such as key compromise impersonation resilience and key integrity. We analyze the key replicating attack against the protocol in the BR93 security model in detail, and demonstrate that the protocol is not secure if the adversary was allowed to send a reveal query to reveal non-partner players who had accepted the same session key.
Keywords :
Internet; client-server systems; protocols; public key cryptography; BR93 security model; Web client-server communication; certificateless authenticated key agreement protocol; certificateless public key cryptography; identity-based public key cryptography; key replicating attack; man-in-the-middle attack; private communications; Authentication; Computer science; Computer security; Cryptographic protocols; Data security; Identity-based encryption; Network servers; Protection; Public key cryptography; Resilience;
Conference_Titel :
IT in Medicine & Education, 2009. ITIME '09. IEEE International Symposium on
Conference_Location :
Jinan
Print_ISBN :
978-1-4244-3928-7
Electronic_ISBN :
978-1-4244-3930-0
DOI :
10.1109/ITIME.2009.5236217
