Cryptanalysis and improvement of two certificateless three-party authenticated key agreement protocols (1301.5091v1)

Abstract: Recently, two certificateless three-party authenticated key agreement protocols were proposed, and both protocols were claimed they can meet the desirable security properties including forward security, key compromise impersonation resistance and so on. Through cryptanalysis, we show that one neither meets forward security and key compromise impersonation resistance nor resists an attack by an adversary who knows all users' secret values, and the other cannot resist key compromise impersonation attack. Finally, we propose improved protocols to make up two original protocols' security weaknesses, respectively. Further security analysis shows that our improved protocols can remove such security weaknesses.