期刊名称:International Journal of Security and Its Applications
印刷版ISSN:1738-9976
出版年度:2014
卷号:8
期号:4
页码:307-320
DOI:10.14257/ijsia.2014.8.4.28
出版社:SERSC
摘要:How to make people keep both security and privacy in communication networks has been a hot topic in recent years. Researchers proposed three party authenticated key agreement (3PAKA) protocols to answer this question, which allows two parties to agree a new secure session key with the help of a trusted server. Recently, Yang et al. proposed a provably secure 3PAKA protocol. However, this paper finds out Yang et al.'s protocol has a security weakness against password guessing attack and two lack properties in authentication for password updating phase and privacy preserving. Furthermore, we propose anew privacy preserving 3PAKA (P_3PAKA) protocol using smart cards to solve the security problems in Yang et al.'s protocol. It provides user anonymity and un-traceability by adopting dynamic identifier depending on each session's nonce. Comparing with other typical 3PAKA protocols, P_3PAKA protocol is more secure while maintaining efficiency.
