The Saeed-Liu-Tian-Gao-Li authenticated key agreement protocol is insecure

06/21/2019
by   Chris J Mitchell, et al.
0

A recently proposed authenticated key agreement protocol is shown to be insecure. In particular, one of the two parties is not authenticated, allowing an active man in the middle opponent to replay old messages. The protocol is essentially an authenticated Diffie-Hellman key agreement scheme, and the lack of authentication allows an attacker to replay old messages and have them accepted. Moreover, if the ephemeral key used to compute a protocol message is ever compromised, then the key established using the replayed message will also be compromised. Fixing the problem is simple - there are many provably secure and standardised protocols which are just as efficient as the flawed scheme.

READ FULL TEXT

page 1

page 2

page 3

page 4

research
08/14/2023

Secure and Dynamic Publish/Subscribe: LCMsec

We propose LCMsec, a brokerless, decentralised Publish/Subscribe protoco...
research
05/05/2021

Breaking and Fixing Unlinkability of the Key Agreement Protocol for 2nd Gen EMV Payments

To address privacy problems with the EMV standard, EMVco proposed a Blin...
research
01/09/2018

An efficient and secure two-party key agreement protocol based on chaotic maps

Secure communication is a matter of genuine concern that includes means ...
research
02/25/2023

A One-way Secret Key Agreement with Security Against Active Adversaries

In a one-way secret key agreement (OW-SKA) protocol in source model, Ali...
research
04/24/2020

Multiparty Quantum Key Agreement That is Secure Against Collusive Attacks

Quantum key agreement enables remote users to fairly establish a secure ...
research
09/14/2021

A comprehensive secure protocol for all D2D scenarios

To fulfill two integral aims of abating cellular traffic and enhancing e...
research
05/14/2019

LASER: Lightweight And SEcure Remote keyless entry protocol (Extended version)

Since Remote Keyless Entry (RKE) systems started to be widely used, seve...

Please sign up or login with your details

Forgot password? Click here to reset