English

Cryptanalysis of an Identity-Based Authenticated Key Exchange Protocol

Cryptography and Security 2017-10-31 v2

Abstract

Authenticated Key Exchange (AKE) protocols represent an important cryptographic mechanism that enables several parties to communicate securely over an open network. Elashry, Mu and Susilo proposed in 2015 an Identity Based Authenticated Key Exchange (IBAKE) protocol where different parties establish secure communication by means of their public identities. The authors also introduced a new security notion for IBAKE protocols called resiliency, that is, if a shared secret between a group of parties is compromised or leaked, they can generate another completely new shared secret without the need to set up a new key exchange session. They then proved that their IBAKE protocol satisfies this security notion. We analyze the security of their protocol and prove that it has a major security flaw which renders it insecure against an impersonation attack. We also disprove the resiliency property of their scheme by proposing an attack where an adversary can compute any share secret key if just one secret bit is leaked.

Keywords

Cite

@article{arxiv.1611.07299,
  title  = {Cryptanalysis of an Identity-Based Authenticated Key Exchange Protocol},
  author = {Younes Hatri and Ayoub Otmani and Kenza Guenda},
  journal= {arXiv preprint arXiv:1611.07299},
  year   = {2017}
}

Comments

To appear in International Journal of Communication Systems

R2 v1 2026-06-22T17:00:44.778Z