An Id-Based Three-Party Authenticated Key Exchange Protocol Using Elliptic Curve Cryptography for Mobile-Commerce Environments

Abstract

To ensure secure communications in public network environments, various three-party authenticated key exchange (3PAKE) protocols were proposed to provide the transaction confidentiality and efficiency. In 2009, Yang et al. proposed an efficient 3PAKE protocol based upon elliptic curve cryptography (ECC) for mobile-commerce environments. The adoption of elliptic curve cryptography in their 3PAKE protocol results in low computation costs and light communication loads. However, Tan demonstrated that Yang et al.’s protocol suffers from the impersonation attack. Tan also proposed an enhanced protocol to improve the security and the performance. However, Nose pointed that Tan’s protocol suffers from the impersonation attack and the man-in-the-middle attack. To improve the security, we propose an ID-based 3PAKE using ECC. The analysis shows our protocol is more suitable and practical for mobile-commerce environments.