Cryptanalysis and Design of a Three-Party Authenticated Key Exchange Protocol Using Smart Card

Three-party authenticated key exchange protocol (3PAKE) is used to provide security protection on the transmitted data over the insecure communication by performing session key agreement between the entities involved. Comparing with the 2PAKE protocol, 3PAKE protocol is more suitable for managing unrestricted number of users. Recently, several researchers have proposed many 3PAKE protocols using smart card. However, we have scrutinized carefully recently published Yang et al.'s protocol, and it has been observed that the same protocol suffers from several security weaknesses such as insider attack, off-line password guessing attack, many logged-in users' attack and replay attack. Moreover, we have justified a serious security issue of the password change phase of the same scheme. In order to fix the above-mentioned shortcomings, this paper proposes an efficient 3PAKE protocol using smart card based on the cryptographic one-way hash function. The formal security analysis proves that proposed protocol provides strong security protection on the relevant security attacks including the above-mentioned security weaknesses. Moreover, the simulation results of the proposed scheme using AVISPA tool show that the same protocol is SAFE under OFMC and CL-AtSe models. The performance comparisons are also made, which ensure that the protocol is relatively better than the existing related schemes. To the best of our knowledge, the proposed scheme should be implemented in practical application, as it provides well security protection on the relevant security attacks, provides relatively better complexities than the existing schemes, achieves proper mutual authentication along with user-friendly password change phase.