- 期刊
On The Anonymity Of One Multiserver Authenticated Key Agreement With Offline Registration Centre
摘要
The scheme [IEEE Systems Journal, 13(1), 2019, 436{446] uses physically unclonable functions and one-way hash functions to construct an anonymous authenticated key agreement protocol. It claims that a legitimate user U_i can anonymously interact with the service provider using a session key, which is collaboratively generated by the user and the service provider and shared by the two entities. Although in its authentication phase, the user shows only some session parameters, we find an adversary can associate each session to a particular user because the recovered value U_(is)P is used as a long-term parameter, not for one-time use. That means the scheme is not truly anonymous.
延伸閱讀
- Liu, L., Hong, L., & Cao, Z. (2022). Analysis of One Secure Key Agreement and Key Protection for Mobile Device User Authentication. International Journal of Network Security, 24(2), 238-242. https://doi.org/10.6633/IJNS.202203_24(2).06
- Chou, C. H., Tsai, K. Y., & Wu, T. C. (2015). Robust Remote Mutual Authentication Scheme with Key Agreement. 網際網路技術學刊, 16(7), 1283-1289. https://doi.org/10.6138/JIT.2015.16.7.20120619
- Mangipudi, K., Katti, R., & Fu, H. (2006). Authentication and Key Agreement Protocols Preserving Anonymity. International Journal of Network Security, 3(3), 259-270. https://doi.org/10.6633/IJNS.200611.3(3).07
- Eslami, Z., & Rad, S. K. (2010). Another Security Weakness in an Authenticated Group Key Agreement. 網際網路技術學刊, 11(4), 573-576. https://doi.org/10.6138/JIT.2010.11.4.15
- Lin, J. P., & Fu, J. M. (2013). Authenticated Key Agreement Scheme with Privacy-Protection in the Three-party Setting. International Journal of Network Security, 15(3), 179-189. https://doi.org/10.6633/IJNS.201305.15(3).04