Cryptanalysis and improvement of an efficient two-party authentication key exchange protocol for mobile environment

Abstract

A mobile user can access mobile service anywhere and at anytime through mobile environment. However, mobile environment can be vulnerable to potential adversary because mobile service is provided in public network. To overcome these security issue, in 2017, Qi et al. proposed an efficient two-party authentication key exchange protocol for mobile environment. However, we point out that Qi et al.'s scheme cannot resist insider attack, impersonation attack and trace attack. we also demonstrate that Qi et al.'s scheme cannot provide anonymity. In order to theses security weaknesses, we propose improved and efficient two-party authentication key exchange protocol for mobile environment using secure parameter.