In 2010, Z. Mohammad proposed a new two-party authenticated key agreement protocol ( MOHAMMAD Z, CHEN Y, HSU C, el al. Cryptanalysis and enhancement of two-pass authenticated key agreement with key confirmation protocols. IETE Technical Review, 2010,27(3) :252 -65). This protocol realizes the key agreement with higher computation efficiency. However, the one-round version of this protocol cannot resist on the loss of information impersonation attack, key compromise impersonation attack and general impersonation attack, this protocol is also vulnerable to man-in-the-middle attack if some security information is lost. These security problems allow the adversary can initiate or reply the protocol with legal participants.%2010年,Mohammad等人提出了一种新的双方认证密钥协商协议(MOHAMMAD Z,CHEN Y,HSU C,et al.Cryptanalysis and enhancement of two-pass authenticated key agreement with key confirmation protocols.IETE Technical Review,2010,27(3):252-65).新协议以较高的运算效率实现了参与者双方的身份认证和密钥协商.对该协议的单轮版本进行了安全性分析,通过模拟协议中某些信息丢失后协议双方的通信过程,发现如果协议中的一些秘密信息丢失,敌手可以发起信息泄露伪装攻击、密钥泄露伪装攻击和一般定义下的伪装攻击,也无法抵抗中间人攻击.这些攻击都可以使得敌手冒充合法参与者发起或回应会话.
展开▼
