A secure and efficient identity-based authenticated key exchange protocol for mobile client-server networks

Recently, Chou et al. (J Supercomput 66(2): 973-988, 2013) proposed two identity-based key exchange protocols using elliptic curves for mobile environments. The first one is an two-party authentication key exchange protocol to establish a session key between a client and a remote server. The second one is an extended version for three-party setting to establish a session key between two clients with the help of a trusted server. However, this paper finds the first one vulnerable to impersonation attack and key-compromise impersonation attack, and the second one insecure against impersonation attack. To overcome the weaknesses, we propose an improved identity-based two-party authentication key exchange protocol using elliptic curves. The rigorous analysis shows that our scheme achieves more security than related protocols.