The other protocol we consider is a two-party identity-based authenticated key agreement protocol by H\"olbl et al. They have devised two such protocols in their work. They call them Protocol 1 and Protocol 2. Both the protocols have already been shown vulnerable to the insider attack in a recent work by Chen et al. Here we consider Protocol 2 and show its vulnerability to a simple man-in-the-middle attack where the adversary does not know or calculate either party's private key, or the session key. Protocol 2 by H\"olbl et al is an improvement over a previous work by Tseng. This makes the Tseng's protocol vulnerable to the attack we illustrate. We further suggest an additional step for these protocols to make them immune against the man-in-the-middle attack.
Category / Keywords: cryptographic protocols / smart cards, cryptanalysis, key management Publication Info: 30th IEEE International Performance Computing and Communications Conference (IPCCC 2011) Date: received 1 Feb 2011, last revised 2 Dec 2011 Contact author: sroy7 at buffalo edu Available formats: PDF | BibTeX Citation Note: Publication information added. Version: 20111202:193610 (All versions of this report) Discussion forum: Show discussion | Start new discussion