Abstract:Hao proposed the YAK as a robust key agreement based on public‐key authentication, and the author claimed that the YAK protocol withstands all known attacks and therefore is secure against an extremely strong adversary. However, Toorani showed the security flaws in the YAK protocol. This paper shows that the YAK protocol cannot withstand the known key security attack, and its consequences lead us to introduce a new key compromise impersonation attack, where an adversary is allowed to reveal both the shared static secret key between two‐party participation and the ephemeral private key of the initiator party in order to mount this attack. In addition, we present a new security model that covers these attacks against an extremely strong adversary. Moreover, we propose an improved YAK protocol to remedy these attacks and the previous attacks mentioned by Toorani on the YAK protocol, and the proposed protocol uses a verification mechanism in its block design that provides entity authentication and key confirmation. Meanwhile, we show that the proposed protocol is secure in the proposed formal security model under the gap Diffie‐Hellman assumption and the random oracle assumption. Moreover, we verify the security of the proposed protocol and YAK protocol by using an automatic verification method such as the Scyther tool, and the verification result shows that the security claims of the proposed protocol are proven, in contrast to those of the YAK protocol, which are not proven. The security and performance comparisons show that the improved YAK protocol outperforms previous related protocols.

Cryptanalysis and improvement of the YAK protocol with formal security proof and security verification via Scyther

Cryptanalysis and Improvement of Park Et Al.'s Remote User Authentication Protocol

Cryptographic Methods for Securing the YML Framework

Security Analysis on an Improvement of RSA-Based Password Authenticated Key Exchange.

Remarks on Unknown Key-Share Attack on Authenticated Multiple-Key Agreement Protocol

Cryptanalysis and Improvement of Robust Deniable Authentication Protocol

A Novel Lightweight Authentication Protocol for YML Framework

Security Analysis of Shim's Authenticated Key Agreement Protocols from Pairings

Cryptanalysis and Improvement of an Extended Chaotic Maps-Based Key Agreement Protocol

An improved certificateless authenticated key agreement protocol

An Improved Anonymous Remote User Authentication Scheme with Key Agreement Based on Dynamic Identity

Cryptanalysis and improvement of TAKASIP protocol

Cryptanalysis of Aydos Et Al.'s ECC-based Wireless Authentication Protocol

Security on Aydos Et Al's Elliptic Curve Cryptography Based Wireless Authentication Protocol

An efficient two-factor authentication protocol based on elliptic curve cryptosystem with provable security

Provably Secure Password-Authenticated Key Exchange Using Diffie-Hellman

A New Authenticated Key Agreement Scheme Based on Smart Cards Providing User Anonymity with Formal Proof.

An enhanced ID-based remote mutual authentication with key agreement protocol for mobile devices on elliptic curve cryptosystem.

Cryptanalysis of A Dynamic Id-Based Remote User Authentication?With Key Agreement Scheme

An Enhanced Dynamic Authentication Scheme for Mobile Satellite Communication Systems.

The New Enhanced Simple Authenticated Key Agreement Algorithm