Efficient two-party certificateless authenticated key agreement protocol under GDH assumption

“…Efforts have been made to resolve this problem. Since then, many CL-AKA schemes have been proposed [ 29 , 30 , 31 , 32 , 33 , 34 , 35 , 36 , 37 ]. There are two common security requirements for CL-PKC technologies.…”

“…In Sun et al [ 34 ] and Simplicio Jr et al [ 35 ], because the partial key generated by KGC contains only the information of the user’s identifier and the verification tag, only the identifier can actually be checked. Later, Xie et al [ 36 ] and Daniel et al [ 37 ] solve this problem by including the information of verification public key generated by the user and the identifier in the partial key generated by KGC. However, public key replacement attacks are also possible in [ 36 ].…”

“…Later, Xie et al [ 36 ] and Daniel et al [ 37 ] solve this problem by including the information of verification public key generated by the user and the identifier in the partial key generated by KGC. However, public key replacement attacks are also possible in [ 36 ]. The authors of [ 37 ] argued that there was no problem even if the partial key generated by KGC was transmitted publicly.…”

“…In existing schemes [ 17 , 18 , 29 , 31 , 36 ], an attacker can generate a key by simply eavesdropping on transmitted data. To solve this problem, the key is generated during authentication and the key agreement phase in the session.…”

“…Compared with Scheme 1, which can perform authentication and key agreement quickly, it does not show efficiency in terms of speed. However, compared with the existing ECDSA or other schemes [ 29 , 30 , 32 , 33 , 34 , 35 , 36 , 37 ], the computation speed of Scheme 1 is reduced, and it provides safety considering masquerade attack, replay attack, and public key verifiability. Table 4 shows the comparison of Scheme 2 with the existing schemes.…”

A Lightweight Authentication and Key Agreement Schemes for IoT Environments

“…Efforts have been made to resolve this problem. Since then, many CL-AKA schemes have been proposed [ 29 , 30 , 31 , 32 , 33 , 34 , 35 , 36 , 37 ]. There are two common security requirements for CL-PKC technologies.…”

“…In Sun et al [ 34 ] and Simplicio Jr et al [ 35 ], because the partial key generated by KGC contains only the information of the user’s identifier and the verification tag, only the identifier can actually be checked. Later, Xie et al [ 36 ] and Daniel et al [ 37 ] solve this problem by including the information of verification public key generated by the user and the identifier in the partial key generated by KGC. However, public key replacement attacks are also possible in [ 36 ].…”

“…Later, Xie et al [ 36 ] and Daniel et al [ 37 ] solve this problem by including the information of verification public key generated by the user and the identifier in the partial key generated by KGC. However, public key replacement attacks are also possible in [ 36 ]. The authors of [ 37 ] argued that there was no problem even if the partial key generated by KGC was transmitted publicly.…”

“…In existing schemes [ 17 , 18 , 29 , 31 , 36 ], an attacker can generate a key by simply eavesdropping on transmitted data. To solve this problem, the key is generated during authentication and the key agreement phase in the session.…”

“…Compared with Scheme 1, which can perform authentication and key agreement quickly, it does not show efficiency in terms of speed. However, compared with the existing ECDSA or other schemes [ 29 , 30 , 32 , 33 , 34 , 35 , 36 , 37 ], the computation speed of Scheme 1 is reduced, and it provides safety considering masquerade attack, replay attack, and public key verifiability. Table 4 shows the comparison of Scheme 2 with the existing schemes.…”

A Lightweight Authentication and Key Agreement Schemes for IoT Environments

Efficient Implementations of MQV-Based Protocols on Client-Server Architectures

An efficient and secure CLAKA protocol for blockchain-aided wireless body area networks