Cryptanalysis and amendment of authenticated key exchange protocol for mobile devices

Recent innovations in wireless technologies have led to a surge in the popularity of mobile applications, enabling users to access various web services via their mobile devices at any time and from any location. As a result, ensuring security in wireless communications has become paramount due to the inherently public nature of the communication channel. In the past twenty years, cryptographers have introduced numerous authentication schemes tailored for mobile devices to assure secure communication, typically following either a two-party or three-party scenario. However, many of these schemes rely on discrete log (DLP) or factorization (IF) number-theoretic hard problems, which can be efficiently solved using Shor's algorithm on a highly scalable quantum computer. Consequently, authenticated key exchange (AKE) protocols constructed on these mathematical problems are considered insecure in post-quantum environments. Thus, there is a pressing need to analyze and design AKE schemes suitable for quantum environments. Moony et al. introduced a two-party AKE protocol constructed on the ring-LWE challenge in this context. We have identified vulnerabilities in their scheme, particularly susceptibility to key mismatch attacks. We introduce a novel AKE mechanism based on the RLWE problem to overcome this flaw. We have demonstrated that the proposed protocol resists key mismatch attack, User impersonation, known session key threat, replay attack, privileged insider attack, men in the middle attack and offline password guessing. Moreover, We rigorously analyze and establish the security of the presented design within the ROM. The proposed design also achieves perfect forward secrecy. Additionally, we conduct performance evaluation and comparative study to gauge the practical effectiveness of our proposed design.