An Efficient Password-Based Authenticated Key Exchange Protocol with Provable Security for Mobile Client-Client Networks

Three party password based authenticated key exchange protocol can sanction couple of clients to institute a protected session key through a server above an insecure communication link. Youn et al. (Telecommun Syst 52(2):1367-1376, 2013) proposed three-party efficient and robust authenticated key exchange scheme that incurs three rounds. They assert that their scheme is invincible against customary attacks. Moreover, they claimed the scheme is lightweight due to low communication, computation costs and incorporating authentication in three rounds. However, comprehensive analysis in this paper reveals that Youn et al.'s scheme is susceptible to impersonation attack. To overcome the security feebleness, this paper introduces a modest scheme which not only maintains round efficiency, communication and computation costs but it also offer comprehensive security to repel popular security attacks. The security of the proposed scheme is verified through random oracle model.