Cryptanalysis of Two Authenticated Key Agreement Protocols in Multi-Server Environments

Jaberi, Mehrad; Mala, Hamid; Sadat Madani, Seyede Marzieh

doi:10.22042/isecure.2025.217400

Cryptanalysis of Two Authenticated Key Agreement Protocols in Multi-Server Environments

Document Type : Research Article

Authors

Mehrad Jaberi

Hamid Mala

Seyede Marzieh Sadat Madani

Department of IT engineering, Faculty of Computer Engineering, University of Isfahan, Isfahan, Iran

https://doi.org/10.22042/isecure.2025.217400

Abstract

Today, the use of Multi-Server Authenticated Key Agreement (MAKA) schemes has become widespread. In the multiserver authenticated key agreement, each entity registers with a registration server, and the key agreement takes place. After that, based on the desired applications, the user communicates with the application servers and he/she does not need to register with these service providers anymore. There are many protocols introduced for MAKA in different environments such as the 5G and cloud service environments, each one could assure some security features such as confidentiality, authentication and privacy. However, some of these schemes are vulnerable to different attacks. In the current paper, we first study two well-known MAKA schemes called the Wang et al.’s protocol (Wang et al., 2022) and the Palit et al.’s protocol (Palit et al., 2023) and then we propose a server spoofing attack on Wang et al.’s protocol. On the other hand, we show that Palit et al.’s protocol is vulnerable to DoS and desynchronization attacks. We also propose some suggestions to make the schemes resistant to those attacks.

Keywords

Authentication

Denial of Service

Desynchronization Attack

Key Agreement

Server Spoofing Attack

[1] Inam ul Haq, Jian Wang, Youwen Zhu, and Saad Maqbool. A survey of authenticated key agreement protocols for multi-server architecture. Journal of Information Security and Applications, 55:102639, 2020.
[2] Wenming Wang, Haiping Huang, Fu Xiao, Qi Li, and Lingyan Xue. An adaptive secure handover authenticated key agreement for multiserver architecture communication applications. IEEE Transactions on Vehicular Technology, 71(9):9830–9839, 2022.
[3] Sudip Kumar Palit, Mohuya Chakraborty, and Subhalaxmi Chakraborty. Performance analysis of 5gmaka: lightweight mutual authentication and key agreement scheme for 5g network. The Journal of Supercomputing, 79(4):3902–3935, 2023.
[4] Li-Hua Li, Luon-Chang Lin, and Min-Shiang Hwang. A remote password authentication scheme for multiserver architecture using neural networks. IEEE Transactions on Neural Networks, 12(6):1498–1504, 2001.
[5] Dexin Yang and Bo Yang. A biometric password-based multi-server authentication scheme with smart card. In 2010 international conference on computer design and applications, volume 5, pages V5–554. IEEE, 2010.
[6] SK Hafizul Islam. A provably secure id-based mutual authentication and key agreement scheme for mobile multi-server environment without esl attack. Wireless Personal Communications, 79(3):1975–1991, 2014.
[7] Debiao He, Sherali Zeadally, Neeraj Kumar, and Wei Wu. Efficient and anonymous mobile user authentication protocol using self-certified public key cryptography for multi-server architectures. IEEE transactions on information forensics and
security, 11(9):2052–2064, 2016.
[8] Ruhul Amin, SK Hafizul Islam, Mohammad S Obaidat, GP Biswas, and Kuei-Fang Hsiao. An anonymous and robust multi-server authentication protocol using multiple registration servers. International Journal of Communication Systems, 30(18):e3457, 2017.
[9] Ashish Kumar and Hari Om. An improved and secure multiserver authentication scheme based on biometrics and smartcard. Digital Communications and Networks, 4(1):27–38, 2018.
[10] Subhas Barman, Ashok Kumar Das, Debasis Samanta, Samiran Chattopadhyay, Joel JPC Rodrigues, and Youngho Park. Provably secure multi-server authentication protocol using fuzzy commitment. IEEE Access, 6:38578–38594, 2018.
[11] Tsu-Yang Wu, Zhiyuan Lee, Mohammad S Obaidat, Saru Kumari, Sachin Kumar, and Chien-Ming Chen. An authenticated key exchange protocol for multi-server architecture in 5g networks. IEEE Access, 8:28096–28108, 2020.
[12] Prasanta Kumar Roy and Ansuman Bhattacharya. A group key-based lightweight mutual authentication and key agreement (maka) protocol for multi-server environment. The Journal of Supercomputing, 78(4):5903–5930, 2022.
[13] Yuelei Xiao and Shan Gao. 5gaka-lcco: A secure 5g authentication and key agreement protocol with less communication and computation overhead. Information, 13(5):257, 2022.
[14] Xinxin Hu, Caixia Liu, Shuxin Liu, Jinsong Li, and Xiaotao Cheng. A vulnerability in 5g authentication protocols and its countermeasure. IEICE TRANSACTIONS on Information and Systems, 103(8):1806–1809, 2020.
[15] Xinxin Hu, Caixia Liu, Shuxin Liu, and Xiaotao Cheng. A security enhanced 5g authentication scheme for insecure channel. IEICE TRANSACTIONS on Information and Systems, 103(3):711–713, 2020.
[16] Mohammad Mahdi Modiri, Mahmoud Salmasizadeh, Javad Mohajeri, and Babak Hossein Khalaj. Two protocols for improving security during the authentication and key agreement procedure in the 3gpp networks. Computer Communications, 211:286–301, 2023.
[17] Yuelei Xiao and Yang Wu. 5g-ipaka: An improved primary authentication and key agreement protocol for 5g networks. Information, 13(3):125, 2022.
[18] Junho Lee, Dongwook Kim, Jinhyun Park, and Hyungweon Park. A multi-server authentication protocol achieving privacy protection and traceability for 5g mobile edge computing. In 2021 IEEE international conference on consumer electronics (ICCE), pages 1–4. IEEE, 2021.
[19] Shivangi Shukla and Sankita J Patel. A design of provably secure multi-factor ecc-based authentication protocol in multi-server cloud architecture. Cluster Computing, pages 1–22, 2023.
[20] 3GPP Group. Authentication and key management for applications (akma) in 5g, 2022. https://www.3gpp.org/technologies/akma [Accessed: (2022/03/04)].