Cryptanalysis of Two Authenticated Key Agreement Protocols in Multi-Server Environments

Abstract

Today, the use of Multi-Server Authenticated Key Agreement (MAKA) schemes has become widespread. In the multi-server authenticated key agreement, each entity registers with a registration server, and the key agreement takes place. After that, based on the desired applications, the user communicates with the application servers and he/she does not need to register with these service providers anymore. There are many protocols introduced for MAKA in different environments such as the 5G and cloud service environments, each one could assure some security features such as confidentiality, authentication and privacy. However, some of these schemes are vulnerable to different attacks. In the current paper, we first study two well-known MAKA schemes called the Wang et al.’s protocol (Wang et al., 2022) and the Palit et al.’s protocol (Palit et al., 2023) and then we propose a server spoofing attack on Wang et al.’s protocol. On the other hand, we show that Palit et al.’s protocol is vulnerable to DoS and desynchronization attacks. We also propose some suggestions to make the schemes resistant to those attacks. © 2025 ISC. All rights reserved.