Forward Secrecy. We could have the same assumptions as in Juang et al.’s security analysis that attacker could get the system’s long term secret keys KGWN-U and KGWN-S and could steal and read the smart card of ▇▇. Then, attacker could get { H(·), g, PTCi, PUGWN-U } from the smart card and { PUi, DIDi, Ci}, {DIDi, PUi, CGWN}, {SIDj, PUj, Cj, Cij} and {SIDj, PUj, Cij, EGWN} from the intercepted messages among Ui, GWN and Sj. There is only way that the attacker could get the session key KEYij by knowing ▇▇ or Kj from PUi and PUj, respectively. However, they are based on the difficulty of the discrete logarithm problems. Furthermore, even GWN could not compute the session key KEYij between Ui and Sj neither. ▇▇▇▇▇▇▇, the proposed scheme could provide forward secrecy.
Appears in 2 contracts
Sources: Authenticated Key Agreement Scheme, Authenticated Key Agreement Scheme