Parallel Session Attack definition
Parallel Session Attack. Suppose an adversary intercepts the message {IM, GC}, {MS, GS}, and {MU} to create a valid login. But he cannot succeed as GC and GS depends on random rC and rS. The adversary cannot find the value of rC and rS due to the intractability of elliptic curve discrete logarithm problem. Explicit Key Confirmation: Using three exchanged messages in the authentication phase, our scheme achieved the explicit key confirmation. AS needs the correct session key KSU to generate the value MS, which is equal to h (KSU||GC||GS). Therefore, AS can be assured that U has actually computed KSU = h(V*||(rC × GS)), after AS has verified that the value MU is equal to h(KSU||GS) and thus, U can be assured that AS has actually computed KSU = h(h(ID||KS)||(rS × GC).