A Certificate-Based AKA Protocol Secure Against Public Key Replacement Attacks

Certificate-based cryptography is a new public key cryptographic paradigm that has many appealing features since it simultaneously solves the certificate revocation problem in conventional public key cryptography and the key escrow problem in identity-based cryptography. Till now, three certificate-based Authenticated Key Agreement (AKA) protocols have been proposed. However, our cryptanalysis shows that none of them is secure under the public key replacement attack. To overcome the security weaknesses in these protocols, we develop a new certificate-based AKA protocol. In the random oracle model, we formerly prove its security under the hardness of discrete logarithm problem, computational Diffie-Hellman problem and bilinear Diffie-Hellman problem. Compared with the previous proposals, it enjoys lower computation overhead while providing stronger security assurance. To the best of our knowledge, it is the first certificate-based AKA protocol that resists the public key replacement attack in the literature so far.