ABSTRACT
Park et al. proposed a protocol named 2PAKEP: provably secure and efficient two party authentications and key exchange protocol for mobile environment. This chapter reviews Park et al. scheme for mobile commerce environment. The scheme can be elucidated into four phases, namely, System initialization phase, User registration phase, Mutual authentication and key exchange phase and Password change phase. In the registration phase, the user delivers the registration request which contains the real identity of the user to the server. By intercepting some valid messages of the legitimate user, the adversary easily achieves mutual authentication and negotiates a valid session key with the server. After analyzing the 2PAKE protocol in detail, it is shown that user impersonation attack, many logged in user’s problem, privileged insider attack and known session specific temporary information attack and clock synchronization problem exist in the scheme.
