Privacy Preserving Three-party Authenticated Key Agreement Protocol using Smart Cards

How to make people keep both security and privacy in communication networks has been a hot topic in recent years. Researchers proposed three party authenticated key agreement (3PAKA) protocols to answer this question, which allows two parties to agree a new secure session key with the help of a trusted server. Recently, Yang et al. proposed a provably secure 3PAKA protocol. However, this paper finds out Yang et al.'s protocol has a security weakness against password guessing attack and two lack properties in authentication for password updating phase and privacy preserving. Furthermore, we propose anew privacy preserving 3PAKA (P_ 3PAKA) protocol using smart cards to solve the security problems in Yang et al.'s protocol. It provides user anonymity and un-traceability by adopting dynamic identifier depending on each session's nonce. Comparing with other typical 3PAKA protocols, P_ 3PAKA protocol is more secure while maintaining efficiency.