Skip to Main Content
Quite recently, Yang et al. presented an efficient three-party authenticated key exchange protocol based upon elliptic curve cryptography for mobile-commerce environments. In this paper, we demonstrate that Yang et al's three-party authenticated protocol is potentially vulnerable to an unknown key-share attack. Thereafter, we suggest a countermeasure to resist our described attacks while the merits of the original protocol are left unchanged. On the other hand, through this work, we also highlight that the existence of insider attacks needs to be taken into consideration in the three-party setting.