Recently, Chang et al. proposed a security enhancement in Ku and Wang’s authenticated key agreement protocol. Two parties employ the pre-shared password to agreement a common session key via insecure network. However, in this article, we will show that Chang et al.’s scheme is suffer from the backward replay attack and the off-line password guessing attack.

's scheme and both of them pointed out, more or less, same vulnerabilities: like offline password guessing attack, impersonating the server by replay attack, denial of service attack on password changing and insider attack on it. But none of them suggested any solution to the pointed out attacks. This paper proposes an improved scheme with enhanced security, maintaining advantages of the original scheme and free from the attacks pointed out by Yoon-Yoo and Xiang et al..

Abstract Going along with the rapid development of web technologies, in some applications on demands, partners or staffs may make a great quantity of web transactions or personal communications anytime and anywhere. However, the partners could be distributed over different network domains. They require a communal trusted third party to help them establish a shared session key for future communications. In addition, from the privacy or security point of view, the partners hope that their transactions patterns or movements are not recorded from any external eavesdropper. However, this privacy issue has never been addressed in previous literature. In this paper, we first propose a three-party key agreement scheme to construct a secure transaction mechanism with privacy protection. In our scheme, the major merits include: (1) prevention of some known attacks; (2) satisfaction of the perfect forward secrecy; (3) security against the session state reveal; (4) privacy protection; (5) no sensitive verifier table; and (6) low communication and computation cost.

Vehicular communication networking can provide well-suited traffic messages, emergency warning messages and infotainment dissemination, and improve driving condi-tion for drivers. The authentication of these information is particularly important in VANET since the wrong traf-fic information may result in traffic accident and traffic jam. And VANET requires short verifying delay to re-sponse messages. To identify invalid messages and reduce verifying delay, a lot of schemes have been proposed to verify the information of VANET by batch verification technique. Recently, Lee et al. ’ proposed an improved authentication scheme with batch verification based on bilinear pairing to make VANET more secure, efficient, and more suitable for practical use. Unfortunately, their scheme is shown to be insecure and cannot achieve re-play attacking, tracing and non-repudiation of message. Finally, to overcome the above flaws, an improved authen-tication scheme is proposed. And the security proof and performance analysis are presented. By comparing with Lee et al.s’scheme and Zhang et al.’s scheme in terms of verifying delay, our scheme is more efficient than Zhang et al.’s scheme. And Batch verification time in our scheme is more 0.6ms than that of Lee et al.’s scheme, however, Lee et al.’s is insecure.

Key Establishment for Wireless Roaming (KE-WR) is ex-pected to ensure a mobile user to establish a fresh session key with a foreign WSP and also roam from one foreign network domain to another while enjoying the roaming services. However, so far there is no ID-based KE-WR protocol proposed in the literatures with a formal secu-rity proof in an appropriate model. The main work of this article address the current gap by first proposing a vari-ation of classic CK and eCK model to support the wire-less roaming scenario, which is called rCK model. This article extend classic security model by introducing the simulation of broadcast query and multiple Key Genera-tion Center scenario and also giving the re-defined session definitions and additional adversary capability. Second, this article proposes a novel suite of One-Pass Key Estab-lishment Protocols for Wireless Roaming.