Recently, Yen and Joye showed that Harn and Lin's authenticated multiple-key agreement protocol is insecure against forgery and consequently proposed a revised protocol to repair it. Later, Wu et al. showed that Yen-Joye revision is also insecure and therefore an improved protocol was proposed. However, Wu et al.'s protocol violates the original requirement in which no one-way hash function is needed. On the other hand, in order to overcome Yen-Joye and Wu et al.'s attacks, Harn and Lin proposed a modified version by modifying the signature signing equation. But the modified version increases one exponentiation in the verification equation. Afterward Zhou et al. showed that the second Harh-Lin protocol is insecure against impersonation attack, i. e., a cheater can impersonate a valid user to execute the protocol successfully and obtains parts of the valid session keys. Then they proposed an improved version to enhance the second Harh-Lin protocol. In this paper, we first show that Zhou et al.'s protocol still suffers the impersonation attack, then we propose an improved scheme that is secure against forgery and doesn't involve any one-way hash function. Compared with all above modified versions, our scheme is secure and efficient.

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.