Pitfalls in a server-aided authenticated group key establishment

In this paper, we present a cryptanalysis of a recently proposed server-aided group key agreement scheme by Sun et al. This proposal is designed for mobile environments, in which a group of users aim at establishing a common secret key with the help of a semi-trusted server. At this, authentication is achieved using certificateless public key cryptography. We evidence that the scheme does not achieve forward secrecy, is vulnerable to a known session attack (that can, for instance, be mounted by a semi-honest server) and is not (as claimed by the authors) contributory. Further security hardships in more restricted models (i.e. in which stronger corruptions are allowed) are also discussed.