Security flaws in authentication and key establishment protocols for mobile communications

Mobile electronic commerce has started recently to appear in the scene by exploiting the advantages of mobile computing and telecommunications in order to provide a large number of advanced services to mobile users. A variety of protocols suitable for applications in upcoming third-generation mobile systems such as UMTS have been proposed. In this paper, we identify security flaws with several authentication and key establishment protocols for mobile communications introducing a new kind of attack: known key-share attack. Our results show that the protocols do not provide authentication as intended.