J Supercomput DOI 10.1007/s11227-014-1170-5 A secure and efficient identity-based authenticated key exchange protocol for mobile client–server networks Mohammad Sabzinejad Farash · Mahmoud Ahmadian Attari © Springer Science+Business Media New York 2014 Abstract Recently, Chou et al. (J Supercomput 66(2): 973–988, 2013) proposed two identity-based key exchange protocols using elliptic curves for mobile environments. The first one is an two-party authentication key exchange protocol to establish a session key between a client and a remote server. The second one is an extended version for three-party setting to establish a session key between two clients with the help of a trusted server. However, this paper finds the first one vulnerable to impersonation attack and key-compromise impersonation attack, and the second one insecure against impersonation attack. To overcome the weaknesses, we propose an improved identity-based two-party authentication key exchange protocol using elliptic curves. The rigorous analysis shows that our scheme achieves more security than related protocols. Keywords Elliptic curve cryptography · Key exchange protocol · Mutual authentication · Client–server network 1 Introduction Mobile communication recently has become more pervasive and gained popularity. People can roam freely and use mobile services almost everywhere. However, people are worried about two major security issues in the mobile communication: privacy and authentication. Privacy assures that the communication messages are not intercepted M. S. Farash (B ) Faculty of Mathematics Sciences and Computer, Kharazmi University, Tehran, Iran e-mail: sabzinejad@khu.ac.ir; sabzinejad@tmu.ac.ir; m.sabzinejad@gmail.com M. A. Attari Faculty of Electrical and Computer Engineering, K.N. Toosi University of Technology, Tehran, Iran 123