Cryptanalysis of authentication and key establishment protocol in Mobile Edge Computing Environment

Recently, in the area of Mobile Edge Computing (MEC) applications, Wu et al. proposed an authentication and key establishment scheme and claimed their protocol is secure. Nevertheless, cryptanalysis shows the scheme fails to provide robustness against key computation attack, mobile user impersonation attack and traceability attack. Vulnerabilities in their scheme lead to the exposure of mobile users' long term secret to mobile edge server provided both parties complete a successful session. This enables any malicious edge servers, who had communicated with the user earlier, to compute current session keys between the user and other legitimate servers. Also, since long term secret is exposed, such malicious servers can impersonate the user. We present a cryptanalysis of the scheme.