Abstract
In 2010, Fan et al. proposed a Smart Card-Based Authenticated Key Exchange protocol with CAPTCHAs for wireless mobile networks. In this paper, it is shown that their proposed protocol is vulnerable to Key Compromise Impersonation (KCI) and ephemeral key compromise impersonation attacks while it does not provide the key confirmation attribute. Furthermore, it is inefficient due to number redundancy of rounds and computational costs. To overcome these weaknesses, two secure and efficient smart card-based Authenticated Key Exchange (AKE) protocols combined with CAPTCHAs are proposed for wireless mobile networks that provide many security attributes while they have a remarkable efficiency when compared with Fan et al.'s protocol in the terms of communication costs and computational complexities.