Impersonation Attacks on a Mobile Security Protocol for End-to-End Communications

Dojen, Reiner; Pasca, Vladimir; Coffey, Tom

doi:10.1007/978-3-642-04434-2_24

Reiner Dojen¹⁷,
Vladimir Pasca¹⁷ &
Tom Coffey¹⁷

Part of the book series: Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering ((LNICST,volume 17))

Included in the following conference series:

International Conference on Security and Privacy in Mobile Information and Communication Systems

643 Accesses
2 Citations

Abstract

This paper presents an analysis of a cryptographic security protocol that is designed for use in a mobile communication environment. The goal of the analysed protocol is to ensure secure end-to-end communication between two mobile users that are connected to different base stations. The analysis reveals a serious flaw in the used signature scheme of the security protocol. Exploitation of this flaw enables an intruder to use algebraic simplifications to forge signatures on arbitrary messages. Two attacks, which exploit this weakness, are detailed showing the impersonation of a mobile user and a base station, respectively. Corrections to the flawed protocol are proposed and analysed. It is established that the corrected protocol is secure against the presented attacks.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 39.99; Price excludes VAT (USA)

Softcover Book: USD 54.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

References

Ventuneac, M., Dojen, R., Coffey, T.: Automated Verification of Wireless Security Protocols using Layered Proving Trees. WSEAS Transactions on Communications 5(2), 252–258 (2006)
Google Scholar
Dojen, R., Zhang, F., Coffey, T.: On the Formal Verification of a Cluster Based Key Management Protocol for Wireless Sensor Networks. In: 27th IEEE International Performance Computing and Communications Conference – Workshop of Information and Data Assurance, pp. 499–506 (2008)
Google Scholar
Dojen, R., Lasc, I., Coffey, T.: Establishing and Fixing a Freshness Flaw in a Key-Distribution and Authentication Protocol. In: IEEE International Conference on Intelligent Computer Communication and Processing, pp. 185–192 (2008)
Google Scholar
Hwang, R.J., Su, F.F.: A new efficient authentication protocol for Mobile networks. Computer Standards & Interfaces 28(2), 241–252 (2005)
Article MathSciNet Google Scholar
Chien, H., Jan, J.: A hybrid authentication protocol for large mobile network. Journal of System Software 67(2), 123–130 (2003)
Article Google Scholar
Lee, C.C., Yang, C.C., Hwang, M.S.: A new privacy and authentication protocol for end-to-end mobile users. International Journal of Communication Systems 16(9), 799–808 (2003)
Article Google Scholar
Chang, C., Chen, K., Hwang, M.: End-to-End Security Protocol for Mobile Communications with End-User Identification/Authentication. Wireless Personal Communications: An International Journal 28(2), 95–106 (2004)
Article Google Scholar
Park, M., Okazaki, N., Baba, Y.: A New User Authentication Protocol for Mobile Terminals in Wireless Network. In: 7th International Conference on Mobile Data Management (MDM 2006), p. 94 (2006)
Google Scholar
Yi, X., Lam, K.Y.: Hash function based on block cipher. IEE Electronics Letters 33(23), 1938–1940 (1997)
Article MATH Google Scholar
Diffie, W., Hellman, M.E.: New Directions in Cryptography. IEEE Transactions on Information Theory, IT 22(6), 644–654 (1976)
Article MathSciNet MATH Google Scholar
Chang, C.C., Lee, J.S.: Improvement on an Optimized Protocol for Mobile Network Authentication and Security. In: Hao, Y., Liu, J., Wang, Y.-P., Cheung, Y.-m., Yin, H., Jiao, L., Ma, J., Jiao, Y.-C. (eds.) CIS 2005. LNCS (LNAI), vol. 3802, pp. 538–541. Springer, Heidelberg (2005)
Chapter Google Scholar
Elgamal, T.: A public key cryptosystem and a signature scheme based on discrete logarithms. IEEE Transactions on Information Theory 31(4), 469–472 (1985)
Article MathSciNet MATH Google Scholar

Download references

Author information

Authors and Affiliations

Data Communications Security Laboratory, Department of Electronic & Computer Engineering, University of Limerick, Limerick, Ireland
Reiner Dojen, Vladimir Pasca & Tom Coffey

Authors

Reiner Dojen
View author publications
You can also search for this author in PubMed Google Scholar
Vladimir Pasca
View author publications
You can also search for this author in PubMed Google Scholar
Tom Coffey
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

novalyst IT AG, Robert-Bosch Str. 38, 61184, Karben, Germany
Andreas U. Schmidt
France Telecom R&D, Haidian District, 10F, South Twr., Raycom Infotech, Park C, 2 Science Institute South Rd.,, 100080, Beijing, China
Shiguo Lian

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Dojen, R., Pasca, V., Coffey, T. (2009). Impersonation Attacks on a Mobile Security Protocol for End-to-End Communications. In: Schmidt, A.U., Lian, S. (eds) Security and Privacy in Mobile Information and Communication Systems. MobiSec 2009. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 17. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-04434-2_24

Download citation

DOI: https://doi.org/10.1007/978-3-642-04434-2_24
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-04433-5
Online ISBN: 978-3-642-04434-2
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics