Abstract
This paper presents an analysis of a cryptographic security protocol that is designed for use in a mobile communication environment. The goal of the analysed protocol is to ensure secure end-to-end communication between two mobile users that are connected to different base stations. The analysis reveals a serious flaw in the used signature scheme of the security protocol. Exploitation of this flaw enables an intruder to use algebraic simplifications to forge signatures on arbitrary messages. Two attacks, which exploit this weakness, are detailed showing the impersonation of a mobile user and a base station, respectively. Corrections to the flawed protocol are proposed and analysed. It is established that the corrected protocol is secure against the presented attacks.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Ventuneac, M., Dojen, R., Coffey, T.: Automated Verification of Wireless Security Protocols using Layered Proving Trees. WSEAS Transactions on Communications 5(2), 252–258 (2006)
Dojen, R., Zhang, F., Coffey, T.: On the Formal Verification of a Cluster Based Key Management Protocol for Wireless Sensor Networks. In: 27th IEEE International Performance Computing and Communications Conference – Workshop of Information and Data Assurance, pp. 499–506 (2008)
Dojen, R., Lasc, I., Coffey, T.: Establishing and Fixing a Freshness Flaw in a Key-Distribution and Authentication Protocol. In: IEEE International Conference on Intelligent Computer Communication and Processing, pp. 185–192 (2008)
Hwang, R.J., Su, F.F.: A new efficient authentication protocol for Mobile networks. Computer Standards & Interfaces 28(2), 241–252 (2005)
Chien, H., Jan, J.: A hybrid authentication protocol for large mobile network. Journal of System Software 67(2), 123–130 (2003)
Lee, C.C., Yang, C.C., Hwang, M.S.: A new privacy and authentication protocol for end-to-end mobile users. International Journal of Communication Systems 16(9), 799–808 (2003)
Chang, C., Chen, K., Hwang, M.: End-to-End Security Protocol for Mobile Communications with End-User Identification/Authentication. Wireless Personal Communications: An International Journal 28(2), 95–106 (2004)
Park, M., Okazaki, N., Baba, Y.: A New User Authentication Protocol for Mobile Terminals in Wireless Network. In: 7th International Conference on Mobile Data Management (MDM 2006), p. 94 (2006)
Yi, X., Lam, K.Y.: Hash function based on block cipher. IEE Electronics Letters 33(23), 1938–1940 (1997)
Diffie, W., Hellman, M.E.: New Directions in Cryptography. IEEE Transactions on Information Theory, IT 22(6), 644–654 (1976)
Chang, C.C., Lee, J.S.: Improvement on an Optimized Protocol for Mobile Network Authentication and Security. In: Hao, Y., Liu, J., Wang, Y.-P., Cheung, Y.-m., Yin, H., Jiao, L., Ma, J., Jiao, Y.-C. (eds.) CIS 2005. LNCS (LNAI), vol. 3802, pp. 538–541. Springer, Heidelberg (2005)
Elgamal, T.: A public key cryptosystem and a signature scheme based on discrete logarithms. IEEE Transactions on Information Theory 31(4), 469–472 (1985)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 ICST Institute for Computer Science, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Dojen, R., Pasca, V., Coffey, T. (2009). Impersonation Attacks on a Mobile Security Protocol for End-to-End Communications. In: Schmidt, A.U., Lian, S. (eds) Security and Privacy in Mobile Information and Communication Systems. MobiSec 2009. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 17. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-04434-2_24
Download citation
DOI: https://doi.org/10.1007/978-3-642-04434-2_24
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-04433-5
Online ISBN: 978-3-642-04434-2
eBook Packages: Computer ScienceComputer Science (R0)