Impersonation attacks on a mobile security protocol for end-to-end communications

Reiner Dojen, Vladimir Pasca, Tom Coffey

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

Abstract

This paper presents an analysis of a cryptographic security protocol that is designed for use in a mobile communication environment. The goal of the analysed protocol is to ensure secure end-to-end communication between two mobile users that are connected to different base stations. The analysis reveals a serious flaw in the used signature scheme of the security protocol. Exploitation of this flaw enables an intruder to use algebraic simplifications to forge signatures on arbitrary messages. Two attacks, which exploit this weakness, are detailed showing the impersonation of a mobile user and a base station, respectively. Corrections to the flawed protocol are proposed and analysed. It is established that the corrected protocol is secure against the presented attacks.

Original languageEnglish
Title of host publicationSecurity and Privacy in Mobile Information and Communication Systems - First International ICST Conference, MobiSec 2009, Revised Selected Papers
Pages278-287
Number of pages10
DOIs
Publication statusPublished - 2009
Event1st International ICST Conference on Security and Privacy in Mobile Information and Communication Systems, MobiSec 2009 - Turin, Italy
Duration: 3 Jun 20095 Jun 2009

Publication series

NameLecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering
Volume17 LNICST
ISSN (Print)1867-8211

Conference

Conference1st International ICST Conference on Security and Privacy in Mobile Information and Communication Systems, MobiSec 2009
Country/TerritoryItaly
CityTurin
Period3/06/095/06/09

Keywords

  • Analysis of security protocols
  • Authentication and secrecy protocol
  • Impersonation attack
  • Mobile end-to-end communication

Fingerprint

Dive into the research topics of 'Impersonation attacks on a mobile security protocol for end-to-end communications'. Together they form a unique fingerprint.

Cite this