TY - GEN
T1 - Impersonation attacks on a mobile security protocol for end-to-end communications
AU - Dojen, Reiner
AU - Pasca, Vladimir
AU - Coffey, Tom
PY - 2009
Y1 - 2009
N2 - This paper presents an analysis of a cryptographic security protocol that is designed for use in a mobile communication environment. The goal of the analysed protocol is to ensure secure end-to-end communication between two mobile users that are connected to different base stations. The analysis reveals a serious flaw in the used signature scheme of the security protocol. Exploitation of this flaw enables an intruder to use algebraic simplifications to forge signatures on arbitrary messages. Two attacks, which exploit this weakness, are detailed showing the impersonation of a mobile user and a base station, respectively. Corrections to the flawed protocol are proposed and analysed. It is established that the corrected protocol is secure against the presented attacks.
AB - This paper presents an analysis of a cryptographic security protocol that is designed for use in a mobile communication environment. The goal of the analysed protocol is to ensure secure end-to-end communication between two mobile users that are connected to different base stations. The analysis reveals a serious flaw in the used signature scheme of the security protocol. Exploitation of this flaw enables an intruder to use algebraic simplifications to forge signatures on arbitrary messages. Two attacks, which exploit this weakness, are detailed showing the impersonation of a mobile user and a base station, respectively. Corrections to the flawed protocol are proposed and analysed. It is established that the corrected protocol is secure against the presented attacks.
KW - Analysis of security protocols
KW - Authentication and secrecy protocol
KW - Impersonation attack
KW - Mobile end-to-end communication
UR - http://www.scopus.com/inward/record.url?scp=84885893368&partnerID=8YFLogxK
U2 - 10.1007/978-3-642-04434-2_24
DO - 10.1007/978-3-642-04434-2_24
M3 - Conference contribution
AN - SCOPUS:84885893368
SN - 3642044336
SN - 9783642044335
T3 - Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering
SP - 278
EP - 287
BT - Security and Privacy in Mobile Information and Communication Systems - First International ICST Conference, MobiSec 2009, Revised Selected Papers
T2 - 1st International ICST Conference on Security and Privacy in Mobile Information and Communication Systems, MobiSec 2009
Y2 - 3 June 2009 through 5 June 2009
ER -