security.pdf (179.11 kB)
0/0

Security limitations of an authorized anonymous ID-based scheme for mobile communication

Download (179.11 kB)
journal contribution
posted on 16.12.2009 by Raphael C.-W. Phan
In this article we discuss the security limitations of a recently proposed authorized anonymous ID-based scheme for mobile communications due to He et al. We present three example attacks an attacker could mount on the scheme, point out the weaknesses we exploited, and suggest how to counter them. Our attacks are variants of the replay attack to which any security scheme should be resistant. Such attacks are easy to mount since they simply require replaying previous valid messages, and are often passive attacks and thus hard to detect. Therefore, our results are devastating since they show that the scheme has failed to achieve its main objective of establishing mutual authentication between legitimate parties.

History

School

  • Mechanical, Electrical and Manufacturing Engineering

Citation

PHAN, R.C.-W., 2005. Security limitations of an authorized anonymous ID-based scheme for mobile communication. in: IEEE Communications Magazine, 43(5), pp.149 - 153

Publisher

© IEEE

Version

VoR (Version of Record)

Publication date

2005

Notes

This journal article is published in IEEE Communications Magazine[© IEEE]. It is also available at: http://ieeexplore.ieee.org/ Personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution to servers or lists, or to reuse any copyrighted component of this work in other works must be obtained from the IEEE.

ISSN

0163-6804

Language

en

Exports

Logo branding

Keyword(s)

Exports