Security limitations of an authorized anonymous ID-based scheme for mobile communication
journal contributionposted on 16.12.2009, 11:28 by Raphael C.-W. Phan
In this article we discuss the security limitations of a recently proposed authorized anonymous ID-based scheme for mobile communications due to He et al. We present three example attacks an attacker could mount on the scheme, point out the weaknesses we exploited, and suggest how to counter them. Our attacks are variants of the replay attack to which any security scheme should be resistant. Such attacks are easy to mount since they simply require replaying previous valid messages, and are often passive attacks and thus hard to detect. Therefore, our results are devastating since they show that the scheme has failed to achieve its main objective of establishing mutual authentication between legitimate parties.
- Mechanical, Electrical and Manufacturing Engineering