security.pdf (179.11 kB)
Security limitations of an authorized anonymous ID-based scheme for mobile communication
journal contribution
posted on 2009-12-16, 11:28 authored by Raphael C.-W. PhanIn this article we discuss the security limitations of a recently proposed authorized anonymous ID-based scheme for mobile communications due to He et al. We present three example attacks an attacker could mount on the scheme, point out the weaknesses we exploited, and suggest how to counter them. Our attacks are variants of the replay attack to which any security scheme should be resistant. Such attacks are easy to mount since they simply require replaying previous valid messages, and are often passive attacks and thus hard to detect. Therefore, our results are devastating since they show that the scheme has failed to achieve its main objective of establishing mutual authentication between legitimate parties.
History
School
- Mechanical, Electrical and Manufacturing Engineering
Citation
PHAN, R.C.-W., 2005. Security limitations of an authorized anonymous ID-based scheme for mobile communication. in: IEEE Communications Magazine, 43(5), pp.149 - 153Publisher
© IEEEVersion
- VoR (Version of Record)
Publication date
2005Notes
This journal article is published in IEEE Communications Magazine[© IEEE]. It is also available at: http://ieeexplore.ieee.org/ Personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution to servers or lists, or to reuse any copyrighted component of this work in other works must be obtained from the IEEE.ISSN
0163-6804Language
- en