Security Analysis of a Delegation-Based Authentication Protocol for Wireless Roaming Service
Portable devices are widely used in our daily life. A delegation-based authentication is used for providing security and privacy for portable communication systems. In the current work, we are concerned with the security for a delegation-based authenticat
- PDF / 239,498 Bytes
- 6 Pages / 439.363 x 666.131 pts Page_size
- 74 Downloads / 204 Views
llege of Information and Communication Engineering Sungkyunkwan University, Korea {mjkim,dhwon}@security.re.kr 2 Department of Computer Education Teachers College Jeju National University, Korea [email protected]
Abstract. Portable devices are widely used in our daily life. A delegation-based authentication is used for providing security and privacy for portable communication systems. In the current work, we are concerned with the security for a delegation-based authentication protocol. Firstly, we disclose vulnerability of Tsai et al.'s delegation-based authentication protocol for portable communication systems, then present a feasible solution that eliminates the potential threat to ensure the authenticity, integrity, and confidentiality of involved communications. Keywords: Portable communication system, proxy signature, wireless roaming service, mobile authentication, known key security.
1
Introduction
Secure communication systems among network enabled devices are of significant concern in mobile access. This is often achieved by having the parties run an authentication protocol for generating a mutual and secret session key. The wireless roaming service allows a Visitor Location Register (VLR) to authenticate a visiting Mobile Station (MS), with the help of its Home Location Register (HLR). Mobile authentication among three parties may include sophisticated attacks, and is easily susceptible to masquerading [1, 2]. A secure communication system should provide secrecy, authenticity, integrity, and nonrepudiation features. If the system performance is not a main concern, RSA would be appropriate; otherwise, one needs to consider different alternatives. In 2005, Lee-Yeh introduced the concept of delegation to achieve security services with reduced cost in the wireless communication environment [3]. Delegation based protocol (We term this DBA protocol in short) is inspired by the proxy *
This research was supported by the MSIP (Ministry of Science, ICT&Future Planning), Korea, under the C-ITRC (Convergence Information Technology Research Center) support program (NIPA-2013-H0301-13-3007) supervised by the NIPA(National IT Industry Promotion Agency). ∗∗ Corresponding author. James J. (Jong Hyuk) Park et al. (eds.), Multimedia and Ubiquitous Engineering, Lecture Notes in Electrical Engineering 308, DOI: 10.1007/978-3-642-54900-7_63, © Springer-Verlag Berlin Heidelberg 2014
445
446
M. Kim, N. Park, and D. Won
signature, which is the delegation of the power to sign messages [4, 5]. The proxy signature is an authorized signature technique. The assistant is authorized to sign the document when the manager is away, but the staff can still use the manager's public key to verify the document. The manager cannot deny the signature if a dispute arises. Public key based system can benefit by the nonrepudiation feature of the public key cryptosystem. Each MS gets a different pair key (σ , K ) from HLR in registration phase. The key implies the authorization from HLR. This authorization makes VLR transfer his trust
Data Loading...
