Research Article
Impersonation Attacks on a Mobile Security Protocol for End-to-End Communications
@INPROCEEDINGS{10.1007/978-3-642-04434-2_24, author={Reiner Dojen and Vladimir Pasca and Tom Coffey}, title={Impersonation Attacks on a Mobile Security Protocol for End-to-End Communications}, proceedings={Security and Privacy in Mobile Information and Communication Systems. First International ICST Conference, MobiSec 2009, Turin, Italy, June 3-5, 2009, Revised Selected Papers}, proceedings_a={MOBISEC}, year={2012}, month={5}, keywords={Mobile end-to-end communication analysis of security protocols impersonation attack authentication and secrecy protocol}, doi={10.1007/978-3-642-04434-2_24} }- Reiner Dojen
Vladimir Pasca
Tom Coffey
Year: 2012
Impersonation Attacks on a Mobile Security Protocol for End-to-End Communications
MOBISEC
Springer
DOI: 10.1007/978-3-642-04434-2_24
Abstract
This paper presents an analysis of a cryptographic security protocol that is designed for use in a mobile communication environment. The goal of the analysed protocol is to ensure secure end-to-end communication between two mobile users that are connected to different base stations. The analysis reveals a serious flaw in the used signature scheme of the security protocol. Exploitation of this flaw enables an intruder to use algebraic simplifications to forge signatures on arbitrary messages. Two attacks, which exploit this weakness, are detailed showing the impersonation of a mobile user and a base station, respectively. Corrections to the flawed protocol are proposed and analysed. It is established that the corrected protocol is secure against the presented attacks.