Security and Privacy in Mobile Information and Communication Systems. First International ICST Conference, MobiSec 2009, Turin, Italy, June 3-5, 2009, Revised Selected Papers

Research Article

Impersonation Attacks on a Mobile Security Protocol for End-to-End Communications

Download
431 downloads
  • @INPROCEEDINGS{10.1007/978-3-642-04434-2_24,
        author={Reiner Dojen and Vladimir Pasca and Tom Coffey},
        title={Impersonation Attacks on a Mobile Security Protocol for End-to-End Communications},
        proceedings={Security and Privacy in Mobile Information and Communication Systems. First International ICST Conference, MobiSec 2009, Turin, Italy, June 3-5, 2009, Revised Selected Papers},
        proceedings_a={MOBISEC},
        year={2012},
        month={5},
        keywords={Mobile end-to-end communication analysis of security protocols impersonation attack authentication and secrecy protocol},
        doi={10.1007/978-3-642-04434-2_24}
    }
    
  • Reiner Dojen
    Vladimir Pasca
    Tom Coffey
    Year: 2012
    Impersonation Attacks on a Mobile Security Protocol for End-to-End Communications
    MOBISEC
    Springer
    DOI: 10.1007/978-3-642-04434-2_24
Reiner Dojen1,*, Vladimir Pasca1,*, Tom Coffey1,*
  • 1: University of Limerick
*Contact email: reiner.dojen@ul.ie, vladimir.pasca@ul.ie, tom.coffey@ul.ie

Abstract

This paper presents an analysis of a cryptographic security protocol that is designed for use in a mobile communication environment. The goal of the analysed protocol is to ensure secure end-to-end communication between two mobile users that are connected to different base stations. The analysis reveals a serious flaw in the used signature scheme of the security protocol. Exploitation of this flaw enables an intruder to use algebraic simplifications to forge signatures on arbitrary messages. Two attacks, which exploit this weakness, are detailed showing the impersonation of a mobile user and a base station, respectively. Corrections to the flawed protocol are proposed and analysed. It is established that the corrected protocol is secure against the presented attacks.