Skip to main content
SpringerLink
Log in
Book cover

International Conference on Computational Science and Its Applications

ICCSA 2009: Computational Science and Its Applications – ICCSA 2009 pp 204–211Cite as

Security Weakness in a Provable Secure Authentication Protocol Given Forward Secure Session Key

  • Conference paper

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 5593))

Abstract

Shi, Jang and Yoo recently proposed a provable secure key distribution and authentication protocol between user, service provider and key distribution center(KDC). The protocol was based on symmetric cryptosystem, challenge-response, Diffie-Hellman component and hash function. Despite the claim of provable security, the protocol is in fact insecure in the presence of an active adversary. In this paper, we present the imperfection of Shi et al.’s protocol and suggest modifications to the protocol which would resolve the problem.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   84.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Smith, J., Weingarten, F.: Report from the Workshop on Research Directions for NGI. Research challenges for the next generation internet (2007)

    Google Scholar 

  2. Mitchell, C.: Security for Mobility. IEE press (2004)

    Google Scholar 

  3. Kohl, J., Neuman, C.: The Kerberos network authentication service(v5). Internet Request for Comments 1510 (1993)

    Google Scholar 

  4. Bellovin, S., Merritt, M.: Limitations of the Kerboros authentication system. ACM communications review 20, 119–132 (1990)

    Article  Google Scholar 

  5. Neuman, B.C., Ts’o, T.: An authentication service for computer networks. IEEE communications 32, 33–38 (1994)

    Article  Google Scholar 

  6. Kao, I., Chow, R.: An efficient and secure authentication protocol using uncertified keys. ACM Operating Systems Review 29, 14–21 (1995)

    Article  Google Scholar 

  7. Ganesan, R.: Yaksha: augmenting Kerberos with public key cryptography. In: Proceedings of symposium on Network and Distributed System Security(SNDSS 1995), pp. 132–143. IEEE Computer Society, Los Alamitos (1995)

    Chapter  Google Scholar 

  8. Fox, A., Gribble, S.: Security on the movie: indirect authentication using Kerberos. In: Proceedings of the second annual International Conference on Mobile Computing and Networking, pp. 154–164. ACM press, New York (1996)

    Google Scholar 

  9. Sirbu, M., Chuang, J.: Distrbuted authentication in Kerberos using public key cryptography. In: Proceedings of the Symposium on Network and Distributed System Security, pp. 134–141. IEEE Computer Society, Los Alamitos (1997)

    Google Scholar 

  10. Shieh, S., Ho, F., Huang, Y.: An efficient authentication protocol for mobile networks. Journal of Information Science and Engineering 15, 505–520 (1999)

    Google Scholar 

  11. SamaraKoon, M., Honary, B.: Novel authentication and key agreement protocol for low processing power and systems resource requirements in portable communications systems. IEE Colloquium on novel DSP Algorithms and Architectures for Radio Systems, pp. 9/1–9/5 (1999)

    Google Scholar 

  12. Chien, H., Jan, J.: A hybrid authentication protocol for large mobile networks. Journal of Systems and software 67, 123–137 (2003)

    Article  Google Scholar 

  13. Yacobi, Y.: A key distribution paradox. In: Menezes, A., Vanstone, S.A. (eds.) CRYPTO 1990. LNCS, vol. 537, pp. 268–273. Springer, Heidelberg (1991)

    Google Scholar 

  14. Bellare, M., Rogaway, P.: Entity Authentication and key distribution. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 232–249. Springer, Heidelberg (1994)

    Chapter  Google Scholar 

  15. Nyberg, K., Rueppel, R.: Weaknesses in some recent key agreement protocols. Electronics Letters 30, 26–27 (1994)

    Article  Google Scholar 

  16. Tang, Q., Mitchell, C.: Cryptanalysis of a hybrid authentication protocol for large mobile networks. The journal of systems and software 79, 496–501 (2006)

    Article  Google Scholar 

  17. Shi, W., Jang, I., Yoo, H.: A provable secure authentication protocol given forward secure session key. In: Zhang, Y., Yu, G., Bertino, E., Xu, G. (eds.) APWeb 2008. LNCS, vol. 4976, pp. 309–318. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  18. Hwang, R., Su, F.: A new efficient authentication protocol for mobile networks. Computer Standards & Interfaces 28, 241–252 (2005)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Electrical and Computer Engineering, Sungkyunkwan University, 300 Cheoncheon-dong, Jangan-gu, Suwon-si, Gyeonggi-do, 440-746, Korea

    Mijin Kim, Heasuk Jo, Seungjoo Kim & Dongho Won

Authors
  1. Mijin Kim
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Heasuk Jo
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Seungjoo Kim
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Dongho Won
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Mathematics and Computer Science, University of Perugia, Via Vanvitelli, 1, 06123, Perugia, Italy

    Osvaldo Gervasi

  2. School of Business Systems, Clayton, Monash University, 3800, Victoria, Australia

    David Taniar

  3. L.I.S.U.T. - D.A.P.I.T., University of Basilicata, Viale dell’Ateneo Lucano 10, 85100, Potenza, Italy

    Beniamino Murgante

  4. Department of Chemistry, University of Perugia, Via Elce di Sotto, 8, 06123, Perugia, Italy

    Antonio Laganà

  5. School of Computing, Computer Communication Laboratory, SoongSil University, 1-1 Sang-do 5 Dong, Dong-jak Ku, 156-743, Seoul, Korea

    Youngsong Mun

  6. Department of Computer Science, University of Calgary, 2500 University Drive N.W., T2N 1N4, Calgary, AB, Canada

    Marina L. Gavrilova

Rights and permissions

Reprints and permissions

Copyright information

© 2009 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Kim, M., Jo, H., Kim, S., Won, D. (2009). Security Weakness in a Provable Secure Authentication Protocol Given Forward Secure Session Key. In: Gervasi, O., Taniar, D., Murgante, B., Laganà, A., Mun, Y., Gavrilova, M.L. (eds) Computational Science and Its Applications – ICCSA 2009. ICCSA 2009. Lecture Notes in Computer Science, vol 5593. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-02457-3_18

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-02457-3_18

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-02456-6

  • Online ISBN: 978-3-642-02457-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation