Abstract
Shi, Jang and Yoo recently proposed a provable secure key distribution and authentication protocol between user, service provider and key distribution center(KDC). The protocol was based on symmetric cryptosystem, challenge-response, Diffie-Hellman component and hash function. Despite the claim of provable security, the protocol is in fact insecure in the presence of an active adversary. In this paper, we present the imperfection of Shi et al.’s protocol and suggest modifications to the protocol which would resolve the problem.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Smith, J., Weingarten, F.: Report from the Workshop on Research Directions for NGI. Research challenges for the next generation internet (2007)
Mitchell, C.: Security for Mobility. IEE press (2004)
Kohl, J., Neuman, C.: The Kerberos network authentication service(v5). Internet Request for Comments 1510 (1993)
Bellovin, S., Merritt, M.: Limitations of the Kerboros authentication system. ACM communications review 20, 119–132 (1990)
Neuman, B.C., Ts’o, T.: An authentication service for computer networks. IEEE communications 32, 33–38 (1994)
Kao, I., Chow, R.: An efficient and secure authentication protocol using uncertified keys. ACM Operating Systems Review 29, 14–21 (1995)
Ganesan, R.: Yaksha: augmenting Kerberos with public key cryptography. In: Proceedings of symposium on Network and Distributed System Security(SNDSS 1995), pp. 132–143. IEEE Computer Society, Los Alamitos (1995)
Fox, A., Gribble, S.: Security on the movie: indirect authentication using Kerberos. In: Proceedings of the second annual International Conference on Mobile Computing and Networking, pp. 154–164. ACM press, New York (1996)
Sirbu, M., Chuang, J.: Distrbuted authentication in Kerberos using public key cryptography. In: Proceedings of the Symposium on Network and Distributed System Security, pp. 134–141. IEEE Computer Society, Los Alamitos (1997)
Shieh, S., Ho, F., Huang, Y.: An efficient authentication protocol for mobile networks. Journal of Information Science and Engineering 15, 505–520 (1999)
SamaraKoon, M., Honary, B.: Novel authentication and key agreement protocol for low processing power and systems resource requirements in portable communications systems. IEE Colloquium on novel DSP Algorithms and Architectures for Radio Systems, pp. 9/1–9/5 (1999)
Chien, H., Jan, J.: A hybrid authentication protocol for large mobile networks. Journal of Systems and software 67, 123–137 (2003)
Yacobi, Y.: A key distribution paradox. In: Menezes, A., Vanstone, S.A. (eds.) CRYPTO 1990. LNCS, vol. 537, pp. 268–273. Springer, Heidelberg (1991)
Bellare, M., Rogaway, P.: Entity Authentication and key distribution. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 232–249. Springer, Heidelberg (1994)
Nyberg, K., Rueppel, R.: Weaknesses in some recent key agreement protocols. Electronics Letters 30, 26–27 (1994)
Tang, Q., Mitchell, C.: Cryptanalysis of a hybrid authentication protocol for large mobile networks. The journal of systems and software 79, 496–501 (2006)
Shi, W., Jang, I., Yoo, H.: A provable secure authentication protocol given forward secure session key. In: Zhang, Y., Yu, G., Bertino, E., Xu, G. (eds.) APWeb 2008. LNCS, vol. 4976, pp. 309–318. Springer, Heidelberg (2008)
Hwang, R., Su, F.: A new efficient authentication protocol for mobile networks. Computer Standards & Interfaces 28, 241–252 (2005)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Kim, M., Jo, H., Kim, S., Won, D. (2009). Security Weakness in a Provable Secure Authentication Protocol Given Forward Secure Session Key. In: Gervasi, O., Taniar, D., Murgante, B., Laganà, A., Mun, Y., Gavrilova, M.L. (eds) Computational Science and Its Applications – ICCSA 2009. ICCSA 2009. Lecture Notes in Computer Science, vol 5593. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-02457-3_18
Download citation
DOI: https://doi.org/10.1007/978-3-642-02457-3_18
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-02456-6
Online ISBN: 978-3-642-02457-3
eBook Packages: Computer ScienceComputer Science (R0)