Abstract

In two recent papers, Zuowen Tan (Secu- rity and Communication Networks) and Chih-ho Chou et al. (Computers and Electronics) published three party key agreement protocols especially convenient for protecting communications in mobile-centric environ- ments such as e-payments, vehicular mobile networks (VMN), RFID applications, etc. For his protocol, Tan provides a formal security proof developed in a model of distributed computing based on the seminal work of Bellare and Rogaway. In this paper, we show that both protocols are vulnerable to KCI attacks. We suggest modifications to both protocols that fix the vulnerability at the expense of a small decrease in their computational efficiency.

Highlights

  • We describe successful Key Compromise Impersonation (KCI) attacks against the aforementioned protocols and suggest modifications to fix the vulnerabilities at the expense of a small decrease in their computational efficiency

  • We review Tan’s three-party key agreement protocol and describe how a successful KCI attack can be conducted by an adversary that has compromised the private keying material of an honest party

  • We have shown that the three party key agreement protocols recently published in the literature by Tan [2] and Chou et al [5] are not resilient to KCI attacks their authors claim the contrary

Read more

Summary

Introduction

We review Tan’s three-party key agreement protocol and describe how a successful KCI attack can be conducted by an adversary that has compromised the private keying material of an honest party. Tan [2] and Chou et al [5] present three party key agreement protocols especially convenient for protecting communications in mobilecentric environments such as e-payments, vehicular mobile networks (VMN), RFID applications, etc For his protocol, Tan provides a formal security proof in a model of distributed computing based on the work of Bellare and Rogaway [6, 20] and Abdalla et al [1]. Tan provides a formal security proof in a model of distributed computing based on the work of Bellare and Rogaway [6, 20] and Abdalla et al [1] Both protocols are vulnerable to a particular man-in-the-middle attack known as Key Compromise Impersonation (KCI) [12, 15]. This is a subtle attack that can have drastic consequences since the adversary may obtain personal information from A such as secret keying

Review of the protocol specification
Description of the KCI attack scenario
A KCI-resilient version of Tan’s protocol
Concluding remarks

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Similar Papers

Paper Title
Journal
Date
Author
Coupling Activity and Performance Management with Mobility in Vehicular Networks
Miguel Almeida ... Susana Sargento
-
Miguel Almeida, et. al.Miguel Almeida ... Susana Sargento
11 Apr 2011
Connectivity Improvement of Hybrid Millimeter Wave and Microwave Vehicular Networks
Deepak Saluja ... Suman Kumar
IEEE Transactions on Intelligent Transportation Systems | VOL. 24
Deepak Saluja, et. al.Deepak Saluja ... Suman Kumar
01 Feb 2023
Extending the existing PMIPV6 model for nemo smart
Swatantra Porwal ... Jyoti Gajrani
-
Swatantra Porwal, et. al.Swatantra Porwal ... Jyoti Gajrani
01 Aug 2017
Artificial Intelligence based Edge Caching in Vehicular Mobile Networks: Architecture, Opportunities, and Research Issues
Kai-Min Liao ... Guan-Yi Chen
-
Kai-Min Liao, et. al.Kai-Min Liao ... Guan-Yi Chen
01 Sep 2019
View more papers

More From: World Journal of Computer Application and Technology

Paper Title
Journal
Date
Author
Small Signal Stability Analysis of Detailed DC Grids Network Model
Aleisawee M Alsseid ... Abdulrahman A A Emhemed
World Journal of Computer Application and Technology | VOL. 6
Aleisawee M Alsseid, et. al.Aleisawee M Alsseid ... Abdulrahman A A Emhemed
01 May 2018
Validation of Extended Theory of Reasoned Action to Predict Mobile Phone Money Usage
Odoyo Collins Otieno ... Samuel Liyala
World Journal of Computer Application and Technology | VOL. 6
Odoyo Collins Otieno, et. al.Odoyo Collins Otieno ... Samuel Liyala
01 Feb 2018
Mobile Money Users' Functionings and Freedoms: Amartya Sen's Capability Approach
Odoyo Collins Otieno ... Samuel Liyala
World Journal of Computer Application and Technology | VOL. 6
Odoyo Collins Otieno, et. al.Odoyo Collins Otieno ... Samuel Liyala
01 Feb 2018
Quality Assessment from Grayscale to Color Images
Mohammed A Hassan ... Mazen S Bashraheel
World Journal of Computer Application and Technology | VOL. 5
Mohammed A Hassan, et. al.Mohammed A Hassan ... Mazen S Bashraheel
01 Dec 2017
View more papers

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.