A new delegation-based authentication protocol was proposed by Lee and Yeh in 2005, claiming that they have provided users with Portable Communication Systems (PCS), which are anonymity and non-repudiation. However, they have also pointed out that their protocol has a weakness in off-line authentication processes. That is, a malicious who visits location register ( VLR ) can masquerade another mobile user to login to home location register ( HLR ). To solve this weakness, Lee et al. later on proposed an improved protocol, which slightly modified the original one Unfortunately, we found out that Lee et al.’s protocol still cannot achieve user anonymity and does not provide perfect forward secrecy. In this paper, we first utilize Lee et al.’s protocol to demonstrate that Lee-Yeh’s protocol has an instinctive design flaw. Furthermore, we propose a modification to improve Lee et al.’s protocol to overcome these weaknesses. DOI: http://dx.doi.org/10.5755/j01.itc.41.3.857
Read full abstract