Title :
Security limitations of an authorized anonymous ID-based scheme for mobile communication
Author :
Phan, Raphael C W
Author_Institution :
Swinburne Univ. of Technol., Hawthorn, Vic., Australia
fDate :
5/1/2005 12:00:00 AM
Abstract :
In this article we discuss the security limitations of a recently proposed authorized anonymous ID-based scheme for mobile communications due to He et al. We present three example attacks an attacker could mount on the scheme, point out the weaknesses we exploited, and suggest how to counter them. Our attacks are variants of the replay attack to which any security scheme should be resistant. Such attacks are easy to mount since they simply require replaying previous valid messages, and are often passive attacks and thus hard to detect. Therefore, our results are devastating since they show that the scheme has failed to achieve its main objective of establishing mutual authentication between legitimate parties.
Keywords :
authorisation; mobile communication; telecommunication security; authorized anonymous ID-based scheme; mobile communication; security scheme; Authentication; Computer crime; Helium; Identity-based encryption; Intrusion detection; Mobile communication; Privacy; Public key; Public key cryptography; Security;
Journal_Title :
Communications Magazine, IEEE
DOI :
10.1109/MCOM.2005.1453437
