Deposit-case attack against secure roaming

Research output: Journal Publications and Reviews (RGC: 21, 22, 62)21_Publication in refereed journalpeer-review

8 Scopus Citations
View graph of relations

Author(s)

  • Guomin Yang
  • Duncan S. Wong
  • Xiaotie Deng

Related Research Unit(s)

Detail(s)

Original languageEnglish
Pages (from-to)417-428
Journal / PublicationLecture Notes in Computer Science
Volume3574
Publication statusPublished - 2005

Conference

Title10th Australasian Conference on Information Security and Privacy, ACISP 2005
PlaceAustralia
CityBrisbane
Period4 - 6 July 2005

Abstract

A secure roaming protocol involves three parties: a roaming user, a visiting foreign server and the user's home server. The protocol allows the user and the foreign server to establish a session key and carry out mutual authentication with the help of the home server. In the mutual authentication, user authentication is generally done in two steps. First, the user claims that a particular server is his home server. Second, that particular server is called in by the foreign server for providing a 'credential' which testifies the user's claim. We present a new attacking technique which allows a malicious server to modify the user's claim in the first step without being detected and provide a fake credential to the foreign server in the second step in such a way that the foreign server believes that the malicious server is the user's home server. We give some examples to explain why it is undesirable in practice if a roaming protocol is vulnerable to this attack. We also show that there are three roaming protocols proposed previously which are vulnerable to this attack. © Springer-Verlag Berlin Heidelberg 2005.

Research Area(s)

  • Authenticated Key Exchange, Protocol Security Analysis, Roaming

Citation Format(s)

Deposit-case attack against secure roaming. / Yang, Guomin; Wong, Duncan S.; Deng, Xiaotie.

In: Lecture Notes in Computer Science, Vol. 3574, 2005, p. 417-428.

Research output: Journal Publications and Reviews (RGC: 21, 22, 62)21_Publication in refereed journalpeer-review