Publication Type
Conference Proceeding Article
Version
publishedVersion
Publication Date
7-2005
Abstract
A secure roaming protocol involves three parties: a roaming user, a visiting foreign server and the user’s home server. The protocol allows the user and the foreign server to establish a session key and carry out mutual authentication with the help of the home server. In the mutual authentication, user authentication is generally done in two steps. First, the user claims that a particular server is his home server. Second, that particular server is called in by the foreign server for providing a ‘credential’ which testifies the user’s claim. We present a new attacking technique which allows a malicious server to modify the user’s claim in the first step without being detected and provide a fake credential to the foreign server in the second step in such a way that the foreign server believes that the malicious server is the user’s home server. We give some examples to explain why it is undesirable in practice if a roaming protocol is vulnerable to this attack. We also show that there are three roaming protocols proposed previously which are vulnerable to this attack.
Keywords
Protocol Security Analysis, Authenticated Key Exchange, Roaming
Discipline
Information Security
Research Areas
Information Systems and Management
Publication
Information Security and Privacy: 10th Australasian Conference, ACISP 2005, Brisbane, Australia, July 4-6: Proceedings
Volume
3574
First Page
417
Last Page
428
ISBN
9783540265474
Identifier
10.1007/11506157_35
Publisher
Springer
City or Country
Cham
Citation
YANG, Guomin; WONG, Duncan S.; and DENG, Xiaotie.
Deposit-case attack against secure roaming. (2005). Information Security and Privacy: 10th Australasian Conference, ACISP 2005, Brisbane, Australia, July 4-6: Proceedings. 3574, 417-428.
Available at: https://ink.library.smu.edu.sg/sis_research/7440
Creative Commons License
This work is licensed under a Creative Commons Attribution-NonCommercial-No Derivative Works 4.0 International License.
Additional URL
https://doi.org/10.1007/11506157_35