Deposit-case attack against secure roaming

A secure roaming protocol involves three parties: a roaming user, a visiting foreign server and the user’s home server. The protocol allows the user and the foreign server to establish a session key and carry out mutual authentication with the help of the home server. In the mutual authentication, u...

Full description

Saved in:
Bibliographic Details
Main Authors: YANG, Guomin, WONG, Duncan S., DENG, Xiaotie
Format: text
Language:English
Published: Institutional Knowledge at Singapore Management University 2005
Subjects:
Online Access:https://ink.library.smu.edu.sg/sis_research/7440
https://ink.library.smu.edu.sg/context/sis_research/article/8443/viewcontent/Deposit_case_attack_against_secure_roaming.pdf
Tags: Add Tag
No Tags, Be the first to tag this record!
Institution: Singapore Management University
Language: English
id sg-smu-ink.sis_research-8443
record_format dspace
spelling sg-smu-ink.sis_research-84432023-08-21T06:16:59Z Deposit-case attack against secure roaming YANG, Guomin WONG, Duncan S. DENG, Xiaotie A secure roaming protocol involves three parties: a roaming user, a visiting foreign server and the user’s home server. The protocol allows the user and the foreign server to establish a session key and carry out mutual authentication with the help of the home server. In the mutual authentication, user authentication is generally done in two steps. First, the user claims that a particular server is his home server. Second, that particular server is called in by the foreign server for providing a ‘credential’ which testifies the user’s claim. We present a new attacking technique which allows a malicious server to modify the user’s claim in the first step without being detected and provide a fake credential to the foreign server in the second step in such a way that the foreign server believes that the malicious server is the user’s home server. We give some examples to explain why it is undesirable in practice if a roaming protocol is vulnerable to this attack. We also show that there are three roaming protocols proposed previously which are vulnerable to this attack. 2005-07-01T07:00:00Z text application/pdf https://ink.library.smu.edu.sg/sis_research/7440 info:doi/10.1007/11506157_35 https://ink.library.smu.edu.sg/context/sis_research/article/8443/viewcontent/Deposit_case_attack_against_secure_roaming.pdf http://creativecommons.org/licenses/by-nc-nd/4.0/ Research Collection School Of Computing and Information Systems eng Institutional Knowledge at Singapore Management University Protocol Security Analysis Authenticated Key Exchange Roaming Information Security
institution Singapore Management University
building SMU Libraries
continent Asia
country Singapore
Singapore
content_provider SMU Libraries
collection InK@SMU
language English
topic Protocol Security Analysis
Authenticated Key Exchange
Roaming
Information Security
spellingShingle Protocol Security Analysis
Authenticated Key Exchange
Roaming
Information Security
YANG, Guomin
WONG, Duncan S.
DENG, Xiaotie
Deposit-case attack against secure roaming
description A secure roaming protocol involves three parties: a roaming user, a visiting foreign server and the user’s home server. The protocol allows the user and the foreign server to establish a session key and carry out mutual authentication with the help of the home server. In the mutual authentication, user authentication is generally done in two steps. First, the user claims that a particular server is his home server. Second, that particular server is called in by the foreign server for providing a ‘credential’ which testifies the user’s claim. We present a new attacking technique which allows a malicious server to modify the user’s claim in the first step without being detected and provide a fake credential to the foreign server in the second step in such a way that the foreign server believes that the malicious server is the user’s home server. We give some examples to explain why it is undesirable in practice if a roaming protocol is vulnerable to this attack. We also show that there are three roaming protocols proposed previously which are vulnerable to this attack.
format text
author YANG, Guomin
WONG, Duncan S.
DENG, Xiaotie
author_facet YANG, Guomin
WONG, Duncan S.
DENG, Xiaotie
author_sort YANG, Guomin
title Deposit-case attack against secure roaming
title_short Deposit-case attack against secure roaming
title_full Deposit-case attack against secure roaming
title_fullStr Deposit-case attack against secure roaming
title_full_unstemmed Deposit-case attack against secure roaming
title_sort deposit-case attack against secure roaming
publisher Institutional Knowledge at Singapore Management University
publishDate 2005
url https://ink.library.smu.edu.sg/sis_research/7440
https://ink.library.smu.edu.sg/context/sis_research/article/8443/viewcontent/Deposit_case_attack_against_secure_roaming.pdf
_version_ 1779156899919298560